Re: [Declude.JunkMail] Hijack Question
Thanks Luis, I should know to check the release notes for these little tidbits that have not made it into the manual. Dean On 4/5/06, Panda Consulting S.A. Luis Alberto Arango <[EMAIL PROTECTED]> wrote: Release notes don't show any other commandsLuis Arango From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Miércoles, 05 de Abril de 2006 04:48 p.m. To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Hijack Question Unfortunately it is not in the manual. Too bad.. but it is in therelease notes http://www.declude.com/Articles.asp?ID=122 1.69 [Beta, 16 Apr 2003] ADDED ALLOWADDR option, to allow up to 20 E-mail addresses to sendunlimited E-mail. Panda Consulting S.A. Luis Alberto Arango E. From: [EMAIL PROTECTED][mailto: [EMAIL PROTECTED]] On Behalf Of Dean Lawrence Sent: Miércoles, 05 de Abril de 2006 12:57 p.m. To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Hijack Question Hi Nick, Thanks for your input. I didn't see anything related toALLOWADDR in the manual, are there other commands available? Thanks, Dean On 4/5/06, Nick Hayer <[EMAIL PROTECTED]> wrote: Hi Dean - Dean Lawrence wrote: > > First, what thresholds are most of you using, thatcauses minimal > screaming phone calls from client? 8-) RELAYTHRESHOLD11020 RELAYTHRESHOLD23040 > > Secondly, how are you handling non-fixed IP users that may send large > (over the thresholds), but not absorbent amountsof mail? ALLOWADDR[EMAIL PROTECTED] -Nick --- This E-mail came from the Declude.JunkMail mailinglist. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archivescan be found at http://www.mail-archive.com . -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists__[Email scanned for viruses] [Email escaneado contra virus]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.-- __ Dean Lawrence, CIO/PartnerInternet Data Technology888.GET.IDT1 ext. 701 * fax: 888.438.4381http://www.idatatech.com/Corporate Internet Development and Marketing Specialists
RE: [Declude.JunkMail] Hijack Question
Release notes don't show any other commands Luis Arango From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Miércoles, 05 de Abril de 2006 04:48 p.m. To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Hijack Question Unfortunately it is not in the manual. Too bad.. but it is in the release notes http://www.declude.com/Articles.asp?ID=122 1.69 [Beta, 16 Apr 2003] ADDED ALLOWADDR option, to allow up to 20 E-mail addresses to send unlimited E-mail. Panda Consulting S.A. Luis Alberto Arango E. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Lawrence Sent: Miércoles, 05 de Abril de 2006 12:57 p.m. To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Hijack Question Hi Nick, Thanks for your input. I didn't see anything related to ALLOWADDR in the manual, are there other commands available? Thanks, Dean On 4/5/06, Nick Hayer <[EMAIL PROTECTED]> wrote: Hi Dean - Dean Lawrence wrote: > > First, what thresholds are most of you using, that causes minimal > screaming phone calls from client? 8-) RELAYTHRESHOLD11020 RELAYTHRESHOLD23040 > > Secondly, how are you handling non-fixed IP users that may send large > (over the thresholds), but not absorbent amounts of mail? ALLOWADDR[EMAIL PROTECTED] -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question
Unfortunately it is not in the manual. Too bad.. but it is in the release notes http://www.declude.com/Articles.asp?ID=122 1.69 [Beta, 16 Apr 2003] ADDED ALLOWADDR option, to allow up to 20 E-mail addresses to send unlimited E-mail. Panda Consulting S.A. Luis Alberto Arango E. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean LawrenceSent: Miércoles, 05 de Abril de 2006 12:57 p.m.To: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Hijack Question Hi Nick, Thanks for your input. I didn't see anything related to ALLOWADDR in the manual, are there other commands available? Thanks, Dean On 4/5/06, Nick Hayer <[EMAIL PROTECTED]> wrote: Hi Dean -Dean Lawrence wrote:>> First, what thresholds are most of you using, that causes minimal > screaming phone calls from client? 8-)RELAYTHRESHOLD11020RELAYTHRESHOLD23040>> Secondly, how are you handling non-fixed IP users that may send large> (over the thresholds), but not absorbent amounts of mail? ALLOWADDR[EMAIL PROTECTED]-Nick---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.-- __Dean Lawrence, CIO/PartnerInternet Data Technology888.GET.IDT1 ext. 701 * fax: 888.438.4381http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists
Re: [Declude.JunkMail] Hijack Question
Hi Nick, Thanks for your input. I didn't see anything related to ALLOWADDR in the manual, are there other commands available? Thanks, Dean On 4/5/06, Nick Hayer <[EMAIL PROTECTED]> wrote: Hi Dean -Dean Lawrence wrote:>> First, what thresholds are most of you using, that causes minimal > screaming phone calls from client? 8-)RELAYTHRESHOLD11020RELAYTHRESHOLD23040>> Secondly, how are you handling non-fixed IP users that may send large> (over the thresholds), but not absorbent amounts of mail? ALLOWADDR[EMAIL PROTECTED]-Nick---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. -- __Dean Lawrence, CIO/PartnerInternet Data Technology888.GET.IDT1 ext. 701 * fax: 888.438.4381http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists
Re: [Declude.JunkMail] Hijack Question
