Nope. Don't whitelist dial-up IPs, that totally quashes the point of HiJack, to catch YOUR users sending spam.
I've adjusted the threshold parameters, but I still do have instances where a dial-up IP gets caught for a high volume of mail (multiple recipients on those IDIOT mass-forwards of jokes and whatnot), then that user disconnects, another user gets the IP and all his mail gets caught immediately. Not that big a deal. The actual volume of mail is not *that* large, so the Q/D files are easily renamed and moved back to the queue. The few cases of "false holds" are far outweighed when HiJack does catch a spammer or a user with a security breach. I did have a case a couple days ago with a user who was sending spam. Advertisements for a book he wrote and had published, sent to a list of addresses he pulled from a discussion group(!). HiJack didn't catch him because he was running the messages manually, one at a time, only about 20 every 10 minutes. Two complaints were lodged within three hours. BUSTED! Talk about a ruckus. He admits to pulling the addresses of people he doesn't know from that discussion group, but refuses to believe that he did anything wrong, even when the evidence is shoved right in his face (f***ng spammers!, one of the complaints said). He switched to another service. I looked up their Acceptable Use policy and showed him the "no spam" section, and wished him luck. Glenn Z. ----- Original Message ----- From: "serge" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 06, 2004 8:08 PM Subject: Re: [Declude.JunkMail] Hijack questions > <1. Hijack is IP based, so IP is time tracked, irregardless of who is behind > it.> > > So that makes it unusable for dial up connections. > Still can be usefull for our wireless clients, those are assigned fixed IPs. > But we will have to "hijack white list" all the Dial up IPs, correct ? > > > ----- Original Message ----- > From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, April 07, 2004 1:04 AM > Subject: RE: [Declude.JunkMail] Hijack questions > > > 1. Hijack is IP based, so IP is time tracked, irregardless of who is behind > it. > > 2. All 25 will be released at once. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > [EMAIL PROTECTED] On Behalf Of serge > > Sent: Tuesday, April 06, 2004 5:52 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.JunkMail] Hijak questions > > > > Continuing my training in declude hijack; > > > > 1- Does hijack work on IP bassis, or mail from basis ? If IP, and a client > > get to a threshhold, than disconnect, and another client connect to that > > same modem (IP), the second client will be penalised ? > > > > 2- Threshold 1 = 20, Threshold 2 =50 > > A client send 45 mails, 20 go out, 25 on hold > > After 10 minutes, Hijack release 25, do they get sent at once, or only 20 > > are sent and 5 are again on hold ? > > > > TIA. > > > > ----- Original Message ----- > > From: "R. Scott Perry" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, April 06, 2004 11:23 AM > > Subject: Re: [Declude.JunkMail] Hijak questions > > > > > > > > > > >1- A message with 20 recipients, does it count as 1 message or 20 > message > > > >toward the threshold? > > > > > > It will count as 20 E-mails (since spammers typically operate that way). > > > > > > >2- If a user exeeds therhold 1, and not 2, is there a way to release > his > > > >hold messages at a certain hour, instead than after x Minutes ? > > > > > > No. > > > > > > >3- Can we set thresholds on size/MB instead of number of messages ? > > > > > > No. > > > > > > And answering another question that came up, Declude Hijack will treat > > > authenticated users the same as non-authenticated users. > > > > > > -Scott > > > --- > > > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > > > since 2000. > > > Declude Virus: Ultra reliable virus detection and the leader in > mailserver > > > vulnerability detection. > > > Find out what you've been missing: Ask for a free 30-day evaluation. > > > > > > --- > > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > > > --- > > > This E-mail came from the Declude.JunkMail mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.JunkMail". The archives can be found > > > at http://www.mail-archive.com. > > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > [AUTOMATED NOTE: Your mail server [68.89.56.16] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
