Hi all,
Running Declude version 1.82 with Hijack...
One of my customers go caught by Hijack a couple of days ago as a result of
some activity with mailing list software he was trying out. Needless to say,
he now has a thorough understanding of our UCE policy. But ever since,
everything he se
Hi All,
I've run Junkmail and EVA Pro products for the past couple of years, but not Hijack. I'm a little confused with the docs though and just want to make sure that I am reading them correctly. With Hijack, there is no per domain and per user configuration, correct? The only way to opt-out som
We currently have 6 versions of Declude (3 Servers with Junkmail and Virus), can I run
a Hijack demo on each of the servers? If so, what is the term of the demo? Thanks
for the aid.
Keith
N¬f¢—¬±Æç_¢»â®ë±¼ƒyÉnuåb®ë!¶Úÿ
0uç%¹×¢dáŠÁ&j)\jgŸ®‰…àÞr[x›§Æ–f¢–)à–+-N‹§²æìr¸›z;¬¶Çu©Ä¨¥¶ˆ¦j)l®
Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing
email to passthru? For example, one of our customers AUTH to our server
via their account, it will then not be scanned by Junkmail nor Hijack?
Thanks for the time.
---
Keith Johnson
Senior Network Engineer
N
If an IP is caught and held by HOLD2, but a sender who is listed by
ALLOWADDR sends a e-mail from the IP, will that message be held or passed?
Example, IP 10.10.10.1 is held. Joe using [EMAIL PROTECTED] sends a message to
someone on the Internet and he is at/behind IP address 10.10.10.1. In the
Hi
When Hijack releases a message from HOLD1, does it go right back to spool,
or does it then get scanned for Virus and JunkMail?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came fro
One of our client's got locked out by HiJack (hold2), but it appears to be because of
inbound mail, not outgoing mail. This client has an email account at another provider
which forwards to an account on our server. He had a few hundred emails from an
automated program sent to his other accou
Since I am sure it is the same for JunkMail, how do you whitelist a
subnet?
John Tolmachoff
IT Manager, Network Engineer
211 E. Imperial Hwy., Suite 106
Fullerton, CA 92835
714-578-7999, ext. 104
[EMAIL PROTECTED]
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Vir
Good morning all.
Declude Hijack tracks the number of outgoing e-mail by IP address.
But what about an office, such as ours, that uses a firewall with a DMZ,
where the Imail is in the DMZ and the internal network uses NAT.
Therefore, Declude Hijack sees all the users from the internal network
a
Dave,
You need to stop/start deccon.exe That wil reset the counter so to speak.
Question to Declude support -
How does this work with Declude 3x?
Thanks!
-Nick
Dave Doherty wrote:
Hi all,
Running Declude version 1.82 with Hijack...
One of my customers go caught by Hijack a couple of d
That was it! The one thing I didn't try. (Of course!)
-d
- Original Message -
From: "Nick Hayer" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 12, 2005 12:52 PM
Subject: Re: [Declude.JunkMail] Hijack question
Dave,
You need to stop/start deccon.ex
Stop/restart the decludeproc service
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer
Sent: Wednesday, October 12, 2005 12:53 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Hijack question
Dave
: [Declude.JunkMail] Hijack question
Dave,
You need to stop/start deccon.exe That wil reset the counter so to speak.
Question to Declude support -
How does this work with Declude 3x?
Thanks!
-Nick
Dave Doherty wrote:
Hi all,
Running Declude version 1.82 with Hijack...
One of my
A clarification on how to "reset" Hijack:
For Declude versions 2.x and below, you need to end the Deccon.exe process.
It is also best to do this with Imail SMTP and Queue Manager service stopped
and no Declude.exe processes running to ensure that no process will try to
call Deccon.exe during the t
Thanks John!
-Nick
John T (Lists) wrote:
A clarification on how to "reset" Hijack:
For Declude versions 2.x and below, you need to end the Deccon.exe process.
It is also best to do this with Imail SMTP and Queue Manager service stopped
and no Declude.exe processes running to ensure that no pr
Thanks.
