MERO
Thanks Saskatchewan
There are lots of IP addresses in the "Access Control" box. In fact I add ip addresses to this box manually whenever I personally receive SPAM.
Here the first 25 records from the access database:
IPAccessRecordID AddressMask Host Mode Account Right Status ThreatLevel Date_LastModified Date_Created
1 201.43.20.84 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
2 216.67.224.178 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
3 66.179.175.11 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
4 209.209.36.138 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
5 63.201.248.140 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
6 200.48.92.74 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
7 66.210.41.75 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
8 84.102.71.62 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
9 195.56.146.77 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
10 87.218.25.247 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
11 139.142.90.7 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
12 66.159.64.253 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
13 211.223.53.154 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
14 81.208.51.58 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
15 221.232.79.195 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
16 85.20.168.61 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
17 80.230.103.196 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
18 218.18.239.141 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
19 82.238.70.151 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
20 71.196.237.36 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
21 65.184.189.129 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
22 139.55.220.21 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
23 203.81.208.84 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
24 218.201.144.35 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
25 62.21.58.158 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
There are lots of IP addresses in the "Access Control" box. In fact I add ip addresses to this box manually whenever I personally receive SPAM.
Here the first 25 records from the access database:
IPAccessRecordID AddressMask Host Mode Account Right Status ThreatLevel Date_LastModified Date_Created
1 201.43.20.84 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
2 216.67.224.178 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
3 66.179.175.11 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
4 209.209.36.138 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
5 63.201.248.140 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
6 200.48.92.74 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
7 66.210.41.75 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
8 84.102.71.62 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
9 195.56.146.77 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
10 87.218.25.247 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
11 139.142.90.7 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
12 66.159.64.253 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
13 211.223.53.154 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
14 81.208.51.58 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
15 221.232.79.195 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
16 85.20.168.61 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
17 80.230.103.196 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
18 218.18.239.141 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
19 82.238.70.151 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:56 PM
20 71.196.237.36 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
21 65.184.189.129 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
22 139.55.220.21 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
23 203.81.208.84 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
24 218.201.144.35 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
25 62.21.58.158 1 SYSTEM CONNECT 1 -1 8/22/2006 11:00:21 PM 4/25/2006 12:34:57 PM
-
- Posts: 27
- Joined: Fri Sep 09, 2005 5:54 am
- Location: Saskatchewan
Hello andyhowie,
This is getting interesting -- and your post was helpful but leaves a couple of other questions.
The snippet you quoted from the log file seems to indicate that MERO is working properly to a point. Where the process stops is important -- so if you glance at the recent log files again does it appear that MERO is consistently stopping at this line:
"Opening MailEnable SMTP-DENY configuration...Done."
The next step in the code should either report that "No addresses were found...(etc)" or else you'll see the message "Closing Mail Enable SMTP-DENY configuation." The latter message indicates to me that addresses ARE found - stored - then the connection to MailEnable is closed and MERO goes on to the next subroutines.
But being that your log file appears to stop at that specific point might indicate that MERO doesn't have permission to connect to MailEnable. MERO makes this connection via the MEAOSM.Access component.
So my question is: have you changed your MailEnable installation or permission settings on any of the MailEnable folders/subfolders recently? (This might be a shot in the dark...but worth asking.)
And my second question to you is more simple. Look again in MERO's database, can you open the "meroSMTPDENY" table then sort the columns by "Date_LastModified". What is the 'most recent' date that ANY of the records were modified?
The answer to that question will tell you exactly the date and time that MERO last worked properly. I ask this question because the problem may not be with MERO and its database, but may instead be a problem isolated to the "logging" of the processes. In other words, MERO might still be working properly and perhaps the log files are the only thing messed up.
I'll await your response.
This is getting interesting -- and your post was helpful but leaves a couple of other questions.