Hi Dean - Dean Lawrence wrote: First, what thresholds are most of you using, that causes minimal screaming phone calls from client? 8-) RELAYTHRESHOLD11020 RELAYTHRESHOLD23040 Secondly, how are you handling non-fixed IP users that may send large (over the thresholds), but not absorbent amounts of mail? ALLOWADDR[EMAIL PROTECTED] -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Thanks. -d - Original Message - From: "John T (Lists)" <[EMAIL PROTECTED]> To: Sent: Thursday, October 13, 2005 1:41 AM Subject: RE: [Declude.JunkMail] Hijack question A clarification on how to "reset" Hijack: For Declude versions 2.x and below, you need to end the Deccon.exe process. It is also best to do this with Imail SMTP and Queue Manager service stopped and no Declude.exe processes running to ensure that no process will try to call Deccon.exe during the time you are ending the process, as I have documented cases under load where ending the process from the Task Manager did not reset the count completely. This only occurs under load and accessing remotely. If you are at the console and close the Deccon.exe console window, it completely resets the counts. For Declude versions 3.x and above, you need to restart the Decludeproc service. John T eServices For You --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Thanks John! -Nick John T (Lists) wrote: A clarification on how to "reset" Hijack: For Declude versions 2.x and below, you need to end the Deccon.exe process. It is also best to do this with Imail SMTP and Queue Manager service stopped and no Declude.exe processes running to ensure that no process will try to call Deccon.exe during the time you are ending the process, as I have documented cases under load where ending the process from the Task Manager did not reset the count completely. This only occurs under load and accessing remotely. If you are at the console and close the Deccon.exe console window, it completely resets the counts. For Declude versions 3.x and above, you need to restart the Decludeproc service. John T eServices For You --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack question
A clarification on how to "reset" Hijack: For Declude versions 2.x and below, you need to end the Deccon.exe process. It is also best to do this with Imail SMTP and Queue Manager service stopped and no Declude.exe processes running to ensure that no process will try to call Deccon.exe during the time you are ending the process, as I have documented cases under load where ending the process from the Task Manager did not reset the count completely. This only occurs under load and accessing remotely. If you are at the console and close the Deccon.exe console window, it completely resets the counts. For Declude versions 3.x and above, you need to restart the Decludeproc service. John T eServices For You --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Thanks ! -Nick David Barker wrote: Stop/restart the decludeproc service David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nick Hayer Sent: Wednesday, October 12, 2005 12:53 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Hijack question Dave, You need to stop/start deccon.exe That wil reset the counter so to speak. Question to Declude support - How does this work with Declude 3x? Thanks! -Nick Dave Doherty wrote: Hi all, Running Declude version 1.82 with Hijack... One of my customers go caught by Hijack a couple of days ago as a result of some activity with mailing list software he was trying out. Needless to say, he now has a thorough understanding of our UCE policy. But ever since, everything he sends - even just a single message at a time - gets caught by Hijack and placed in Hold2. I recall that there was a second step after renaming the messages and putting them back into the queue, but it has been so long since I had an outgoing spam problem that I forget what that was. There doesn't seem to be a mention of it on the Declude website. Any help would be appreciated. DaveDoherty Skywaves, Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack question
Stop/restart the decludeproc service David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, October 12, 2005 12:53 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Hijack question Dave, You need to stop/start deccon.exe That wil reset the counter so to speak. Question to Declude support - How does this work with Declude 3x? Thanks! -Nick Dave Doherty wrote: > Hi all, > > Running Declude version 1.82 with Hijack... > > One of my customers go caught by Hijack a couple of days ago as a > result of some activity with mailing list software he was trying out. > Needless to say, he now has a thorough understanding of our UCE > policy. But ever since, everything he sends - even just a single > message at a time - gets caught by Hijack and placed in Hold2. I > recall that there was a second step after renaming the messages and > putting them back into the queue, but it has been so long since I had > an outgoing spam problem that I forget what that was. There doesn't > seem to be a mention of it on the Declude website. Any help would be > appreciated. > > DaveDoherty > Skywaves, Inc. > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
That was it! The one thing I didn't try. (Of course!) -d - Original Message - From: "Nick Hayer" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 12, 2005 12:52 PM Subject: Re: [Declude.JunkMail] Hijack question Dave, You need to stop/start deccon.exe That wil reset the counter so to speak. Question to Declude support - How does this work with Declude 3x? Thanks! -Nick Dave Doherty wrote: Hi all, Running Declude version 1.82 with Hijack... One of my customers go caught by Hijack a couple of days ago as a result of some activity with mailing list software he was trying out. Needless to say, he now has a thorough understanding of our UCE policy. But ever since, everything he sends - even just a single message at a time - gets caught by Hijack and placed in Hold2. I recall that there was a second step after renaming the messages and putting them back into the queue, but it has been so long since I had an outgoing spam problem that I forget what that was. There doesn't seem to be a mention of it on the Declude website. Any help would be appreciated. DaveDoherty Skywaves, Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Dave, You need to stop/start deccon.exe That wil reset the counter so to speak. Question to Declude support - How does this work with Declude 3x? Thanks! -Nick Dave Doherty wrote: Hi all, Running Declude version 1.82 with Hijack... One of my customers go caught by Hijack a couple of days ago as a result of some activity with mailing list software he was trying out. Needless to say, he now has a thorough understanding of our UCE policy. But ever since, everything he sends - even just a single message at a time - gets caught by Hijack and placed in Hold2. I recall that there was a second step after renaming the messages and putting them back into the queue, but it has been so long since I had an outgoing spam problem that I forget what that was. There doesn't seem to be a mention of it on the Declude website. Any help would be appreciated. DaveDoherty Skywaves, Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question
