[Declude.JunkMail] Hijack question

2005-10-12 Thread Dave Doherty
Hi all, Running Declude version 1.82 with Hijack... One of my customers go caught by Hijack a couple of days ago as a result of some activity with mailing list software he was trying out. Needless to say, he now has a thorough understanding of our UCE policy. But ever since, everything he se

[Declude.JunkMail] Hijack Question

2006-04-05 Thread Dean Lawrence
Hi All,   I've run Junkmail and EVA Pro products for the past couple of years, but not Hijack. I'm a little confused with the docs though and just want to make sure that I am reading them correctly. With Hijack, there is no per domain and per user configuration, correct? The only way to opt-out som

[Declude.JunkMail] Hijack Question

2004-09-13 Thread Keith Johnson
We currently have 6 versions of Declude (3 Servers with Junkmail and Virus), can I run a Hijack demo on each of the servers? If so, what is the term of the demo? Thanks for the aid. Keith N¬f¢—¬±Æç_¢»â®ë±¼ƒyÉnuåb®ë!¶Úÿ 0uç%¹×¢dáŠÁ&j)\jgŸ®‰­…àÞr[x›§Æ–f¢–)à–+-N‹§²æìr¸›z;¬¶Çu©Ä¨¥¶ˆ¦j)l®

[Declude.JunkMail] Hijack Question

2004-10-25 Thread Keith Johnson
Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing email to passthru? For example, one of our customers AUTH to our server via their account, it will then not be scanned by Junkmail nor Hijack? Thanks for the time. --- Keith Johnson Senior Network Engineer N

[Declude.JunkMail] Hijack question

2003-12-01 Thread John Tolmachoff \(Lists\)
If an IP is caught and held by HOLD2, but a sender who is listed by ALLOWADDR sends a e-mail from the IP, will that message be held or passed? Example, IP 10.10.10.1 is held. Joe using [EMAIL PROTECTED] sends a message to someone on the Internet and he is at/behind IP address 10.10.10.1. In the Hi

[Declude.JunkMail] Hijack Question

2003-12-06 Thread John Tolmachoff \(Lists\)
When Hijack releases a message from HOLD1, does it go right back to spool, or does it then get scanned for Virus and JunkMail? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came fro

[Declude.JunkMail] hijack question

2002-09-23 Thread Bill B .
One of our client's got locked out by HiJack (hold2), but it appears to be because of inbound mail, not outgoing mail. This client has an email account at another provider which forwards to an account on our server. He had a few hundred emails from an automated program sent to his other accou

[Declude.JunkMail] Hijack question

2002-03-12 Thread John Tolmachoff
Since I am sure it is the same for JunkMail, how do you whitelist a subnet? John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA  92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com     --- [This E-mail was scanned for viruses by Declude Vir

[Declude.JunkMail] Hijack question

2002-04-22 Thread John Tolmachoff
Good morning all. Declude Hijack tracks the number of outgoing e-mail by IP address. But what about an office, such as ours, that uses a firewall with a DMZ, where the Imail is in the DMZ and the internal network uses NAT. Therefore, Declude Hijack sees all the users from the internal network a

Re: [Declude.JunkMail] Hijack question

2005-10-12 Thread Nick Hayer
Dave, You need to stop/start deccon.exe That wil reset the counter so to speak. Question to Declude support - How does this work with Declude 3x? Thanks! -Nick Dave Doherty wrote: Hi all, Running Declude version 1.82 with Hijack... One of my customers go caught by Hijack a couple of d

Re: [Declude.JunkMail] Hijack question

2005-10-12 Thread Dave Doherty
That was it! The one thing I didn't try. (Of course!) -d - Original Message - From: "Nick Hayer" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 12, 2005 12:52 PM Subject: Re: [Declude.JunkMail] Hijack question Dave, You need to stop/start deccon.ex

RE: [Declude.JunkMail] Hijack question

2005-10-12 Thread David Barker
Stop/restart the decludeproc service David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, October 12, 2005 12:53 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Hijack question Dave

Re: [Declude.JunkMail] Hijack question

2005-10-12 Thread Nick Hayer
: [Declude.JunkMail] Hijack question Dave, You need to stop/start deccon.exe That wil reset the counter so to speak. Question to Declude support - How does this work with Declude 3x? Thanks! -Nick Dave Doherty wrote: Hi all, Running Declude version 1.82 with Hijack... One of my