-d
- Original Message -
From: "John T (Lists)" <[EMAIL PROTECTED]>
To:
Sent: Thursday, October 13, 2005 1:41 AM
Subject: RE: [Declude.JunkMail] Hijack question
A clarification on how to "reset" Hijack:
For Declude versions 2.x and below, you
Hi Dean -
Dean Lawrence wrote:
First, what thresholds are most of you using, that causes minimal
screaming phone calls from client? 8-)
RELAYTHRESHOLD11020
RELAYTHRESHOLD23040
Secondly, how are you handling non-fixed IP users that may send large
(over the thresholds), bu
Hi Nick,
Thanks for your input. I didn't see anything related to ALLOWADDR in the manual, are there other commands available?
Thanks,
Dean
On 4/5/06, Nick Hayer <[EMAIL PROTECTED]> wrote:
Hi Dean -Dean Lawrence wrote:>> First, what thresholds are most of you using, that causes minimal
> scre
.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean
LawrenceSent: Miércoles, 05 de Abril de 2006 12:57
p.m.To: Declude.JunkMail@declude.comSubject: Re:
[Declude.JunkMail] Hijack Question
Hi Nick,
Thanks for your input. I didn't see anything relat
kMail@declude.com
Subject: RE: [Declude.JunkMail] Hijack Question
Unfortunately it is not in the manual. Too bad.. but it is in the
release notes
http://www.declude.com/Articles.asp?ID=122
1.69 [Beta, 16 Apr 2003]
___
From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Panda Consulting
S.A. Luis Alberto Arango Sent: Miércoles, 05 de Abril de 2006 04:48 p.m. To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Hijack Question
Unfortunately it is not in
Scott -
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
Thanks
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsu
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
The only way to do that would be if you are also running Declude Virus, you
could use the "AVAFTERJM ON" option to force Declude Virus to run after
Declude JunkMail, which also forces Decl
On 17 Jun 2004 at 17:47, R. Scott Perry wrote:
Perfect. Thanks!
-Nick
>
> >Is it possible to get Hijack to run after DJMP? This would help me
> >to better manage my backup mailserver -
>
> The only way to do that would be if you are also running Declude
> Virus, you could use the "AVAFTERJM
Hi,
>
> >Is it possible to get Hijack to run after DJMP? This would help me
> >to better manage my backup mailserver -
>
> The only way to do that would be if you are also running Declude Virus,
you
> could use the "AVAFTERJM ON" option to force Declude Virus to run after
> Declude JunkMail, whi
> >Is it possible to get Hijack to run after DJMP? This would help me
> >to better manage my backup mailserver -
>
> The only way to do that would be if you are also running Declude Virus, you
> could use the "AVAFTERJM ON" option to force Declude Virus to run after
> Declude JunkMail, which also
Hi,
> > > >Is it possible to get Hijack to run after DJMP? This would help me
> > > >to better manage my backup mailserver -
> > >
> > > The only way to do that would be if you are also running Declude
Virus, you
> > > could use the "AVAFTERJM ON" option to force Declude Virus to run
after
> > >
Eventhough the poster was talking about HiJack, I forgot to mention I was
asking about JunkMail. When using this option will a message held by
Junkmail and returned to the queue ever be scannen for virusses? I remember
reading JM would move it to the hold before VIR could scan it for virusses.
Whe
We currently have 6 versions of Declude (3 Servers with Junkmail and
Virus), can I run a Hijack demo on each of the servers? If so, what is
the term of the demo? Thanks for the aid.
Unfortunately, we do not have a demo version of Declude Hijack.
: [Declude.JunkMail] Hijack Question
Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing
email to passthru? For example, one of our customers AUTH to our server
via their account, it will then not be scanned by Junkmail nor Hijack?
Thanks for the time.
---
Keith Johnson
Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing
email to passthru?
No. The Declude products do not share configuration files.
For example, one of our customers AUTH to our server
via their account, it will then not be scanned by Junkmail nor Hijack?
It will not be scanned by D
I see where Hijack requires Deccon.exe. We run Win2000 SP4 and
terminal service into the server for remote admin. Does deccon.exe only
run on the console session?
Yes, it does -- otherwise, it would not be able to keep track of data
properly (since the user sessions normally only last a
e.exe
instances to disappear, then Stop and Restart SMTP.
