I have a similar issue but it is only with one server. I whitelist the UNC and not the IP...don't have any particular reason other than the IP is in a PIX pool and could conceivably be used by something else. With 25 to 30 different machines that would be hard to monitor individually. I wonder if you can control a certain range in an IP instead of the whole C Class? Seems like that would be a solution if they were all sequentially IP'd.
Jim Rooth Klotron, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stic.Net Sent: Monday, July 29, 2002 7:21 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Hijack Question (somewhat OT) >But if each person has there own public IP address, I can not see how >that person would send say 80 or 100 legitimate e-mails internally >within say 1 hour. >If there are one or two or a few, it is better to just whitelist those >specific IP addresses. These are valid points too. However, there are still two issues I'm a bit worried about. One, we have a network monitoring server that sends pages to us through our mailserver. When things are falling apart around here I'm pretty sure that thing sends out (or at least tries to) enough messages to get caught by Hijack. For various reasons, that box has multiple IPs bound to it, so I'm not sure whether I'd have to create an ALLOWIP line for all of its IPs, or just for one of them. Secondly, our techsupport staff occasionally gets a request from a customer to check on some sort of problem with a particular mailbox. They will then re-direct all messages that were in a mailbox to a different one, or forward them all to a remote mailserver. Often there are enough messages to set off Hijack. There are about 25-30 tech machines. So call me lazy, but I figured that using ALLOWIP for the entire class C would be the best solution. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
