Mediratta, Bharat
bharat@fusionone.com
Mon Sep 3 09:15:09 UTC 2001
> From: Vernon Schryver [mailto:vjs@calcite.rhyolite.com] > > However, you'd be better served with your own DCC server exchanging > "floods" of checksums with other DCC server servers. Besides being > more robust, faster, and using even less bandwidth, with your > own server you could look at your copy of the database of checksums > with dblist. I'm definitely heading in that direction. In fact I'll contact you privately to get an id and password. > Other people with access to the same checksums have seem to have > had better luck. However, I think 25% is nothing to sneeze at. Absolutely. And it will only get better with time. I just wanted to make sure that I wasn't pointing at the wrong database. > - bugs in the IMAP client code might be changing the messages so > that their checksums don't match. Entirely possible. I'm using Net::IMAP on top of cclient-0106191041 on FreeBSD 4.3. My code assembles the message by combining the raw rfc822.header and rfc822.text values and passes it to dccproc. > - I'm still fighting hassles with quoted-printable and making > dccproc get the same checksums as dccm. One often sees messages > converted from convereted from quoted-printable and with CRLF > converted to CR while the other doesn't. If I can help track this down, let me know. > - as part of those hassles, I've changed the fuz1 checksum in > version 1.0.28 to not ignore the last line. Until everyone starts > using that code, the effectiveness of the fuz1 checksum > will be reduced. Where can I get 1.0.28? > - the spammers who like you differ from those who like DCC users > > - your name is early in the typical spammer's somewhat alphabetical > lists > > - you are rejecting only on "many" instead of a threshold approprate > for the number of your local users. (Yes, that wouldn't apply to > checksums with counts of 1.) Right now my simplistic algorithm says that it's maybe spam if any of Message-ID, Received, Body or Fuz1 are greater than 10. Definitely spam if it's greater than 50 (or "many"). But yeah, mostly the problem is that the messages haven't been seen before. > ] Will you also support a mode of operation where the MTA has already > ] "dcc"ed the message and put it's (DCC's) header in the > message? i.e. > ] simply parse the IMAP INBOX for messages with existing DCC headers > ] with values of n>1 where n is some configurable values (rather than > ] using dccproc on the messages)? I figure that if the MTA has dcc'd the message (or spambounced it or used some other spam detection code), the mail client/server can do filtering as appropriate. My script is purely to glue DCC together with a system that has no inherent spam detection. By the way, y'all rock. It's nice to work with professionals. -Bharat -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.rhyolite.com/pipermail/dcc/attachments/20010903/3c707258/attachment.html>
More information about the DCC
mailing list
