doing dccproc -t many

Tim Wicinski
Sun Apr 7 19:48:40 UTC 2002

------ Vernon Schryver, <> writ

    I think that such systems cannot be made to work except in very restricted
    situations when only a very few people are allowed to report mail spam.
    When you have more than a very few reporters, you cannot be sure that
    none of them will make any mistakes and accidentally report good mail
    such as a CERT advisory.  I've doubts about even one reporter being
    sufficiently reliable, but maybe that's because I make too many mistakes.

These statements are truer more and more.  I wrote a very simple tool
which took the spam we collected, found the originating machine
(previous hop from our inbound servers) and looked for multiple
occurences.  We always blocked after spam #2. 

We had to make this more manual and less automated when we kept blocking, and on a weekly basis. 

More information about the DCC mailing list

Contact by mail or use the form.