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 25, 2004 2:24 PM
Subject: RE: [Declude.JunkMail] Hijack Question
>
> > I see where
Scott,
(I apologize for the questions, just learning product, since no
trial) With the below said, there is really no reason to login and
close the deccon.exe via the Desktop unless there is an issue with it or
something needs to be hard reset? Some of our customers have had DHA's
latel
If an IP is caught and held by HOLD2, but a sender who is listed by
ALLOWADDR sends a e-mail from the IP, will that message be held or passed?
ALLOWADDR and ALLOWIP override all other settings, so their mail should be
allowed through.
Example, IP 10.10.10.1 is held. Joe using [EMAIL PROTECTED] s
ng a lot of spam.
George
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John
> Tolmachoff (Lists)
> Sent: Saturday, December 06, 2003 2:02 AM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] Hijack Question
>
>
>
nkMail-
> [EMAIL PROTECTED] On Behalf Of George Kulman
> Sent: Saturday, December 06, 2003 1:36 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Hijack Question
>
> John,
>
> This is probably more than you wanted but I didn't want to post Scott's
OK, I have an idea. Scott, can we "disable" HOLD1, and if so would that
affect HOLD2 operation?
99.5% of messages held by HOLD1 end up passing.
Yes -- if you set the HOLD1 threshold to be greater than the HOLD2
threshold, then only HOLD2 will apply.
>One of our client's got locked out by HiJack (hold2), but it appears to be
>because of inbound mail, not outgoing mail.
Declude Hijack only checks outgoing E-mail, not incoming E-mail. Any
incoming E-mail is automatically exempt.
>This client has an email account at another provider which f
nt: Tue, 24 Sep 2002 08:47:32 -0400
Subject: Re: [Declude.JunkMail] hijack question
>One of our client's got locked out by HiJack (hold2), but it appears to be
>because of inbound mail, not outgoing mail.
Declude Hijack only checks outgoing E-mail, not incoming E-mail. Any
incoming
>The mail in question wasn't being forwarded from our mail server. It was
>being forwarded FROM another mail server TO an account on our mail server.
>
>That shouldn't still be considered outgoing should it?
That definitely should not.
What do the Declude Hijack log files say? Do they show i
2.
09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: SPAM: HOLDING
-Original Message-
From: "R. Scott Perry"
Sent: Tue, 24 Sep 2002 09:09:25 -0400
Subject: Re: [Declude.JunkMail] hijack question
>The mail in question wasn't being forwarded from o
>The HiJack log shows it as outgoing. Below is the log entry of the first
>one that was held. I'll send the Q* and D* files for this email directly
>to you...
>
>09/20/2002 12:18:34 Q4a5a438800aa39c6 Outgoing from 128.242.197.219: Sent
>over 80 E-mails within 30 minutes; quarantining to hold
arded from the Verio server to our server, and then that is the first
time our server saw it and when Declude HiJack saw it as Outgoing instead of Incoming.
-Original Message-
From: "R. Scott Perry"
Sent: Tue, 24 Sep 2002 09:30:45 -0400
Subject: Re: [Declude.JunkMail] hijack questi
>It was originally sent to "[EMAIL PROTECTED]" which is not a domain on our
>Imail server. This domain is on a Verio server. But this guy has Mail
>Forwarded set up for this account to forward to "[EMAIL PROTECTED]", which
>is a domain on our Imail server. So it was forwarded from the Verio
: HOLDING
-Original Message-
From: "R. Scott Perry"
Sent: Tue, 24 Sep 2002 11:29:32 -0400
Subject: Re: [Declude.JunkMail] hijack question
>It was originally sent to "[EMAIL PROTECTED]" which is not a domain on our
>Imail server. This domain is on a Verio
>09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is not local [0] 0.
Where does "whittier.net" appear in the IMail settings? Does it appear as
an official domain name, or a domain alias? Or does it appear somewhere else?
That message should only occur if IMail does not recognize whit
were running Imail 7.10 with Declude 1.60,
and now we're running Imail 7.13 with Declude 1.61. Could it have been a problem with
the older version of either of those?
Bill
-Original Message-
From: Bill B .
Sent: Tue, 24 Sep 2002 12:18:04 EDT
Subject: Re: [Declude.JunkMail] hijack quest
It is the official hostname for a virtual domain. It is not a domain alias.
