Noob questions

Mark Motley mark@motleynet.com
Fri Jan 4 22:27:25 UTC 2002


> Hello all--Vernon has been patiently answering all my tech-newbie 
> questions, so I thought I'd give him a break and inflict them 
> on the rest 
> of you for a while.

Yep, he's been putting up with several of us now!  ;-)
 
> So: How do I recognize when something would have triggered the "spam"
> threshold, and been rejected?  Will it be painfully 
> obvious--when I do get
> spam, will I be seeing the X-DCC header and thinking "Oh 
> yeah, message-ID
> score over 2000, that would have bounced"?

My experience: most spam will show "many" (read: really bulky) in at least some of the fields.  A few have shown up with a number in the field (like "21"), but it's rare in my situation.

Whether that would be rejected or not depends on your thresholds (-t parameter or in the dcc_conf)  I have a vanity domain, so mine are set pretty low (log at 10, reject at 20).

Now, once you start rejecting, you'll gleefully see the rejects in your mail log like this:

Jan  4 14:07:35 crux sendmail[13668]: g04M7XT13668: from=<meg44@yourwap.com>, size=5168, class=0, nrcpts=1, msgid=<000052060180$00000a6b$000014a6@basic-data.no>, proto=ESMTP, daemon=MTA, relay=[203.117.167.226]
Jan  4 14:07:35 crux sendmail[13668]: g04M7XT13668: to=<mark@motleynet.com>, delay=00:00:02, pri=35168, relay=naboo.motleynet.com., stat=mail from ::ffff:203.117.167.226 in msg.XXaKPSzC rejected by motleynet DCC

You can then double-check things by looking in your /var/dcc/log directory, in the above case the filename would be "msg.XXaKPSzC".  There you'll see the entire message with headers so you can verify that it really was spam, and potentially learn a new money-making technique in the process.  (hee hee)
 
> And second, is there any particular reason to have both a 
> server whitelist 
> and a client whitelist?

Vernon, it's that question again!  ;-)

- MBM



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.