The snippet you quoted from the log file seems to indicate that MERO is working properly to a point. Where the process stops is important -- so if you glance at the recent log files again does it appear that MERO is consistently stopping at this line:
"Opening MailEnable SMTP-DENY configuration...Done."
The next step in the code should either report that "No addresses were found...(etc)" or else you'll see the message "Closing Mail Enable SMTP-DENY configuation." The latter message indicates to me that addresses ARE found - stored - then the connection to MailEnable is closed and MERO goes on to the next subroutines.
But being that your log file appears to stop at that specific point might indicate that MERO doesn't have permission to connect to MailEnable. MERO makes this connection via the MEAOSM.Access component.
So my question is: have you changed your MailEnable installation or permission settings on any of the MailEnable folders/subfolders recently? (This might be a shot in the dark...but worth asking.)
And my second question to you is more simple. Look again in MERO's database, can you open the "meroSMTPDENY" table then sort the columns by "Date_LastModified". What is the 'most recent' date that ANY of the records were modified?
The answer to that question will tell you exactly the date and time that MERO last worked properly. I ask this question because the problem may not be with MERO and its database, but may instead be a problem isolated to the "logging" of the processes. In other words, MERO might still be working properly and perhaps the log files are the only thing messed up.
I'll await your response.
Happy Birthday MERO!
Well I'm a little late to find this great script, in fact it appears to be 12 months late so instead of posting "wow, thanks for this great script Saskatchewan" I'll just post:
Happy Birthday MERO.
(Thanks Saskatchewan)
Andy.
Happy Birthday MERO.
(Thanks Saskatchewan)
Andy.
-
- Posts: 844
- Joined: Mon Dec 05, 2005 7:51 am
- Location: Canada
OK... so i finally jumped on the bandwagon and installed MERO. It really looks like a cool app.
I do have a couple questions though.
i have enabled the connection dropping thing for several months now, and there are only 3 addresses in my SMTP-DENY.TAB file. How can this be? I am hosting about 20 domains and have a HUGE amount of spam coming thru my system. I have honed the filtering quite well (97%ish) using MEFilter and Bayesian... but why wouldnt ME add items to the DENY.TAB?
also ... if i migrate to SQL Server config, do you know if the SMTP-DENY.TAB will still be used or will it migrate over to the database?
Finally ... what would it take to get MERO running in SQL Server rather than Access?
I do have a couple questions though.
i have enabled the connection dropping thing for several months now, and there are only 3 addresses in my SMTP-DENY.TAB file. How can this be? I am hosting about 20 domains and have a HUGE amount of spam coming thru my system. I have honed the filtering quite well (97%ish) using MEFilter and Bayesian... but why wouldnt ME add items to the DENY.TAB?
also ... if i migrate to SQL Server config, do you know if the SMTP-DENY.TAB will still be used or will it migrate over to the database?
Finally ... what would it take to get MERO running in SQL Server rather than Access?
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
-
- Posts: 27
- Joined: Fri Sep 09, 2005 5:54 am
- Location: Saskatchewan
-
- Posts: 844
- Joined: Mon Dec 05, 2005 7:51 am
- Location: Canada
any response?rockinthesixstring wrote:OK... so i finally jumped on the bandwagon and installed MERO. It really looks like a cool app.
I do have a couple questions though.
i have enabled the connection dropping thing for several months now, and there are only 3 addresses in my SMTP-DENY.TAB file. How can this be? I am hosting about 20 domains and have a HUGE amount of spam coming thru my system. I have honed the filtering quite well (97%ish) using MEFilter and Bayesian... but why wouldnt ME add items to the DENY.TAB?
also ... if i migrate to SQL Server config, do you know if the SMTP-DENY.TAB will still be used or will it migrate over to the database?
Finally ... what would it take to get MERO running in SQL Server rather than Access?
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
-
- Posts: 27
- Joined: Fri Sep 09, 2005 5:54 am
- Location: Saskatchewan
Hello rockinthesixstring,
I have decided that 14 is working best on my servers.
Regards.
