RE: [Declude.JunkMail] Hijack Question (somewhat OT)
I understand your point. I will ponder on it to see if I come up with anything. (Unless someone else does first. :) ) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stic.Net Sent: Monday, July 29, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Hijack Question (somewhat OT) >But if each person has there own public IP address, I can not see how >that person would send say 80 or 100 legitimate e-mails internally >within say 1 hour. >If there are one or two or a few, it is better to just whitelist those >specific IP addresses. These are valid points too. However, there are still two issues I'm a bit worried about. One, we have a network monitoring server that sends pages to us through our mailserver. When things are falling apart around here I'm pretty sure that thing sends out (or at least tries to) enough messages to get caught by Hijack. For various reasons, that box has multiple IPs bound to it, so I'm not sure whether I'd have to create an ALLOWIP line for all of its IPs, or just for one of them. Secondly, our techsupport staff occasionally gets a request from a customer to check on some sort of problem with a particular mailbox. They will then re-direct all messages that were in a mailbox to a different one, or forward them all to a remote mailserver. Often there are enough messages to set off Hijack. There are about 25-30 tech machines. So call me lazy, but I figured that using ALLOWIP for the entire class C would be the best solution. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack Question (somewhat OT)
>But if each person has there own public IP address, I can not see how >that person would send say 80 or 100 legitimate e-mails internally >within say 1 hour. >If there are one or two or a few, it is better to just whitelist those >specific IP addresses. These are valid points too. However, there are still two issues I'm a bit worried about. One, we have a network monitoring server that sends pages to us through our mailserver. When things are falling apart around here I'm pretty sure that thing sends out (or at least tries to) enough messages to get caught by Hijack. For various reasons, that box has multiple IPs bound to it, so I'm not sure whether I'd have to create an ALLOWIP line for all of its IPs, or just for one of them. Secondly, our techsupport staff occasionally gets a request from a customer to check on some sort of problem with a particular mailbox. They will then re-direct all messages that were in a mailbox to a different one, or forward them all to a remote mailserver. Often there are enough messages to set off Hijack. There are about 25-30 tech machines. So call me lazy, but I figured that using ALLOWIP for the entire class C would be the best solution. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack Question (somewhat OT)
>Point taken. But working for an small Internet provider, all of the employees here >are well aware of the severe beatings they will receive (from customer and co->worker alike) if they try anything cute like that. But if each person has there own public IP address, I can not see how that person would send say 80 or 100 legitimate e-mails internally within say 1 hour. I am assuming that each person has a separate Public IP address by the fact that you are trying to whitelist a entire 255.255.255.0/24 subnet. If there are one or two or a few, it is better to just whitelist those specific IP addresses. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack Question (somewhat OT)
-- Original Message -- From: "John Tolmachoff" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Mon, 29 Jul 2002 16:36:11 -0700 >But wouldn't that defeat the purpose of protecting against some one in >the office sending out bulk junk e-mail, which is the primary purpose of >Hijack? Point taken. But working for an small Internet provider, all of the employees here are well aware of the severe beatings they will receive (from customer and co-worker alike) if they try anything cute like that. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack Question (somewhat OT)
But wouldn't that defeat the purpose of protecting against some one in the office sending out bulk junk e-mail, which is the primary purpose of Hijack? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of STIC.NET Sent: Monday, July 29, 2002 4:23 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hijack Question (somewhat OT) Sorry if this is a bit off-topic, but I was wondering if you can use the ALLOWIP line in the Hijack.cfg file to allow unlimited SMTP traffic for an entire class C subnet. Occasionally machines in our office send out a lot of internal messages, enough to go over Hijacks second threshold so I'm trying to figure out a work-around without having to add an ALLOWIP line for every machine. For example, would ALLOWIP 2.2.2 allow anyone with a 2.2.2.xx IP address unlimited SMTP traffic? Thanks Bart Lackorn STIC.NET --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Hijack Question (somewhat OT)
>Sorry if this is a bit off-topic, but I was wondering if you can use the >ALLOWIP line in the Hijack.cfg file to allow unlimited SMTP traffic for an >entire class C subnet. Occasionally machines in our office send out a lot >of internal messages, enough to go over Hijacks second threshold so I'm >trying to figure out a work-around without having to add an ALLOWIP line >for every machine. > >For example, would ALLOWIP 2.2.2 allow anyone with a 2.2.2.xx IP address >unlimited SMTP traffic? Yes, you can do exactly that -- the "ALLOWIP 2.2.2." format is the best way to do it, and it would allow all E-mail from 2.2.2.x to send unlimited traffic. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
