DSN codes in Exchange & SBS

http://support.microsoft.com/default.aspx?scid=kb;en-us;q284204

Riveting stuff.

Email delivery problems with Exchange 2003/2007, McAfee GroupShield 7.x and McAfee VirusScan Enterprise 8.x

We recently come across several instances of an issue where email delivery is delayed on an Exchange server - mail flow can sometimes be quick but is often slow and messages are delayed by minutes or hours. In a couple of instances this was traced back to the fact that these servers were all running McAfee GroupShield 7.x and McAfee VirusScan Enterprise 8.x. It seems that somehow (either via an update or the original installation) the exclusion path for Exchange seems to have a malformed path. To fix this, go to the VirusScan Console > On Access Scanner > All Processes > Detection > Exclusions. Highlight the mailroot path and edit it to remove the double backslash from the path. Also check that the other relevant exclusions from https://kc.mcafee.com/corporate/index?page=content&id=KB55595 are in place.

Microsoft PSS seem to recommend that you exclude the entire inetpub directory and all sub-directories from scanning.

SonicWALL support

I recently filled in a customer survey for SonicWALL. The form had a few multiple choice questions and some space to put in comments. I marked "unstatisfactory" or "very unsatisfactory" on pretty much all the questions. Here's what I put in the comment box:

"SonicWALL support has gone down the tubes. I have been calling support for about 5 years now and it has never been this bad in the past. Queues are endless, wait times stretch forever. When an "engineer" answers he is hard to communicate with (I am Indian and I still have trouble). Their knowledge is extremely basic. The time taken to understand a problem and find a resolution is much longer than I would like to see - and have seen in the past. SonicWALL used to provide great support. Clearly, that's all in the past. If you are going to offshore your support you need to take quality control very carefully - it should be your number 1 priority. As I mentioned - I'm Indian, so this is not the result of a bias of any kind. Look at Microsoft - they have multiple support centres in India - almost every single interaction I have with MS engineers makes me think "wow, these guys are good". Why not SonicWALL?"

I live in the hope that it'll actually help.

Fighting off spammers...

Spent most of the day a couple of days ago dealing with a reverse-NDR attack on one of our sites. It wasn't fun. As it turns out there doesn't seem to be a great way of dealing with this sort of thing apart from a couple of proprietary systems that "watermark" outgoing messages so that all inbound NDRs can be sanitised straight away.

Apart from that there was a some analysis to establish sources, eliminate possible configuration errors (yes, it's possible :-)), open relays, compromised passwords, a lot of looking at queues and cleansing them to get rid of the dirty NDRs.

At one point we had about 3 NDRs per second being generated to just one server run by a US-based anti-spam provider. That was only one of the dozens of queues building up on this server. The most visible effect of this entire issue was that the email server was consuming all available bandwidth - which is when the phone starts ringing here!