Vernon Schryver
vjs@calcite.rhyolite.com
Tue Apr 2 00:22:03 UTC 2002
> From: "Tony L. Svanstrom" <lists@svanstrom.com> > ... > If I were to check rejected e-mails once a week I'd be looking at a list of a > cpl of 100 (actually, it might be down to less than a 100 per week now, don't > know if the SPAMmers are taking a break or if a cpl of days of EXITCODE=67 got > me removed from some very active network of SPAMmers). > ... There are ISP's using dccm with enough incoming spam to regularly generate a couple of hundred log files in a minute, not to mention 3 or 4 days. Recent versions of dccproc and dccm have the strange, optional values "[HMH]?name' for -l in an attempt to keep log file directories from blowing up larger than Linux will tolerate. I suspect ISPs are handling white list entries with a single, system wide list. I think they initially populate their white lists by running dccm the rejections turned off and the logging threshold at or below the future rejection threshold. During this initial period, they watch for legitimate bulk mail in the logs and white-list its senders This mode clearly makes sense on a corporate gateway where users receive only company mail and "company mail" is defined by the operators of the gateway. I'm surprised this mode works for ISPs selling to the general public. I would have expected a scheme like Dave Lugu's to be required. That a single, system-wide white list works for ISPs with plenty of users may show how unhappy the general public is about spam. Vernon Schryver vjs@rhyolite.com
More information about the DCC
mailing list