RE: [Declude.JunkMail] Hijack question

2005-10-12 Thread John T \(Lists\)
A clarification on how to "reset" Hijack: For Declude versions 2.x and below, you need to end the Deccon.exe process. It is also best to do this with Imail SMTP and Queue Manager service stopped and no Declude.exe processes running to ensure that no process will try to call Deccon.exe during the t

Re: [Declude.JunkMail] Hijack question

2005-10-13 Thread Nick Hayer
Thanks John! -Nick John T (Lists) wrote: A clarification on how to "reset" Hijack: For Declude versions 2.x and below, you need to end the Deccon.exe process. It is also best to do this with Imail SMTP and Queue Manager service stopped and no Declude.exe processes running to ensure that no pr

Re: [Declude.JunkMail] Hijack question

2005-10-13 Thread Dave Doherty
Thanks. -d - Original Message - From: "John T (Lists)" <[EMAIL PROTECTED]> To: Sent: Thursday, October 13, 2005 1:41 AM Subject: RE: [Declude.JunkMail] Hijack question A clarification on how to "reset" Hijack: For Declude versions 2.x and below, you

Re: [Declude.JunkMail] Hijack Question

2006-04-05 Thread Nick Hayer
Hi Dean - Dean Lawrence wrote: First, what thresholds are most of you using, that causes minimal screaming phone calls from client? 8-) RELAYTHRESHOLD11020 RELAYTHRESHOLD23040 Secondly, how are you handling non-fixed IP users that may send large (over the thresholds), bu

Re: [Declude.JunkMail] Hijack Question

2006-04-05 Thread Dean Lawrence
Hi Nick,   Thanks for your input. I didn't see anything related to ALLOWADDR in the manual, are there other commands available?   Thanks,   Dean  On 4/5/06, Nick Hayer <[EMAIL PROTECTED]> wrote: Hi Dean -Dean Lawrence wrote:>> First, what thresholds are most of you using, that causes minimal > scre

RE: [Declude.JunkMail] Hijack Question

2006-04-05 Thread Panda Consulting S.A. Luis Alberto Arango
.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean LawrenceSent: Miércoles, 05 de Abril de 2006 12:57 p.m.To: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Hijack Question Hi Nick,   Thanks for your input. I didn't see anything relat

RE: [Declude.JunkMail] Hijack Question

2006-04-05 Thread Panda Consulting S.A. Luis Alberto Arango
kMail@declude.com Subject: RE: [Declude.JunkMail] Hijack Question Unfortunately it is not in the manual. Too bad.. but it is in the release notes http://www.declude.com/Articles.asp?ID=122 1.69 [Beta, 16 Apr 2003]

Re: [Declude.JunkMail] Hijack Question

2006-04-05 Thread Dean Lawrence
___    From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Panda Consulting S.A. Luis Alberto Arango   Sent: Miércoles, 05 de Abril de 2006 04:48 p.m.   To: Declude.JunkMail@declude.com   Subject: RE: [Declude.JunkMail] Hijack Question    Unfortunately it is not in

Re: [Declude.JunkMail] Hijack question

2004-06-17 Thread Nick Hayer
Scott - Is it possible to get Hijack to run after DJMP? This would help me to better manage my backup mailserver - Thanks -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsu

Re: [Declude.JunkMail] Hijack question

2004-06-17 Thread R. Scott Perry
Is it possible to get Hijack to run after DJMP? This would help me to better manage my backup mailserver - The only way to do that would be if you are also running Declude Virus, you could use the "AVAFTERJM ON" option to force Declude Virus to run after Declude JunkMail, which also forces Decl

Re: [Declude.JunkMail] Hijack question

2004-06-17 Thread Nick Hayer
On 17 Jun 2004 at 17:47, R. Scott Perry wrote: Perfect. Thanks! -Nick > > >Is it possible to get Hijack to run after DJMP? This would help me > >to better manage my backup mailserver - > > The only way to do that would be if you are also running Declude > Virus, you could use the "AVAFTERJM

