Geek Bleg
I should write about my technical problems here, rather than letting it languish, or at the new blog that is pending, but I get more readers here. Who knows, someone might have an idea. Thus the “bleg” in the subject. Help me Obi-Wan, you’re my only hope…
Once upon a time, the client had a Windows NT4 standalone server acting as proxy and internet gateway, and an NT4 BDC (backup domain controller) acting as mail server, with Exchange 5.5 on it.
When their ancient document server died, with some trepidation I moved the several gigabytes of documents to the proxy server because that had the space for them, and never did get around to buying a new server dedicated to the purpose.
When one of the drives in the SCSI RAID 5 array failed on their mail server, and it was not practical to find a matching drive to replace it, with Exchange starting to crowd the available space anyway, we bought a new server. It was about $900 cheaper to buy it with SATA (serial ATA) drives in a RAID 5 array, so we got that rather than SCSI. Then it turned out NT can’t be installed on it, so we got Windows 2000 Server and more than nullified the savings. Not to mention that I think SATA really must stand for Slow And Troublesome Always. At least in an array, which I noticed Dell no longer offered last time I priced servers there. The three whitebox workstations we recently got that have single SATA drives seem fine.
I migrated Exchange to the new server. As importantly, I migrated the documents to the same machine, which did speed up access to those, no matter how I might insult the server in question.
Since migrating Exchange there has been nothing but trouble. It killed OWA (Outlook Web Access) until I upped the timeout to three minutes; it takes that long to authenticate and connect to the new server. Which by its very nature cannot be a BDC, but I am assured ought to play on the NT network just fine. I blamed the OWA problem on authentication at first.
The meat of the problem centers on spam filtering. We use Sybari Antigen with Spam Manager. It is the most amazing thing, all but eliminating spam, as well as catching e-mail viruses and such reliably.
It installs on the mail server, where the Antigen part of it scans for viruses and forbidden attachments.
It also installs on the proxy server, where Spam Manager does the “internet scan” to filter out spam before e-mails are even sent over to the mail server via Exchange’s Internet Mail Connector.
When both servers were NT, it was almost flawless. There were some eventual problems with logs getting out of hand and needing to be purged, but basically it Just Worked.
At that time, mail from the proxy to go over to the mail server went into the IMCDATA filder under “in” and when it got transferred it moved to the archive folder. Mail coming over from the Exchange server to the proxy went into the IMCDATA folder under “out” and then moved to archive as it sent. IMCDATA meaning, of course, Internet Mail Connector Data, as it is the “connector” for internet mail that Exchange uses for this. As opposed to, say, a connector for working with cc:Mail (to name a thoroughly obsolete example) or whatever.
Each e-mail goes into those folders as a discrete extensionless text file with a crazy looking, programatically generated name. It works great. I would periodically have to purge the archives and the log files, as they would run the old server low on disk space after a while.
After the switch, it spontaneously gave up on transferring e-mails via the IMCDATA folder set. I freaked and poked around when I noticed this, finding that instead it was generating stuff in the MTADATA filder. Basically instead of using IMC it was using MTA, Mail Transfer Agent or Microsoft Transfer Agent or whatever it stands for. Well, fine, if it works. But maybe that’s what causes regular RPC (remote procedure call) errors to appear in the event log.
So. Since the switch, since the MTA thing started - with once in a while a blip of mail appearing in the IMC folders, but weirdly not archiving, just disappearing after it’s processed - Sybari Spam Manager has not been reliable.
First, it lets a large proportion of spam through, as if it never even sees those e-mails. We are talking that even as you can watch it trap thousands of spams, it is letting several hundred to thousands through as if they route right past Sybari. And since Sybari basically replaces the mail store with itself, that’s pretty wild. But it seems to be everything to do with the MTA versus IMC thing, as far as I can tell.
Second, it regularly stops all mail completely. The solution when this happens is to remove Sybari Antigen and Spam Manager from the proxy server and reinstall it. This appears to be necessary at not greater than two month intervals.
The last install I did was after renewing the license another two years, in late March. It had broken down entirely before then. The trajectory after that fresh install was that it worked well, then gradually less well, to the point it let in most spam. I removed and wiped it out and reinstalled it Saturday. The next morning I checked and my inbox had an unusually high amount of spam, so instead of e-mail everyone at the client a “hooray, it’s fixed” message, I e-mailed them “it should be fixed but it’s looking grim so see what you receive for spam after Saturday and whether it seems to be lower.
It’s not.
And yet the program showed that it started capturing spams in large numbers as soon as it was installed and activated; dozens in a matter of a few minutes. Indeed, the ones I saw looked like an exploratory addressing attack of spam. They looked something like:
aaaaaaaa@ourdomain.com
aaaaaaab@ourdomain.com
aaaaaabb@ourdomain.com
And so forth. Those wouldn’t even get to anyone except me.
So what’s the problem? Is it communications between the two servers? I’ve told them they need a new server for Exchange that will double as the internet gateway and be the Windows 2003 boss server in an overall upgrade that includes also a new SQL Server, which they will be constrained into getting in 2 - 4 months. I’ve told them I am at least 99% certain this will solve the e-mail and spam problems as much as that is ever possible. Is it the proxy server having issues? It does, after all. My only hope right now other than a new mail server (which will give the server that also handles documents and legal research and backups mercifully less to do) that doubles as the internet gateway and has a newer version of Exchange is to replace the proxy server with a different old server, freshly installed, in the same role, but lacking the battle scars of the existing one.
Oh well. Guess I’ll be working on the spam problem today. One secretary let me know she got 90 spams over the weekend. That’s just absurd.
Next entry: Milestone
Previous entry: Speaking of That Cookout...