I suspect this may be because your settings in MailEnable's SMTP-DENY configuration are too liberal. In this setting: "Add to denied IP Addresses if number of failed commands or recipients reaches X ", what number do you have?rockinthesixstring wrote:i have enabled the connection dropping thing for several months now, and there are only 3 addresses in my SMTP-DENY.TAB file. How can this be? I am hosting about 20 domains and have a HUGE amount of spam coming thru my system. I have honed the filtering quite well (97%ish) using MEFilter and Bayesian... but why wouldnt ME add items to the DENY.TAB?
I have decided that 14 is working best on my servers.
The SMTP-DENY.TAB file will always be used by Mail Enable -- MERO's operation doesn't effect that file at all. MERO could (theoretically) operate using SQLServer but I have not done so and I don't plan on it. The MS Access database (even with 16000 records currently being managed on my systems) is operating just fine. Introducing SQLServer will present a series of new problems that I don't feel are worth the hassle at this point.rockinthesixstring wrote:also ... if i migrate to SQL Server config, do you know if the SMTP-DENY.TAB will still be used or will it migrate over to the database? Finally ... what would it take to get MERO running in SQL Server rather than Access?
Regards.
-
- Posts: 844
- Joined: Mon Dec 05, 2005 7:51 am
- Location: Canada
i am running it at "15" - I have now implemented another script posted by "Funmiester" in the MEFilter forums. It is a vb script that is called as a filter action. so when i detect a bayesian 92%+ message, it addes the IP to the SMTP-DENY.TAB file and also strips any URL's out and adds it to a MEFILTER-URLBLACKLIST.TAB file that is used as another filter in ME. This in conjuction with MERO works REALLY well.
The connection dropping thing is still not adding anything, but Funmiesters script is more than making up for it.
If you are using basic SQL Queries on Access, running it in SQLServer will be nothing to implement ... simply change the connection string and maybe parameterize the query.
The connection dropping thing is still not adding anything, but Funmiesters script is more than making up for it.
If you are using basic SQL Queries on Access, running it in SQLServer will be nothing to implement ... simply change the connection string and maybe parameterize the query.
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
-
- Posts: 844
- Joined: Mon Dec 05, 2005 7:51 am
- Location: Canada
If mero does not effect the SMTP-DENY.TAB file, where does it store the banned IP addresses for ME to use.Saskatchewan wrote:The SMTP-DENY.TAB file will always be used by Mail Enable -- MERO's operation doesn't effect that file at all
Obviously MERO stores data in the database but ME does not use that database. where do these IP address get stored?
The reason I ask this is the following.
I have implemented Funmiesters IP stripping script in the MEFilter forum and I have a couple of thousand IP addresses in the SMTP-DENY.TAB file. However when MERO runs, it only reads the original 5 IP addresses that i manually entered thru the SMTP Properties in ME.
Any help or direction would be huge.
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
-
- Posts: 844
- Joined: Mon Dec 05, 2005 7:51 am
- Location: Canada
Looks like ME does store the data in the SMTP_ACCESS table if using the SQL Server config for ME Ent.
Now the job is to get Funmiester to adjust the script to use Database rather than the SMTP-DENY.TAB file.
thanks again for your program
Now the job is to get Funmiester to adjust the script to use Database rather than the SMTP-DENY.TAB file.
thanks again for your program
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9
-
- Posts: 27
- Joined: Fri Sep 09, 2005 5:54 am
- Location: Saskatchewan
I must reflecting on what I said earlier, "the SMTP-DENY.TAB file will always be used by Mail Enable -- MERO's operation doesn't effect that file at all." It appears you've proved me wrong on both of those statements -- so I'll clarify. I don't use the Mail Enable Enterprise edition and therefore I don't have knowledge of how it operates with SQL Server -- but if you're correct, then Mail Enable doesn't use the SMTP-DENY.TAB file when SQL Server is in use (presumably, that data is stored instead in a SQL database). So, perhaps the SMTP-DENY.TAB file won't "always be used by Mail Enable" as I said. In the second statement, I said that MERO's operation doesn't effect that file -- I suppose, to clarify that statement I should have said that MERO's operation doesn't DIRECTLY effect that file. I'll explain.rockinthesixstring wrote:If mero does not effect the SMTP-DENY.TAB file, where does it store the banned IP addresses for ME to use. Obviously MERO stores data in the database but ME does not use that database. where do these IP address get stored?