Scott, (I apologize for the questions, just learning product, since no trial) With the below said, there is really no reason to login and close the deccon.exe via the Desktop unless there is an issue with it or something needs to be hard reset? Some of our customers have had DHA's lately and wanting to head this off, and Hijack seems like a good fit. What are most using as their Threshhold weights in an ISP type arena? Thanks again, Keith >Close. The window is opened as soon as an E-mail arrives. If you close the window, the flags will be reset, and the >window will be opened when the next E-mail arrive. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack Question
I think when the Deccon window reopens depends on when all the SMTP processes have ended and started afresh. On my heavy-traffic server, Deccon won't reopen until all the SMTP processes have ended. What I do is close the Console, open Task Manager, pause SMTP, watch for all the declude.exe instances to disappear, then Stop and Restart SMTP. - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 25, 2004 2:24 PM Subject: RE: [Declude.JunkMail] Hijack Question > > > I see where Hijack requires Deccon.exe. We run Win2000 SP4 and > >terminal service into the server for remote admin. Does deccon.exe only > >run on the console session? > > Yes, it does -- otherwise, it would not be able to keep track of data > properly (since the user sessions normally only last as long as a user is > online). > > > I read that when the threshhold2 value is > >reached, deccon is opened and once it is closed the flag will be reset? > > Close. The window is opened as soon as an E-mail arrives. If you close > the window, the flags will be reset, and the window will be opened when the > next E-mail arrives. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question
I see where Hijack requires Deccon.exe. We run Win2000 SP4 and terminal service into the server for remote admin. Does deccon.exe only run on the console session? Yes, it does -- otherwise, it would not be able to keep track of data properly (since the user sessions normally only last as long as a user is online). I read that when the threshhold2 value is reached, deccon is opened and once it is closed the flag will be reset? Close. The window is opened as soon as an E-mail arrives. If you close the window, the flags will be reset, and the window will be opened when the next E-mail arrives. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack Question
Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing email to passthru? No. The Declude products do not share configuration files. For example, one of our customers AUTH to our server via their account, it will then not be scanned by Junkmail nor Hijack? It will not be scanned by Declude JunkMail (if you use WHITELIST AUTH), but it will be scanned by Declude Hijack. One of the reasons for this is that many ISPs have spammers that create otherwise legitimate accounts, and spam from them. Another reason is that some spammers are trying to use SMTP AUTH with known E-mail addresses and common passwords. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question
Also, I see where Hijack requires Deccon.exe. We run Win2000 SP4 and terminal service into the server for remote admin. Does deccon.exe only run on the console session? I read that when the threshhold2 value is reached, deccon is opened and once it is closed the flag will be reset? However, using term services on Win2000 SP4 does not allow connection to the console. Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, October 25, 2004 2:51 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hijack Question Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing email to passthru? For example, one of our customers AUTH to our server via their account, it will then not be scanned by Junkmail nor Hijack? Thanks for the time. --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack Question
We currently have 6 versions of Declude (3 Servers with Junkmail and Virus), can I run a Hijack demo on each of the servers? If so, what is the term of the demo? Thanks for the aid. Unfortunately, we do not have a demo version of Declude Hijack. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Eventhough the poster was talking about HiJack, I forgot to mention I was asking about JunkMail. When using this option will a message held by Junkmail and returned to the queue ever be scannen for virusses? I remember reading JM would move it to the hold before VIR could scan it for virusses. When later returning it to the queue it would never be scanned again, nor for JM nor for virusses. That is the main drawback to the AVAFTERJM ON option -- E-mails that are held by Declude JunkMail and returned to the queue will not be scanned for viruses. But you really should only be returning held E-mails to the queue if they are E-mails that are desired (that do not contain viruses). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Hi, > > > >Is it possible to get Hijack to run after DJMP? This would help me > > > >to better manage my backup mailserver - > > > > > > The only way to do that would be if you are also running Declude Virus, you > > > could use the "AVAFTERJM ON" option to force Declude Virus to run after > > > Declude JunkMail, which also forces Declude Hijack to run last (since > > > Declude Hijack always runs after Declude Virus). > > > >Wasn't there something about *no virusscanning* if a held e-mail was > >returned to the queue using this option? > > In the past, that was the case. However, Declude Virus will now always run > before Declude Hijack, so this is not an issue anymore. Eventhough the poster was talking about HiJack, I forgot to mention I was asking about JunkMail. When using this option will a message held by Junkmail and returned to the queue ever be scannen for virusses? I remember reading JM would move it to the hold before VIR could scan it for virusses. When later returning it to the queue it would never be scanned again, nor for JM nor for virusses. Groetjes, Bonno Bloksma --- [E-mail scanned at tio.nl for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