-Original Message-
From: "R. Scott Perry"
Sent: Tue, 24 Sep 2002 12:53:26 -0400
Subject: Re: [Declude.JunkMail] hijack question
>09/20/2002 12:18:34 Q4a5a438800aa39c6 [EMAIL PROTECTED] is no
>Whats even weirder is he's got his other account still forwarding to an
>account on our server, but Declude HiJack is now logging these forwarded
>messages as Incoming...
>
>09/24/2002 09:31:27 Q692f009d009eea55 Incoming from 128.242.197.219: OK.
>
>...the only difference is on the 20th we wer
do we also have to flush the cache?
-Original Message-
From: "R. Scott Perry"
Sent: Tue, 24 Sep 2002 13:07:51 -0400
Subject: Re: [Declude.JunkMail] hijack question
>Whats even weirder is he's got his other account still forwarding to an
>account on our server, bu
>It was added on 9/4 and the problems occured on 9/20, so that may be
>it. Is there a way to manually flush the cache? We add domains every day.
>
>And once an IP is blocked by HiJack, if we want to unblock it, do we
>simply removed the coresonding mail from the "hold2" folder?...or do we
>a
>Since I am sure it is the same for JunkMail, how do you whitelist a
>subnet?
For Declude JunkMail, you would use something like this:
WHITELIST IP 192.168.0.
Declude Hijack doesn't have a method for whitelisting a subnet.
-Scott
---
[This E-mail w
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Tuesday, March 12, 2002 10:21 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Hijack question
>Since I am sure it is the same for JunkMail, how do you whitelist a
>subnet?
For Declude JunkMai
>So, if I have to whitelist a subnet of 240, I would have to put each of
>the 16 addresses on a separate line?
That is correct.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff
Sent: Monday, April 22, 2002 9:50 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Hijack question
Good morning all.
Declude Hijack tracks the number of outgoing e-mail by IP address.
But what about an
>Declude Hijack tracks the number of outgoing e-mail by IP address.
>
>But what about an office, such as ours, that uses a firewall with a DMZ,
>where the Imail is in the DMZ and the internal network uses NAT.
For that, you can add a line "ALLOWIP 127.0.0.1" (replacing the 127.0.0.1
with the IP
Sorry if this is a bit off-topic, but I was wondering if you can use the ALLOWIP line
in the Hijack.cfg file to allow unlimited SMTP traffic for an entire class C subnet.
Occasionally machines in our office send out a lot of internal messages, enough to go
over Hijacks second threshold so I'm
>Sorry if this is a bit off-topic, but I was wondering if you can use the
>ALLOWIP line in the Hijack.cfg file to allow unlimited SMTP traffic for an
>entire class C subnet. Occasionally machines in our office send out a lot
>of internal messages, enough to go over Hijacks second threshold so
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of STIC.NET
Sent: Monday, July 29, 2002 4:23 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Hijack Question (somewhat OT)
Sorry if this is a bit off-topic, but I was wondering if you can use the
ALLOWIP line in the Hijack.cfg file to
-- Original Message --
From: "John Tolmachoff" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Mon, 29 Jul 2002 16:36:11 -0700
>But wouldn't that defeat the purpose of protecting against some one in
>the office sending out bulk junk e-mail, which is
>Point taken. But working for an small Internet provider, all of the
employees here >are well aware of the severe beatings they will receive
(from customer and co->worker alike) if they try anything cute like
that.
But if each person has there own public IP address, I can not see how
that person
>But if each person has there own public IP address, I can not see how
>that person would send say 80 or 100 legitimate e-mails internally
>within say 1 hour.
>If there are one or two or a few, it is better to just whitelist those
>specific IP addresses.
These are valid points too. However, th
PROTECTED]] On Behalf Of Stic.Net
Sent: Monday, July 29, 2002 5:21 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Hijack Question (somewhat OT)
>But if each person has there own public IP address, I can not see how
>that person would send say 80 or 100 legitimate e-mails internally
&
y, July 29, 2002 7:21 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Hijack Question (somewhat OT)
>But if each person has there own public IP address, I can not see how
>that person would send say 80 or 100 legitimate e-mails internally
>within say 1 hour.
>If there are one
65 matches
Mail list logo