doing dccproc -t many

Tim Wicinski tim@meer.net
Sun Apr 7 19:48:40 UTC 2002


------ Vernon Schryver, <200204071843.g37Ihmf1011971@calcite.rhyolite.com> writ
es: 

    I think that such systems cannot be made to work except in very restricted
    situations when only a very few people are allowed to report mail spam.
    When you have more than a very few reporters, you cannot be sure that
    none of them will make any mistakes and accidentally report good mail
    such as a CERT advisory.  I've doubts about even one reporter being
    sufficiently reliable, but maybe that's because I make too many mistakes.
    

These statements are truer more and more.  I wrote a very simple tool
which took the spam we collected, found the originating machine
(previous hop from our inbound servers) and looked for multiple
occurences.  We always blocked after spam #2. 

We had to make this more manual and less automated when we kept blocking
aol.com, earthlink.net and yahoo.com on a weekly basis. 




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.