Vernon Schryver
vjs@calcite.rhyolite.com
Mon Sep 19 19:27:09 UTC 2005
> > /var/dcc/libexec/fetch-testmsg-whitelist run by cron. > > It should be used by including it in /var/dcc/whiteclnt: > > > > include testmsg-whitelist > Yes, I've tried this whitelist and it will probably help. The problem is > that some stupid MUA/Webmail/something that is used somewhere in our > company produces such empty-in-quotes messages (as the one I've > attached). I'll try to work around this somehow... maybe on Amavis level. Could you get the stupid MUA/Webmail/something to add a signature or advertising like "Super Wonderful Systeme used by Internet OnLine" to the HTML part of the empty messages? Adding enough English (or Spanish or Polish) text would allow the DCC clients to compute a FUZ2 checksum that you could whitelist. (I made an English dictionary for the FUZ2 checksum. Native speakers provided Spanish and Polish.) > >>ok env_to postmaster > >> env_to postmaster@iol.cz > >> env_to abuse@iol.cz > >> env_to tech@iol.cz > > > > In what way do those whitelist entries not work? They should exempt > > mail sent to those mailboxes from DCC checks. > > The attached 'spam' was addressed To: tech@iol.cz. I thought this rule > would skip dcc check... am I wrong? If the SMTP envelope Rcpt-To consisted of <tech@iol.cz> and if to env_to tech@iol.cz was in /var/dcc/whiteclnt then none of the checksums for the message should have been sent to the DCC server for checking. Have you tried feeding a test message to dccproc -E l/tmp -ccmn,0 -QC -w whiteclnt -i msg-file and looking at the resulting /tmp/msg.* file to see what is happening? > they should filter both incoming and outgoing mail. I can add some > selected IP addresses - does this rule mean 'if mail passed through this > IP anywhere in the chain, it is OK'? If it is the last IP before > antivirus system, I'm stuck again. I do not understand that question. DCC whitelisting by IP address applies to a single IP address. That is the IP address of the SMTP client that sent the mail message. That address either supplied to dccifd, dccm, or dccproc by the MTA or picked out of a Received: header. That can be changed by adding "rcvd-nxt" to the options the MTA sends to dccifd with `dccproc -r` (in version 1.3.17). Vernon Schryver vjs@rhyolite.com
More information about the DCC
mailing list