Re: [Declude.JunkMail] Hijack question

2004-06-20 Thread Bonno Bloksma
Hi, > > >Is it possible to get Hijack to run after DJMP? This would help me > >to better manage my backup mailserver - > > The only way to do that would be if you are also running Declude Virus, you > could use the "AVAFTERJM ON" option to force Declude Virus to run after > Declude JunkMail, whi

Re: [Declude.JunkMail] Hijack question

2004-06-21 Thread R. Scott Perry
> >Is it possible to get Hijack to run after DJMP? This would help me > >to better manage my backup mailserver - > > The only way to do that would be if you are also running Declude Virus, you > could use the "AVAFTERJM ON" option to force Declude Virus to run after > Declude JunkMail, which also

Re: [Declude.JunkMail] Hijack question

2004-06-21 Thread Bonno Bloksma
Hi, > > > >Is it possible to get Hijack to run after DJMP? This would help me > > > >to better manage my backup mailserver - > > > > > > The only way to do that would be if you are also running Declude Virus, you > > > could use the "AVAFTERJM ON" option to force Declude Virus to run after > > >

Re: [Declude.JunkMail] Hijack question

2004-06-21 Thread R. Scott Perry
Eventhough the poster was talking about HiJack, I forgot to mention I was asking about JunkMail. When using this option will a message held by Junkmail and returned to the queue ever be scannen for virusses? I remember reading JM would move it to the hold before VIR could scan it for virusses. Whe

Re: [Declude.JunkMail] Hijack Question

2004-09-14 Thread R. Scott Perry
We currently have 6 versions of Declude (3 Servers with Junkmail and Virus), can I run a Hijack demo on each of the servers? If so, what is the term of the demo? Thanks for the aid. Unfortunately, we do not have a demo version of Declude Hijack.

RE: [Declude.JunkMail] Hijack Question

2004-10-25 Thread Keith Johnson
: [Declude.JunkMail] Hijack Question Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing email to passthru? For example, one of our customers AUTH to our server via their account, it will then not be scanned by Junkmail nor Hijack? Thanks for the time. --- Keith Johnson

Re: [Declude.JunkMail] Hijack Question

2004-10-25 Thread R. Scott Perry
Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing email to passthru? No. The Declude products do not share configuration files. For example, one of our customers AUTH to our server via their account, it will then not be scanned by Junkmail nor Hijack? It will not be scanned by D

RE: [Declude.JunkMail] Hijack Question

2004-10-25 Thread R. Scott Perry
I see where Hijack requires Deccon.exe. We run Win2000 SP4 and terminal service into the server for remote admin. Does deccon.exe only run on the console session? Yes, it does -- otherwise, it would not be able to keep track of data properly (since the user sessions normally only last a

Re: [Declude.JunkMail] Hijack Question

2004-10-25 Thread Glenn \\ WCNet
e.exe instances to disappear, then Stop and Restart SMTP. - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 25, 2004 2:24 PM Subject: RE: [Declude.JunkMail] Hijack Question > > > I see where

RE: [Declude.JunkMail] Hijack Question

2004-10-25 Thread Keith Johnson
Scott, (I apologize for the questions, just learning product, since no trial) With the below said, there is really no reason to login and close the deccon.exe via the Desktop unless there is an issue with it or something needs to be hard reset? Some of our customers have had DHA's latel

Re: [Declude.JunkMail] Hijack question

2003-12-01 Thread R. Scott Perry
If an IP is caught and held by HOLD2, but a sender who is listed by ALLOWADDR sends a e-mail from the IP, will that message be held or passed? ALLOWADDR and ALLOWIP override all other settings, so their mail should be allowed through. Example, IP 10.10.10.1 is held. Joe using [EMAIL PROTECTED] s

RE: [Declude.JunkMail] Hijack Question

2003-12-06 Thread George Kulman
ng a lot of spam. George > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John > Tolmachoff (Lists) > Sent: Saturday, December 06, 2003 2:02 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Hijack Question > > >

RE: [Declude.JunkMail] Hijack Question

2003-12-07 Thread John Tolmachoff \(Lists\)
nkMail- > [EMAIL PROTECTED] On Behalf Of George Kulman > Sent: Saturday, December 06, 2003 1:36 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Hijack Question > > John, > > This is probably more than you wanted but I didn't want to post Scott's

RE: [Declude.JunkMail] Hijack Question

2003-12-08 Thread R. Scott Perry
OK, I have an idea. Scott, can we "disable" HOLD1, and if so would that affect HOLD2 operation? 99.5% of messages held by HOLD1 end up passing. Yes -- if you set the HOLD1 threshold to be greater than the HOLD2 threshold, then only HOLD2 will apply.