MERO makes a connection to Mail Enable's data via Mail Enable's "MEAOSM.Access" component. So, MERO 'directly' effects Mail Enable's data through that component (MERO reads and writes I.P. addresses to Mail Enable using that component and...where Mail Enable stores that information is entirely up to Mail Enable). Thus, 'indirectly', I suppose MERO does effect the SMTP-DENY.TAB file (if that's where Mail Enable stores the banned I.P. addresses). In my installation of Mail Enable Standard, I have verified that the SMTP-DENY.TAB file is in fact that storage facility but perhaps when SQL Server is used by the Enterprise edition the storage facility may be different. However, I have to presume that Mail Enable's own "MEAOSM.Access" component is still the best tool to communicate with Mail Enable and thus I believe MERO should still be as effective.
It would appear to me then that your installation of Mail Enable is using two different and distinct storage facilities for the banned I.P. addresses. One is the SMTP-DENY.TAB file, the other I can only guess is a database file which contains only 5 addresses. The important question to find the answer to is: which database is effected by the "MEAOSM.Access"component? Beause that's the database which MERO reads and writes-to.rockinthesixstring wrote:I have implemented Funmiesters IP stripping script in the MEFilter forum and I have a couple of thousand IP addresses in the SMTP-DENY.TAB file. However when MERO runs, it only reads the original 5 IP addresses that i manually entered thru the SMTP Properties in ME.
I wonder, has the Funmiesters script created a separate database? Or is Mail Enable using the SQL Server for 'some' data and the SMTP-DENY.TAB file for 'other' data?
Regardless, the important things to note about MERO are that:
- MERO stores its own data in the MS Access database (the MERO.MDB file).
- and MERO communicates with Mail Enable only through the MEAOSM.Access component.
Regards.
-
- Posts: 844
- Joined: Mon Dec 05, 2005 7:51 am
- Location: Canada
-
- Posts: 27
- Joined: Fri Sep 09, 2005 5:54 am
- Location: Saskatchewan
If that is true (and considering that MERO communicates with Mail Enable through the use of Mail Enable's own MEAOSM.Access component), and based on Mail Enable's documentation, I have to assume that Mail Enable uses the SMTP_ACCESS table to store banned I.P. addresses if using SQL Server (instead of, as in Mail Enable 'Standard', the SMTP-DENY.TAB file). Nevertheless, I believe MERO should operate just as well -- because MERO doesn't care 'what' database Mail Enable uses; MERO simply tells Mail Enable (through the MEAOSM.Access component) which I.P. addresses to 'keep on the list' and which ones to purge.rockinthesixstring wrote:Looks like ME does store the data in the SMTP_ACCESS table if using the SQL Server config for ME Ent.
Have you verified that the Funmiester script is reading and writing 'directly' to the SMTP-DENY.TAB file? If so, then...well...it shouldn't. Mail Enable's documentation implies that data shouldn't be manipulated 'directly' in any of their .TAB files, but instead Mail Enable's libraries (such as the MEAOSM.Access component) should be used. I've tried to heed their advice when building MERO (in attempt to avoid this very problem).rockinthesixstring wrote:Now the job is to get Funmiester to adjust the script to use Database rather than the SMTP-DENY.TAB file.
-
- Posts: 844
- Joined: Mon Dec 05, 2005 7:51 am
- Location: Canada
-
- Posts: 844
- Joined: Mon Dec 05, 2005 7:51 am
- Location: Canada