Vernon Schryver
vjs@calcite.rhyolite.com
Mon, 14 Oct 2002 10:16:00 -0600 (MDT)
> From: Gary Mills <mills@cc.UManitoba.CA> > > > I'm setting up a procedure so that users can nominate bulk mail for > > > inclusion in a central whitelist. They will provide the name of a > > > DCC log file. A script will then extract the appropriate information > > > from the collected log files to build a file in whitelist format. > > > > What is the appropriate information and how do you determine it > > automatically? > > I was thinking of the envelope and header `from' values. Unless that "nominating" involves a person checking the submissions, I'd do something a little different. I'd use something like the CGI scripts in the DCC source to let users modify a whitelist file (or several files), and then use scripts to collect the whitelist for dccd or dccm. If people act as gatekeepers, I'd still probably have them use something like the CGI scripts, since they could point-and-click to select among all of the possible white-listing stigmata in those DCC log files. > > Adding white list entries for all checksums of a sample > > message might too quickly exhaust the 80,000 limit on the size of the > > client white list hash tables. > > Should I be adding them to the server whitelist, then? Only if you will have more than a few 10,000 entries, including IP addreses. The biggest problem with using the server whitelists is that you must ensure that all of your servers have the same whitelist. That's easy if you control all of your servers, but also implies you cannot use the servers of other organizations for backup. > ... > Actually, each dccm filter is talking only to the local dcc server, > but the two servers peer with eachother. I could change that. I can't think why that could be other than a very good idea. > ... > Checking just now, on one mail server, both `dccd' and `dccm' are > working correctly. `dccm' is using 460 of 472 file descriptors. It > has 88 threads. That seems a little high given the modest loads that `cdcc stats` here says are seen by your two servers. I hope you've configured client-IDs so that your dccm processes do not have to wait the default `dccd -u` delay imposed on anonymous clients. In other words, I hope that when run on your servers, `cdcc info` talks about a "queue wait" of less than 10 milliseconds instead of more than 50. (Dccd systems with higher loads can have queue waits above 50 ms even for local clients, particularly if they don't have a lot of RAM.) Vernon Schryver vjs@rhyolite.com