Pavel Urban
pavel.urban@ct.cz
Mon Sep 19 18:21:05 UTC 2005
Vernon Schryver wrote:
>>From: Pavel Urban <pavel.urban@ct.cz>
>
>
>>I'm receiving user complaints about empty messages marked as spam by
>>dcc. Some people in our company routinely send messages with just
>>Subject: and 'empty' body. I've tried to add a rule for the most common
>>destination, but it obviously doesn't work. Is there a way to whitelist
>>this kind of traffic? Thanks!
>
>
> Are the messages really empty or do they consist of empty MIME attachements
> as in the spam you sent? Such empty MIME attachements are difficult
> to whitelist by body checksum because they consist mostly of random
> MIME boundary strings. If they really are empty, they can be whitelisted
> with John Levine's list of empty and test body checksums. That can
> be fetched automatically into /var/dcc/testmsg-whitelist with
> /var/dcc/libexec/fetch-testmsg-whitelist run by cron.
> It should be used by including it in /var/dcc/whiteclnt:
>
> include testmsg-whitelist
>
>
>
Yes, I've tried this whitelist and it will probably help. The problem is
that some stupid MUA/Webmail/something that is used somewhere in our
company produces such empty-in-quotes messages (as the one I've
attached). I'll try to work around this somehow... maybe on Amavis level.
>>ok env_to postmaster
>> env_to postmaster@iol.cz
>> env_to abuse@iol.cz
>> env_to tech@iol.cz
>
>
> In what way do those whitelist entries not work? They should exempt
> mail sent to those mailboxes from DCC checks.
>
The attached 'spam' was addressed To: tech@iol.cz. I thought this rule
would skip dcc check... am I wrong?
> Do you trust your local users to never send evil spam? If so,
> could you whitelist your local IP addresses, perhaps with
>
> ok ip 192.168.0.0/16
> ok ip 194.228.2.64/26
>
Not an option. I have four antivirus systems that are in mail system DMZ
(192.168/16). They are global, for all customers - approx 500.000, and
they should filter both incoming and outgoing mail. I can add some
selected IP addresses - does this rule mean 'if mail passed through this
IP anywhere in the chain, it is OK'? If it is the last IP before
antivirus system, I'm stuck again.
>
> Vernon Schryver vjs@rhyolite.com
> _______________________________________________
> DCC mailing list DCC@rhyolite.com
> http://www.rhyolite.com/mailman/listinfo/dcc
--
***********************************************************************
Pavel Urban (pavel.urban@imaginet.cz)
IOL system disaster
Internet OnLine, owned by Cesky Telecom, a.s. (www.ct.cz)
***********************************************************************
Vegetables should not operate electronic equipment.
Computer Stupidities, http://rinkworks.com/stupid/
***********************************************************************
More information about the DCC
mailing list