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread R. Scott Perry
>One of our client's got locked out by HiJack (hold2), but it appears to be >because of inbound mail, not outgoing mail. Declude Hijack only checks outgoing E-mail, not incoming E-mail. Any incoming E-mail is automatically exempt. >This client has an email account at another provider which f

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread Bill B .
nt: Tue, 24 Sep 2002 08:47:32 -0400 Subject: Re: [Declude.JunkMail] hijack question >One of our client's got locked out by HiJack (hold2), but it appears to be >because of inbound mail, not outgoing mail. Declude Hijack only checks outgoing E-mail, not incoming E-mail. Any incoming

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread R. Scott Perry
>The mail in question wasn't being forwarded from our mail server. It was >being forwarded FROM another mail server TO an account on our mail server. > >That shouldn't still be considered outgoing should it? That definitely should not. What do the Declude Hijack log files say? Do they show i

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread Bill B .
2. 09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: SPAM: HOLDING -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 09:09:25 -0400 Subject: Re: [Declude.JunkMail] hijack question >The mail in question wasn't being forwarded from o

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread R. Scott Perry
>The HiJack log shows it as outgoing. Below is the log entry of the first >one that was held. I'll send the Q* and D* files for this email directly >to you... > >09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: Sent >over 80 E-mails within 30 minutes; quarantining to hold

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread Bill B .
arded from the Verio server to our server, and then that is the first time our server saw it and when Declude HiJack saw it as Outgoing instead of Incoming. -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 09:30:45 -0400 Subject: Re: [Declude.JunkMail] hijack questi

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread R. Scott Perry
>It was originally sent to "[EMAIL PROTECTED]" which is not a domain on our >Imail server. This domain is on a Verio server. But this guy has Mail >Forwarded set up for this account to forward to "[EMAIL PROTECTED]", which >is a domain on our Imail server. So it was forwarded from the Verio

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread Bill B .
: HOLDING -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 11:29:32 -0400 Subject: Re: [Declude.JunkMail] hijack question >It was originally sent to "[EMAIL PROTECTED]" which is not a domain on our >Imail server. This domain is on a Verio

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread R. Scott Perry
>09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is not local [0] 0. Where does "whittier.net" appear in the IMail settings? Does it appear as an official domain name, or a domain alias? Or does it appear somewhere else? That message should only occur if IMail does not recognize whit

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread Bill B .
were running Imail 7.10 with Declude 1.60, and now we're running Imail 7.13 with Declude 1.61. Could it have been a problem with the older version of either of those? Bill -Original Message- From: Bill B . Sent: Tue, 24 Sep 2002 12:18:04 EDT Subject: Re: [Declude.JunkMail] hijack quest

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread Bill B .
It is the official hostname for a virtual domain. It is not a domain alias. -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 12:53:26 -0400 Subject: Re: [Declude.JunkMail] hijack question >09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is no

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread R. Scott Perry
>Whats even weirder is he's got his other account still forwarding to an >account on our server, but Declude HiJack is now logging these forwarded >messages as Incoming... > >09/24/2002 09:31:27 Q692f009d009eea55 Incoming from 128.242.197.219: OK. > >...the only difference is on the 20th we wer

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread Bill B .
do we also have to flush the cache? -Original Message- From: "R. Scott Perry" Sent: Tue, 24 Sep 2002 13:07:51 -0400 Subject: Re: [Declude.JunkMail] hijack question >Whats even weirder is he's got his other account still forwarding to an >account on our server, bu

Re: [Declude.JunkMail] hijack question

2002-09-24 Thread R. Scott Perry
>It was added on 9/4 and the problems occured on 9/20, so that may be >it. Is there a way to manually flush the cache? We add domains every day. > >And once an IP is blocked by HiJack, if we want to unblock it, do we >simply removed the coresonding mail from the "hold2" folder?...or do we >a

