Hi everyone. Even though this is the SmarterMail forum, I have had 4 or 5 inquires from people in this forum in reference to Declude Hijack over the past 2 days. Since Declude is a product that is often used with SmarterMail, I wanted to contribute a write up for the forum to explain what it is and how it can help to keep your mail servers from landing on blacklists due to compromised email accounts.
First and foremost... The entire Declude suite of products (Hijack, Antispam and AntiVirus/AntiVulnerability) is 100% FREE. Back in the day when the Declude company was still in business, the suite cost nearly $2000/yr. Now that our company, Mail's Best Friend, owns the Declude software, we give it away for free on our website and only charge for support if people need it, which a lot of folks do not. Let me be clear here... I'm NOT posting this with the hopes of selling anything. I'm just trying to help stop mass spam from making its way through the net. I believe that benefits all of us and our customers.
Declude Hijack allows your users to send out email easily while preventing spammers from relaying much mail through your mail server.
The concept is simple: it works by only letting users send out a specific amount of mail from an authenticated address or an IP in a given time period.
You will set 2 thresholds (which consist of a time period, and the amount of Email allowed within that time period). For example, the first threshold may be 20 Emails with 10 minutes, and the second threshold 100 Emails within 30 minutes.
Normally, all of a users' email will go out when they send it. However, if they reaches the first threshold (20 Emails within 10 minutes in this example), all subsequent Email is quarantined by Declude Hijack. If the second threshold is not reached (in this case, 30 minutes goes by without 100 Emails being sent), then the mail will be sent. However, if they reach the second threshold, the mail will be moved to a permanent holding directory and will not be sent out unless you release it manually.
Below are a few KB articles that we put together to answer the most frequently asked questions about Declude Hijack:
How do I release mail that Hijack has permanently held: http://know.mailsbestfriend.com/hijack_has_permanently_held_email-1043235164.shtml
How will I know if Hijack permanently holds email: http://know.mailsbestfriend.com/hijack_held_email_notification-1743303226.shtml
I have a few users who are allowed to send mass email. How do I bypass their sending IP or sending address in Hijack:
How to prevent/handle compromised email accounts: http://know.mailsbestfriend.com/papers/Handling-Compromised-Accounts.shtml
Other questions that users have asked:
Q: Declude Hijack has the option to count outbound emails by IPs or by authenticated addresses. Which is more effective?
A: Years ago Declude only had the option to count outbound emails by IP. As we all know, as the years went on, spammers started getting smarter and now use multiple IPs in the same session to send mail from a compromised account. Since this is the case, we suggest that you set Hijack to count based on authenticated address. By default, Declude Hijack comes pre-configured to count by authenticated address.
Q: Declude Hijack is catching good outbound mail. Why?
A: Declude Hijack does not check to see whether a message is good or spam. It simply counts the number of emails trying to leave your server from an authenticated address. If that number reaches the Hijack thresholds, it will be held either temporarily or permanently.
I hope this write-up helps anyone out there who is having an issue with compromised accounts. You can download the entire Declude suite, FREE OF CHARGE at the following link: http://mailsbestfriend.com/downloads. Our user manuals are also at the bottom of the downloads page. If you have any questions, please feel free to ask. I'm hoping that SmarterTools will consider making this a sticky post. Thanks.
Mail's Best Friend
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller