Vernon Schryver
vjs@calcite.rhyolite.com
Tue, 3 Sep 2002 09:59:32 -0600 (MDT)
> From: "Roy Hooper" <rhooper@cyberus.ca> > ... > In my opinion, only the domain portions would be. The local part has too > little meaning to be of any practical use without the domain portion. How would the domain portions of the env_To be useful? Except in the less common (in messages/day as opposed to virtual domains) case of a single SMTP server answering for multiple domains, some of which want DCC filtering and some don't, why would one white-list on env_To domains? Even with virtual domains or 3rd, 4th, or 5th level sub-domains that don't agree, isn't it easier to punt to individual users? I suppose there could be mail_host1, mail_host2, mail_host3, ..., mail_hostN "substitute" checksums for the last N parts of the the env_From domain name, but would that really be useful? In real cases, isn't it always sufficent to white-list all of a legitimate bulk mail senders FQDNs? > On the subject of whitelisting, it occurs to me that whitelisting local > messages while integrated with Procmail might be easier done if there was a > way to combine whitelists into one directive. As an example I might want to > say: > > whitelist From safe_local@address.com and hostname 10.0.0.0/8 That was the idea of the OK2 white list value. Saying that it had not been used enough to notice is an understatement. > This could possibly be done by by extending whitelist syntax slightly to > have linked lists of operations through use of optional and and or keywords > just before count? Syntax is always mere sugar and cannot affect the substance of a mechanism. The DCC works on checksums. Local DCC white lists are nothing more than hash tables of checksums just like the MD5 checksums sent DCC servers. The basic problem is that It makes no sense to ask whether the MD5 checksums of two strings are "close" > ... > > Note that sendmail access_db entries can be used to white-list based > > on parts of the envelope. ... > Except for people using DCC with SpamAssassin and who are not using > sendmail... Those people could use SpamAssassin regular expressions to combine X-DCC headers with whatever else they wish. (I'm assuming that the SpamAssassin regular expressions are somehow exposed in a user interface; I've never looked closely at SpamAssassin.) It would probably be best to add the X-DCC header before SpamAssassin sees the message. Vernon Schryver vjs@rhyolite.com