> >Is it possible to get Hijack to run after DJMP? This would help me > >to better manage my backup mailserver - > > The only way to do that would be if you are also running Declude Virus, you > could use the "AVAFTERJM ON" option to force Declude Virus to run after > Declude JunkMail, which also forces Declude Hijack to run last (since > Declude Hijack always runs after Declude Virus). Wasn't there something about *no virusscanning* if a held e-mail was returned to the queue using this option? In the past, that was the case. However, Declude Virus will now always run before Declude Hijack, so this is not an issue anymore. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Hi, > > >Is it possible to get Hijack to run after DJMP? This would help me > >to better manage my backup mailserver - > > The only way to do that would be if you are also running Declude Virus, you > could use the "AVAFTERJM ON" option to force Declude Virus to run after > Declude JunkMail, which also forces Declude Hijack to run last (since > Declude Hijack always runs after Declude Virus). Wasn't there something about *no virusscanning* if a held e-mail was returned to the queue using this option? Groetjes, Bonno Bloksma Back up my hard drive? How do I put it in reverse? --- [E-mail scanned at tio.nl for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
On 17 Jun 2004 at 17:47, R. Scott Perry wrote: Perfect. Thanks! -Nick > > >Is it possible to get Hijack to run after DJMP? This would help me > >to better manage my backup mailserver - > > The only way to do that would be if you are also running Declude > Virus, you could use the "AVAFTERJM ON" option to force Declude Virus > to run after Declude JunkMail, which also forces Declude Hijack to run > last (since Declude Hijack always runs after Declude Virus). > >-Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers since 2000. Declude Virus: Ultra reliable virus detection > and the leader in mailserver vulnerability detection. Find out what > you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Is it possible to get Hijack to run after DJMP? This would help me to better manage my backup mailserver - The only way to do that would be if you are also running Declude Virus, you could use the "AVAFTERJM ON" option to force Declude Virus to run after Declude JunkMail, which also forces Declude Hijack to run last (since Declude Hijack always runs after Declude Virus). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Scott - Is it possible to get Hijack to run after DJMP? This would help me to better manage my backup mailserver - Thanks -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question
OK, I have an idea. Scott, can we "disable" HOLD1, and if so would that affect HOLD2 operation? 99.5% of messages held by HOLD1 end up passing. Yes -- if you set the HOLD1 threshold to be greater than the HOLD2 threshold, then only HOLD2 will apply. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question
OK, I have an idea. Scott, can we "disable" HOLD1, and if so would that affect HOLD2 operation? 99.5% of messages held by HOLD1 end up passing. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of George Kulman > Sent: Saturday, December 06, 2003 1:36 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Hijack Question > > John, > > This is probably more than you wanted but I didn't want to post Scott's > explanation out of context. > > I had a HiJack / Junkmail situation in August. This related to mail where > I > am the secondary MX. HiJack was doing a very effective job of trapping > volume SPAM but I noticed that SPAM was slipping through after being > released from HOLD1 and even in the process of being transferred to HOLD2. > > I had an off-line exchange with Scott and according to him, under these > circumstances, the mail released from HOLD1 will NOT be processed by > JunkMail. Here's Scott's explanation: > > Declude Hijack is involved with these E-mails because IMail reports them > as > external addresses, so Declude Hijack sees E-mails to these domains as > being outgoing mail (when in reality they are incoming mail). As a > result, > if someone sends too much E-mail from one IP to these domain(s), it will > be > held. That's an interesting side-effect that we had not anticipated. > > We did decide to have Declude Hijack take priority over Declude JunkMail, > because it would save a lot of CPU time during attacks, and the thought > was > that outgoing E-mail would not need to be scanned by Declude JunkMail. > > Scott, in response to a follow up message stated that the email would be > Virus scanned. > > Unfortunately, this caused me to discontinue using HiJack since the spam > handling was more important than the CPU cycles saved by having HiJack > trap > the spam up front. Really too bad, it was catching a lot of spam. > > George > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John > > Tolmachoff (Lists) > > Sent: Saturday, December 06, 2003 2:02 AM > > To: [EMAIL PROTECTED] > > Subject: [Declude.JunkMail] Hijack Question > > > > > > When Hijack releases a message from HOLD1, does it go right > > back to spool, > > or does it then get scanned for Virus and JunkMail? > > > > John Tolmachoff > > Engineer/Consultant/Owner > > eServices For You > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question
