Hi Dean -
Dean Lawrence wrote:
First, what thresholds are most of you using, that causes minimal
screaming phone calls from client? 8-)
RELAYTHRESHOLD11020
RELAYTHRESHOLD23040
Secondly, how are you handling non-fixed IP users that may send large
(over the thresholds),
Hi Nick,
Thanks for your input. I didn't see anything related to ALLOWADDR in the manual, are there other commands available?
Thanks,
Dean
On 4/5/06, Nick Hayer [EMAIL PROTECTED] wrote:
Hi Dean -Dean Lawrence wrote: First, what thresholds are most of you using, that causes minimal
screaming
.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean
LawrenceSent: MiƩrcoles, 05 de Abril de 2006 12:57
p.m.To: Declude.JunkMail@declude.comSubject: Re:
[Declude.JunkMail] Hijack Question
Hi Nick,
Thanks for your input. I didn't see anything related to ALLOWADDR
@declude.com
Subject: RE: [Declude.JunkMail] Hijack Question
Unfortunately it is not in the manual. Too bad.. but it is in the
release notes
http://www.declude.com/Articles.asp?ID=122
1.69 [Beta, 16 Apr 2003]
ADDED
: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Panda Consulting
S.A. Luis Alberto Arango Sent: MiƩrcoles, 05 de Abril de 2006 04:48 p.m. To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Hijack Question
Unfortunately it is not in the manual. Too bad.. but it is in therelease
Thanks John!
-Nick
John T (Lists) wrote:
A clarification on how to reset Hijack:
For Declude versions 2.x and below, you need to end the Deccon.exe process.
It is also best to do this with Imail SMTP and Queue Manager service stopped
and no Declude.exe processes running to ensure that no
Thanks.
-d
- Original Message -
From: John T (Lists) [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Thursday, October 13, 2005 1:41 AM
Subject: RE: [Declude.JunkMail] Hijack question
A clarification on how to reset Hijack:
For Declude versions 2.x and below, you need
Dave,
You need to stop/start deccon.exe That wil reset the counter so to speak.
Question to Declude support -
How does this work with Declude 3x?
Thanks!
-Nick
Dave Doherty wrote:
Hi all,
Running Declude version 1.82 with Hijack...
One of my customers go caught by Hijack a couple of
That was it! The one thing I didn't try. (Of course!)
-d
- Original Message -
From: Nick Hayer [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Wednesday, October 12, 2005 12:52 PM
Subject: Re: [Declude.JunkMail] Hijack question
Dave,
You need to stop/start deccon.exe
Stop/restart the decludeproc service
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer
Sent: Wednesday, October 12, 2005 12:53 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Hijack question
Dave
: [Declude.JunkMail] Hijack question
Dave,
You need to stop/start deccon.exe That wil reset the counter so to speak.
Question to Declude support -
How does this work with Declude 3x?
Thanks!
-Nick
Dave Doherty wrote:
Hi all,
Running Declude version 1.82 with Hijack...
One of my
A clarification on how to reset Hijack:
For Declude versions 2.x and below, you need to end the Deccon.exe process.
It is also best to do this with Imail SMTP and Queue Manager service stopped
and no Declude.exe processes running to ensure that no process will try to
call Deccon.exe during the
Also,
I see where Hijack requires Deccon.exe. We run Win2000 SP4 and
terminal service into the server for remote admin. Does deccon.exe only
run on the console session? I read that when the threshhold2 value is
reached, deccon is opened and once it is closed the flag will be reset?
Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing
email to passthru?
No. The Declude products do not share configuration files.
For example, one of our customers AUTH to our server
via their account, it will then not be scanned by Junkmail nor Hijack?
It will not be scanned by
I see where Hijack requires Deccon.exe. We run Win2000 SP4 and
terminal service into the server for remote admin. Does deccon.exe only
run on the console session?
Yes, it does -- otherwise, it would not be able to keep track of data
properly (since the user sessions normally only last
instances to disappear, then Stop and Restart SMTP.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 25, 2004 2:24 PM
Subject: RE: [Declude.JunkMail] Hijack Question
I see where Hijack requires Deccon.exe. We run Win2000 SP4
Scott,
(I apologize for the questions, just learning product, since no
trial) With the below said, there is really no reason to login and
close the deccon.exe via the Desktop unless there is an issue with it or
something needs to be hard reset? Some of our customers have had DHA's
We currently have 6 versions of Declude (3 Servers with Junkmail and
Virus), can I run a Hijack demo on each of the servers? If so, what is
the term of the demo? Thanks for the aid.
Unfortunately, we do not have a demo version of Declude Hijack.
Hi,
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
The only way to do that would be if you are also running Declude Virus,
you
could use the AVAFTERJM ON option to force Declude Virus to run after
Declude JunkMail, which also
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
The only way to do that would be if you are also running Declude Virus, you
could use the AVAFTERJM ON option to force Declude Virus to run after
Declude JunkMail, which also forces
Hi,
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
The only way to do that would be if you are also running Declude
Virus, you
could use the AVAFTERJM ON option to force Declude Virus to run
after
Declude JunkMail,
Eventhough the poster was talking about HiJack, I forgot to mention I was
asking about JunkMail. When using this option will a message held by
Junkmail and returned to the queue ever be scannen for virusses? I remember
reading JM would move it to the hold before VIR could scan it for virusses.
