does the dccm -aIGNORE option apply to all kinds of detected "bulk"?

Chris Aseltine ophidian@newsnation.com
Fri Feb 24 03:39:41 UTC 2012


Sorry, realized I sent my other reply off-list.  Anyway, for those
following along, Vernon's suggestion worked perfectly.  I had set up
enhdnsbl, but reverted back to DCC for the purposes of this test;  I'll
leave it this way since, as I mentioned below, I can peer into message
bodies now.

For what it's worth, the reason I'm setting up my own private DNSBL is
because there are certain IP ranges that are just spamming me non-stop
and they never get listed by Spamhaus.  I don't get it, because they're
just freaking relentless and it's been going on for months if not a year
or more now.

The worst offenders lately are 66.85.0.0/16, 184.95.0.0/16, and several
in the 173 and 174 range like 173.208, 238, 242, 244, and so on.

(I am not listing any of the RIPE, APNIC, or LACNIC ranges, since,
well...)

Often times it will come from an outfit calling itself "Spartan Burst
Technologies" and the subject line will always be in all lowercase, and
when you look at the email, this light blue rectangle appears for about
a half second before it downloads some giant "Pimsleur language" JPEG
ad.

And they give you some CAN-SPAM postal address at the bottom of the
email, and when you Google it, it's the mailing address for about one
zillion companies.

Okay, I feel better now.

-----Original Message-----
From: Vernon Schryver [mailto:vjs@rhyolite.com] 
Sent: Thursday, February 23, 2012 9:13 PM
To: Chris Aseltine
Subject: RE: does the dccm -aIGNORE option apply to all kinds of
detected "bulk"?

> Do you consider that the -B option to dccm is superior to the enhdnsbl

> milter in Sendmail, because dccm can check the body of messages for 
> URL's, etc.?

Yes, but I'm biased.


vjs





More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.