John, This is probably more than you wanted but I didn't want to post Scott's explanation out of context. I had a HiJack / Junkmail situation in August. This related to mail where I am the secondary MX. HiJack was doing a very effective job of trapping volume SPAM but I noticed that SPAM was slipping through after being released from HOLD1 and even in the process of being transferred to HOLD2. I had an off-line exchange with Scott and according to him, under these circumstances, the mail released from HOLD1 will NOT be processed by JunkMail. Here's Scott's explanation: Declude Hijack is involved with these E-mails because IMail reports them as external addresses, so Declude Hijack sees E-mails to these domains as being outgoing mail (when in reality they are incoming mail). As a result, if someone sends too much E-mail from one IP to these domain(s), it will be held. That's an interesting side-effect that we had not anticipated. We did decide to have Declude Hijack take priority over Declude JunkMail, because it would save a lot of CPU time during attacks, and the thought was that outgoing E-mail would not need to be scanned by Declude JunkMail. Scott, in response to a follow up message stated that the email would be Virus scanned. Unfortunately, this caused me to discontinue using HiJack since the spam handling was more important than the CPU cycles saved by having HiJack trap the spam up front. Really too bad, it was catching a lot of spam. George > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John > Tolmachoff (Lists) > Sent: Saturday, December 06, 2003 2:02 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Hijack Question > > > When Hijack releases a message from HOLD1, does it go right > back to spool, > or does it then get scanned for Virus and JunkMail? > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
If an IP is caught and held by HOLD2, but a sender who is listed by ALLOWADDR sends a e-mail from the IP, will that message be held or passed? ALLOWADDR and ALLOWIP override all other settings, so their mail should be allowed through. Example, IP 10.10.10.1 is held. Joe using [EMAIL PROTECTED] sends a message to someone on the Internet and he is at/behind IP address 10.10.10.1. In the Hijack.cfg file is a line "ALLOWADDR [EMAIL PROTECTED]". He should be allowed to send mail in this case. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
>It was added on 9/4 and the problems occured on 9/20, so that may be >it. Is there a way to manually flush the cache? We add domains every day. > >And once an IP is blocked by HiJack, if we want to unblock it, do we >simply removed the coresonding mail from the "hold2" folder?...or do we >also have to flush the cache? The cache is handled by the Declude console, so closing the Declude console window will flush the cache. That will make sure that no old information on domains is still cached, and will unlock any IPs that are being blocked. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
It was added on 9/4 and the problems occured on 9/20, so that may be it. Is there a way to manually flush the cache? We add domains every day. And once an IP is blocked by HiJack, if we want to unblock it, do we simply removed the coresonding mail from the "hold2" folder?...or do we also have to flush the cache? -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 13:07:51 -0400 Subject: Re: [Declude.JunkMail] hijack question >Whats even weirder is he's got his other account still forwarding to an >account on our server, but Declude HiJack is now logging these forwarded >messages as Incoming... > >09/24/2002 09:31:27 Q692f009d009eea55 Incoming from 128.242.197.219: OK. > >...the only difference is on the 20th we were running Imail 7.10 with >Declude 1.60, and now we're running Imail 7.13 with Declude 1.61. Could >it have been a problem with the older version of either of those? Is whittier.net a domain that was recently added to the server? If so, it may be that Declude Hijack had the old information cached, which would cause it to think that the domain was not local. Upgrading IMail/Declude would have reset any cached information, so that would be my guess. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
>Whats even weirder is he's got his other account still forwarding to an >account on our server, but Declude HiJack is now logging these forwarded >messages as Incoming... > >09/24/2002 09:31:27 Q692f009d009eea55 Incoming from 128.242.197.219: OK. > >...the only difference is on the 20th we were running Imail 7.10 with >Declude 1.60, and now we're running Imail 7.13 with Declude 1.61. Could >it have been a problem with the older version of either of those? Is whittier.net a domain that was recently added to the server? If so, it may be that Declude Hijack had the old information cached, which would cause it to think that the domain was not local. Upgrading IMail/Declude would have reset any cached information, so that would be my guess. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
It is the official hostname for a virtual domain. It is not a domain alias. -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 12:53:26 -0400 Subject: Re: [Declude.JunkMail] hijack question >09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is not local [0] 0. Where does "whittier.net" appear in the IMail settings? Does it appear as an official domain name, or a domain alias? Or does it appear somewhere else? That message should only occur if IMail does not recognize whittier.net as a local domain. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
Whats even weirder is he's got his other account still forwarding to an account on our server, but Declude HiJack is now logging these forwarded messages as Incoming... 09/24/2002 09:31:27 Q692f009d009eea55 Incoming from 128.242.197.219: OK. ...the only difference is on the 20th we were running Imail 7.10 with Declude 1.60, and now we're running Imail 7.13 with Declude 1.61. Could it have been a problem with the older version of either of those? Bill -Original Message- From: Bill B . Sent: Tue, 24 Sep 2002 12:18:04 EDT Subject: Re: [Declude.JunkMail] hijack question here it is... 09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is not local [0] 0. 09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: Sent over 80 E-mails within 30 minutes; quarantining to hold2. 09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: SPAM: HOLDING -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 11:29:32 -0400 Subject: Re: [Declude.JunkMail] hijack question >It was originally sent to "[EMAIL PROTECTED]" which is not a domain on our >Imail server. This domain is on a Verio server. But this guy has Mail >Forwarded set up for this account to forward to "[EMAIL PROTECTED]", which >is a domain on our Imail server. So it was forwarded from the Verio >server to our server, and then that is the first time our server saw it >and when Declude HiJack saw it as Outgoing instead of Incoming. You should have lines in the hi.log file that say something like "[EMAIL PROTECTED] is not local [0] 0" -- what do those lines say? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
>09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is not local [0] 0. Where does "whittier.net" appear in the IMail settings? Does it appear as an official domain name, or a domain alias? Or does it appear somewhere else? That message should only occur if IMail does not recognize whittier.net as a local domain. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
here it is... 09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is not local [0] 0. 09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: Sent over 80 E-mails within 30 minutes; quarantining to hold2. 09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: SPAM: HOLDING -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 11:29:32 -0400 Subject: Re: [Declude.JunkMail] hijack question >It was originally sent to "[EMAIL PROTECTED]" which is not a domain on our >Imail server. This domain is on a Verio server. But this guy has Mail >Forwarded set up for this account to forward to "[EMAIL PROTECTED]", which >is a domain on our Imail server. So it was forwarded from the Verio >server to our server, and then that is the first time our server saw it >and when Declude HiJack saw it as Outgoing instead of Incoming. You should have lines in the hi.log file that say something like "[EMAIL PROTECTED] is not local [0] 0" -- what do those lines say? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
>It was originally sent to "[EMAIL PROTECTED]" which is not a domain on our >Imail server. This domain is on a Verio server. But this guy has Mail >Forwarded set up for this account to forward to "[EMAIL PROTECTED]", which >is a domain on our Imail server. So it was forwarded from the Verio >server to our server, and then that is the first time our server saw it >and when Declude HiJack saw it as Outgoing instead of Incoming. You should have lines in the hi.log file that say something like "[EMAIL PROTECTED] is not local [0] 0" -- what do those lines say? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
It was originally sent to "[EMAIL PROTECTED]" which is not a domain on our Imail server. This domain is on a Verio server. But this guy has Mail Forwarded set up for this account to forward to "[EMAIL PROTECTED]", which is a domain on our Imail server. So it was forwarded from the Verio server to our server, and then that is the first time our server saw it and when Declude HiJack saw it as Outgoing instead of Incoming. -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 09:30:45 -0400 Subject: Re: [Declude.JunkMail] hijack question >The HiJack log shows it as outgoing. Below is the log entry of the first >one that was held. I'll send the Q* and D* files for this email directly >to you... > >09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: Sent >over 80 E-mails within 30 minutes; quarantining to hold2. >09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: SPAM: >HOLDING Is the domain that it was sent to a local IMail domain? Is the E-mail stored on the IMail server? You should only see "Outgoing" there if the E-mail is addressed to a domain that is not stored on the IMail server. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
>The HiJack log shows it as outgoing. Below is the log entry of the first >one that was held. I'll send the Q* and D* files for this email directly >to you... > >09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: Sent >over 80 E-mails within 30 minutes; quarantining to hold2. >09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: SPAM: >HOLDING Is the domain that it was sent to a local IMail domain? Is the E-mail stored on the IMail server? You should only see "Outgoing" there if the E-mail is addressed to a domain that is not stored on the IMail server. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
The HiJack log shows it as outgoing. Below is the log entry of the first one that was held. I'll send the Q* and D* files for this email directly to you... 09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: Sent over 80 E-mails within 30 minutes; quarantining to hold2. 09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: SPAM: HOLDING -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 09:09:25 -0400 Subject: Re: [Declude.JunkMail] hijack question >The mail in question wasn't being forwarded from our mail server. It was >being forwarded FROM another mail server TO an account on our mail server. > >That shouldn't still be considered outgoing should it? That definitely should not. What do the Declude Hijack log files say? Do they show it as incoming E-mail or outgoing E-mail? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
>The mail in question wasn't being forwarded from our mail server. It was >being forwarded FROM another mail server TO an account on our mail server. > >That shouldn't still be considered outgoing should it? That definitely should not. What do the Declude Hijack log files say? Do they show it as incoming E-mail or outgoing E-mail? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