Scott -
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
Thanks
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
The only way to do that would be if you are also running Declude Virus, you
could use the AVAFTERJM ON option to force Declude Virus to run after
Declude JunkMail, which also forces
On 17 Jun 2004 at 17:47, R. Scott Perry wrote:
Perfect. Thanks!
-Nick
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
The only way to do that would be if you are also running Declude
Virus, you could use the AVAFTERJM ON
OK, I have an idea. Scott, can we disable HOLD1, and if so would that
affect HOLD2 operation?
99.5% of messages held by HOLD1 end up passing.
Yes -- if you set the HOLD1 threshold to be greater than the HOLD2
threshold, then only HOLD2 will apply.
PROTECTED] On Behalf Of George Kulman
Sent: Saturday, December 06, 2003 1:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Hijack Question
John,
This is probably more than you wanted but I didn't want to post Scott's
explanation out of context.
I had a HiJack / Junkmail situation
John,
This is probably more than you wanted but I didn't want to post Scott's
explanation out of context.
I had a HiJack / Junkmail situation in August. This related to mail where I
am the secondary MX. HiJack was doing a very effective job of trapping
volume SPAM but I noticed that SPAM was
If an IP is caught and held by HOLD2, but a sender who is listed by
ALLOWADDR sends a e-mail from the IP, will that message be held or passed?
ALLOWADDR and ALLOWIP override all other settings, so their mail should be
allowed through.
Example, IP 10.10.10.1 is held. Joe using [EMAIL PROTECTED]
One of our client's got locked out by HiJack (hold2), but it appears to be
because of inbound mail, not outgoing mail.
Declude Hijack only checks outgoing E-mail, not incoming E-mail. Any
incoming E-mail is automatically exempt.
This client has an email account at another provider which
The mail in question wasn't being forwarded from our mail server. It was
being forwarded FROM another mail server TO an account on our mail server.
That shouldn't still be considered outgoing should it?
That definitely should not.
What do the Declude Hijack log files say? Do they show it
The HiJack log shows it as outgoing. Below is the log entry of the first
one that was held. I'll send the Q* and D* files for this email directly
to you...
09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: Sent
over 80 E-mails within 30 minutes; quarantining to hold2.
It was originally sent to [EMAIL PROTECTED] which is not a domain on our
Imail server. This domain is on a Verio server. But this guy has Mail
Forwarded set up for this account to forward to [EMAIL PROTECTED], which
is a domain on our Imail server. So it was forwarded from the Verio
: HOLDING
-Original Message-
From: R. Scott Perry
Sent: Tue, 24 Sep 2002 11:29:32 -0400
Subject: Re: [Declude.JunkMail] hijack question
It was originally sent to [EMAIL PROTECTED] which is not a domain on our
Imail server. This domain is on a Verio server. But this guy has Mail
09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is not local [0] 0.
Where does whittier.net appear in the IMail settings? Does it appear as
an official domain name, or a domain alias? Or does it appear somewhere else?
That message should only occur if IMail does not recognize
running Imail 7.10 with Declude 1.60,
and now we're running Imail 7.13 with Declude 1.61. Could it have been a problem with
the older version of either of those?
Bill
-Original Message-
From: Bill B .
Sent: Tue, 24 Sep 2002 12:18:04 EDT
Subject: Re: [Declude.JunkMail] hijack question
here
It is the official hostname for a virtual domain. It is not a domain alias.
-Original Message-
From: R. Scott Perry
Sent: Tue, 24 Sep 2002 12:53:26 -0400
Subject: Re: [Declude.JunkMail] hijack question
09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is not local [0] 0
Whats even weirder is he's got his other account still forwarding to an
account on our server, but Declude HiJack is now logging these forwarded
messages as Incoming...
09/24/2002 09:31:27 Q692f009d009eea55 Incoming from 128.242.197.219: OK.
...the only difference is on the 20th we were
Sorry if this is a bit off-topic, but I was wondering if you can use the
ALLOWIP line in the Hijack.cfg file to allow unlimited SMTP traffic for an
entire class C subnet. Occasionally machines in our office send out a lot
of internal messages, enough to go over Hijacks second threshold so
But wouldn't that defeat the purpose of protecting against some one in
the office sending out bulk junk e-mail, which is the primary purpose of
Hijack?
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original Message-
From:
-- Original Message --
From: John Tolmachoff [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 29 Jul 2002 16:36:11 -0700
But wouldn't that defeat the purpose of protecting against some one in
the office sending out bulk junk e-mail, which is the
The new beta file from IMAIL will do that on your IMAIL server...thus
not using the firewall I can see all mail numbers by IP or domain. Not
as sophisticated as Declude but works until Declude comes along with
something better(which I have no doubt will happen!)
Jim Rooth
-Original
Declude Hijack tracks the number of outgoing e-mail by IP address.
But what about an office, such as ours, that uses a firewall with a DMZ,
where the Imail is in the DMZ and the internal network uses NAT.
For that, you can add a line ALLOWIP 127.0.0.1 (replacing the 127.0.0.1
with the IP of
Since I am sure it is the same for JunkMail, how do you whitelist a
subnet?
For Declude JunkMail, you would use something like this:
WHITELIST IP 192.168.0.
Declude Hijack doesn't have a method for whitelisting a subnet.
-Scott
---
[This E-mail
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Tuesday, March 12, 2002 10:21 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Hijack question
Since I am sure it is the same for JunkMail, how do you whitelist a
subnet?
For Declude JunkMail, you
So, if I have to whitelist a subnet of 240, I would have to put each of
the 16 addresses on a separate line?
That is correct.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing
46 matches
Mail list logo