Re: [Declude.JunkMail] Hijack question

2002-03-12 Thread R. Scott Perry
>Since I am sure it is the same for JunkMail, how do you whitelist a >subnet? For Declude JunkMail, you would use something like this: WHITELIST IP 192.168.0. Declude Hijack doesn't have a method for whitelisting a subnet. -Scott --- [This E-mail w

RE: [Declude.JunkMail] Hijack question

2002-03-12 Thread John Tolmachoff
- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, March 12, 2002 10:21 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Hijack question >Since I am sure it is the same for JunkMail, how do you whitelist a >subnet? For Declude JunkMai

RE: [Declude.JunkMail] Hijack question

2002-03-12 Thread R. Scott Perry
>So, if I have to whitelist a subnet of 240, I would have to put each of >the 16 addresses on a separate line? That is correct. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing

RE: [Declude.JunkMail] Hijack question

2002-04-22 Thread Jim Rooth
Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Monday, April 22, 2002 9:50 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hijack question Good morning all. Declude Hijack tracks the number of outgoing e-mail by IP address. But what about an

Re: [Declude.JunkMail] Hijack question

2002-04-22 Thread R. Scott Perry
>Declude Hijack tracks the number of outgoing e-mail by IP address. > >But what about an office, such as ours, that uses a firewall with a DMZ, >where the Imail is in the DMZ and the internal network uses NAT. For that, you can add a line "ALLOWIP 127.0.0.1" (replacing the 127.0.0.1 with the IP

[Declude.JunkMail] Hijack Question (somewhat OT)

2002-07-29 Thread STIC.NET
Sorry if this is a bit off-topic, but I was wondering if you can use the ALLOWIP line in the Hijack.cfg file to allow unlimited SMTP traffic for an entire class C subnet. Occasionally machines in our office send out a lot of internal messages, enough to go over Hijacks second threshold so I'm

Re: [Declude.JunkMail] Hijack Question (somewhat OT)

2002-07-29 Thread R. Scott Perry
>Sorry if this is a bit off-topic, but I was wondering if you can use the >ALLOWIP line in the Hijack.cfg file to allow unlimited SMTP traffic for an >entire class C subnet. Occasionally machines in our office send out a lot >of internal messages, enough to go over Hijacks second threshold so

RE: [Declude.JunkMail] Hijack Question (somewhat OT)

2002-07-29 Thread John Tolmachoff
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of STIC.NET Sent: Monday, July 29, 2002 4:23 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hijack Question (somewhat OT) Sorry if this is a bit off-topic, but I was wondering if you can use the ALLOWIP line in the Hijack.cfg file to

RE: [Declude.JunkMail] Hijack Question (somewhat OT)

2002-07-29 Thread Stic.Net
-- Original Message -- From: "John Tolmachoff" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Mon, 29 Jul 2002 16:36:11 -0700 >But wouldn't that defeat the purpose of protecting against some one in >the office sending out bulk junk e-mail, which is

RE: [Declude.JunkMail] Hijack Question (somewhat OT)

2002-07-29 Thread John Tolmachoff
>Point taken. But working for an small Internet provider, all of the employees here >are well aware of the severe beatings they will receive (from customer and co->worker alike) if they try anything cute like that. But if each person has there own public IP address, I can not see how that person

RE: [Declude.JunkMail] Hijack Question (somewhat OT)

2002-07-29 Thread Stic.Net
>But if each person has there own public IP address, I can not see how >that person would send say 80 or 100 legitimate e-mails internally >within say 1 hour. >If there are one or two or a few, it is better to just whitelist those >specific IP addresses. These are valid points too. However, th

RE: [Declude.JunkMail] Hijack Question (somewhat OT)

2002-07-29 Thread John Tolmachoff
PROTECTED]] On Behalf Of Stic.Net Sent: Monday, July 29, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Hijack Question (somewhat OT) >But if each person has there own public IP address, I can not see how >that person would send say 80 or 100 legitimate e-mails internally &

DORKZTL:RE: [Declude.JunkMail] Hijack Question (somewhat OT)

2002-07-29 Thread Jim Rooth
y, July 29, 2002 7:21 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Hijack Question (somewhat OT) >But if each person has there own public IP address, I can not see how >that person would send say 80 or 100 legitimate e-mails internally >within say 1 hour. >If there are one