Scott, The mail in question wasn't being forwarded from our mail server. It was being forwarded FROM another mail server TO an account on our mail server. That shouldn't still be considered outgoing should it? Bill -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 08:47:32 -0400 Subject: Re: [Declude.JunkMail] hijack question >One of our client's got locked out by HiJack (hold2), but it appears to be >because of inbound mail, not outgoing mail. Declude Hijack only checks outgoing E-mail, not incoming E-mail. Any incoming E-mail is automatically exempt. >This client has an email account at another provider which forwards to an >account on our server. He had a few hundred emails from an automated >program sent to his other account in a short amount of time...and these >were all automatically forwarded to his account on our server. > >But hijack apparently saw these inbound forwarded messages as outgoing >even though they were being delivered to a local mailbox...and it began >holding all mail that came from that other mail server's IP Address. > >It shouldn't do this should it? I can send you an example of the held >mail along with the log entries if you'd like. The problem is that it is outgoing mail, and unfortunately IMail does not distinguish in the logs between forwarded E-mail and standard outgoing E-mail (which is also a problem for the Domain Lister program that we have). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] hijack question
>One of our client's got locked out by HiJack (hold2), but it appears to be >because of inbound mail, not outgoing mail. Declude Hijack only checks outgoing E-mail, not incoming E-mail. Any incoming E-mail is automatically exempt. >This client has an email account at another provider which forwards to an >account on our server. He had a few hundred emails from an automated >program sent to his other account in a short amount of time...and these >were all automatically forwarded to his account on our server. > >But hijack apparently saw these inbound forwarded messages as outgoing >even though they were being delivered to a local mailbox...and it began >holding all mail that came from that other mail server's IP Address. > >It shouldn't do this should it? I can send you an example of the held >mail along with the log entries if you'd like. The problem is that it is outgoing mail, and unfortunately IMail does not distinguish in the logs between forwarded E-mail and standard outgoing E-mail (which is also a problem for the Domain Lister program that we have). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question (somewhat OT)
I understand your point. I will ponder on it to see if I come up with anything. (Unless someone else does first. :) ) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stic.Net Sent: Monday, July 29, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Hijack Question (somewhat OT) >But if each person has there own public IP address, I can not see how >that person would send say 80 or 100 legitimate e-mails internally >within say 1 hour. >If there are one or two or a few, it is better to just whitelist those >specific IP addresses. These are valid points too. However, there are still two issues I'm a bit worried about. One, we have a network monitoring server that sends pages to us through our mailserver. When things are falling apart around here I'm pretty sure that thing sends out (or at least tries to) enough messages to get caught by Hijack. For various reasons, that box has multiple IPs bound to it, so I'm not sure whether I'd have to create an ALLOWIP line for all of its IPs, or just for one of them. Secondly, our techsupport staff occasionally gets a request from a customer to check on some sort of problem with a particular mailbox. They will then re-direct all messages that were in a mailbox to a different one, or forward them all to a remote mailserver. Often there are enough messages to set off Hijack. There are about 25-30 tech machines. So call me lazy, but I figured that using ALLOWIP for the entire class C would be the best solution. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack Question (somewhat OT)
>But if each person has there own public IP address, I can not see how >that person would send say 80 or 100 legitimate e-mails internally >within say 1 hour. >If there are one or two or a few, it is better to just whitelist those >specific IP addresses. These are valid points too. However, there are still two issues I'm a bit worried about. One, we have a network monitoring server that sends pages to us through our mailserver. When things are falling apart around here I'm pretty sure that thing sends out (or at least tries to) enough messages to get caught by Hijack. For various reasons, that box has multiple IPs bound to it, so I'm not sure whether I'd have to create an ALLOWIP line for all of its IPs, or just for one of them. Secondly, our techsupport staff occasionally gets a request from a customer to check on some sort of problem with a particular mailbox. They will then re-direct all messages that were in a mailbox to a different one, or forward them all to a remote mailserver. Often there are enough messages to set off Hijack. There are about 25-30 tech machines. So call me lazy, but I figured that using ALLOWIP for the entire class C would be the best solution. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack Question (somewhat OT)
>Point taken. But working for an small Internet provider, all of the employees here >are well aware of the severe beatings they will receive (from customer and co->worker alike) if they try anything cute like that. But if each person has there own public IP address, I can not see how that person would send say 80 or 100 legitimate e-mails internally within say 1 hour. I am assuming that each person has a separate Public IP address by the fact that you are trying to whitelist a entire 255.255.255.0/24 subnet. If there are one or two or a few, it is better to just whitelist those specific IP addresses. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack Question (somewhat OT)
