Vernon Schryver
vjs@calcite.rhyolite.com
Fri, 20 Jul 2001 09:24:46 -0600 (MDT)
I forgot to mention an important but perhaps obvious answer to the original question. I think a good way to build a white list is to run for a while and see what shows up in the logs with thresholds higher than what you contemplate. If you are using dccproc, that probably requires some mechanism to capture the X-DCC headers. If you are using dccm, you can set the dccm logging threshold somewhat below your anticipated rejection threshold and set the current rejection threshold at "never." This should be done with an incoming flood of checksum reports to get the best idea of the sources of bulk mail. For example, if you have a single subscriber to the IETF's I-D announcment list and you don't receive reports from others, you might never know that the IETF is a sender of bulk mail and not know to white-list it. Once again, I'd be happy to flood reports from my DCC server. Vernon Schryver vjs@rhyolite.com