-- Original Message -- From: "John Tolmachoff" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Mon, 29 Jul 2002 16:36:11 -0700 >But wouldn't that defeat the purpose of protecting against some one in >the office sending out bulk junk e-mail, which is the primary purpose of >Hijack? Point taken. But working for an small Internet provider, all of the employees here are well aware of the severe beatings they will receive (from customer and co-worker alike) if they try anything cute like that. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack Question (somewhat OT)
But wouldn't that defeat the purpose of protecting against some one in the office sending out bulk junk e-mail, which is the primary purpose of Hijack? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of STIC.NET Sent: Monday, July 29, 2002 4:23 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hijack Question (somewhat OT) Sorry if this is a bit off-topic, but I was wondering if you can use the ALLOWIP line in the Hijack.cfg file to allow unlimited SMTP traffic for an entire class C subnet. Occasionally machines in our office send out a lot of internal messages, enough to go over Hijacks second threshold so I'm trying to figure out a work-around without having to add an ALLOWIP line for every machine. For example, would ALLOWIP 2.2.2 allow anyone with a 2.2.2.xx IP address unlimited SMTP traffic? Thanks Bart Lackorn STIC.NET --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Hijack Question (somewhat OT)
>Sorry if this is a bit off-topic, but I was wondering if you can use the >ALLOWIP line in the Hijack.cfg file to allow unlimited SMTP traffic for an >entire class C subnet. Occasionally machines in our office send out a lot >of internal messages, enough to go over Hijacks second threshold so I'm >trying to figure out a work-around without having to add an ALLOWIP line >for every machine. > >For example, would ALLOWIP 2.2.2 allow anyone with a 2.2.2.xx IP address >unlimited SMTP traffic? Yes, you can do exactly that -- the "ALLOWIP 2.2.2." format is the best way to do it, and it would allow all E-mail from 2.2.2.x to send unlimited traffic. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Hijack question
>Declude Hijack tracks the number of outgoing e-mail by IP address. > >But what about an office, such as ours, that uses a firewall with a DMZ, >where the Imail is in the DMZ and the internal network uses NAT. For that, you can add a line "ALLOWIP 127.0.0.1" (replacing the 127.0.0.1 with the IP of the firewall). That way, all your users will be able to send out unlimited mail. But, anyone sending mail from an outside IP will be restricted. The drawback is that your users can then send unlimited E-mail -- and if there is a spammer among them, you're in trouble. But, if someone like that already has access to your internal network, you would have bigger problems. In that case, you could instead set a very high limit -- but then if the spammer's mail got caught, so would everyone else's. >I do not want to allow that IP, as I do want the protection that Hijack >brings. For example, we had a developer use a "program" that was >designed to send out bulk e-mail. Of course Hijack caught it. But it >also caught every other e-mail going out from all other uses in the >office. > >Is there a way for Hijack or Imail to get the IP address one step back? Unfortunately, Declude Hijack can't do that. Depending on your setup, that information may or may not be in the E-mail headers, but Declude Hijack won't look for it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack question
The new beta file from IMAIL will do that on your IMAIL server...thus not using the firewall I can see all mail numbers by IP or domain. Not as sophisticated as Declude but works until Declude comes along with something better(which I have no doubt will happen!) Jim Rooth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Monday, April 22, 2002 9:50 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hijack question Good morning all. Declude Hijack tracks the number of outgoing e-mail by IP address. But what about an office, such as ours, that uses a firewall with a DMZ, where the Imail is in the DMZ and the internal network uses NAT. Therefore, Declude Hijack sees all the users from the internal network as one IP address, that of the IP address of the firewall. Here is the exact setup: MS ISA server three homed in a DMZ setup. IP of DMZ NIC on ISA is x.x.x.5. IP of Internal NIC on ISA is 192.168.10.5 IP of Imail Nic is x.x.x.17. Imail receives the e-mail as if it came from the DMZ NIC and lists the from address as x.x.x.5. The problem can arise with many users on the internal network sending e-mail, whereas Declude Hijack sees all those messages as one user. I do not want to allow that IP, as I do want the protection that Hijack brings. For example, we had a developer use a "program" that was designed to send out bulk e-mail. Of course Hijack caught it. But it also caught every other e-mail going out from all other uses in the office. Is there a way for Hijack or Imail to get the IP address one step back? John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack question
>So, if I have to whitelist a subnet of 240, I would have to put each of >the 16 addresses on a separate line? That is correct. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack question
So, if I have to whitelist a subnet of 240, I would have to put each of the 16 addresses on a separate line? John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, March 12, 2002 10:21 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Hijack question >Since I am sure it is the same for JunkMail, how do you whitelist a >subnet? For Declude JunkMail, you would use something like this: WHITELIST IP 192.168.0. Declude Hijack doesn't have a method for whitelisting a subnet. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Hijack question
>Since I am sure it is the same for JunkMail, how do you whitelist a >subnet? For Declude JunkMail, you would use something like this: WHITELIST IP 192.168.0. Declude Hijack doesn't have a method for whitelisting a subnet. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
