Creating a whitelist....

Vernon Schryver vjs@calcite.rhyolite.com
Thu Apr 11 17:22:53 UTC 2002


> From: Robert Sharp <rsharp@appliedtheory.com>

>                      ...  I am concerned about problems with that list 
> being turned into a map file, multiple times a day, does DCCM does this 
> automatically?

Subject to the rate limiting parameter WHITE_STAT_DELAY (5 seconds
by default), check_white_db() in dcclib/ckwhite.c uses stat(2)
to detect changes to the -w whiteclnt file and rebuild the 
whiteclnt.dccw file.  Every DCC_RE_RESOLVE seconds (1 hour by default),
the whiteclnt.dccw file is rebuilt whether it needs to be or not to
catch changes in A RRs.  (The next version will only rebuild hourly
if the whitelist includes "ip" entries.)

> Second, I noticed in the whitelist I have the option on putting in the 
> env_to statement and a 821 "to" address.  Would I be correct in assuming 
> this means that the TO address would receive no logging/bouncing via 
> DCCM?  Apparently I have customer who would rather get the spam then have 
> it bounced/rejected.

Yes, that's the intention of the env_to whitelist entries.  See also
`dccm -W` to turn off filtering except for explicitly listed addressees.


> Also Vernon seems to think I might want a couple DCCD servers.  I have one 
> now and it seems to be handling the load fine.....

I suggest more than one server not for load sharing but to ensure that
a nearby DCC server is always available despite system maintenance and
so forth.  It's probably not worthwhile for very small sites to have
even a single local DCC server.  Small or medium sized sites need at
most one.  Larger sites could have a single DCC server and include
distant servers in DCC client map files to cover local outages, unless
their total SMTP traffic is high enough to make it objectionable to
wait 50-250 ms for a distant answer while the local server is off line.
(The distant servers must have all of your whitelist entries or you'll
get wrong answers for your choices.)

DCC servers are like DNS servers.  If you don't receive enough mail to
need a local, caching, recursing DNS server, then you probably don't need
local DCC server.  If you have more than one local, recursing DNS server,
you want more than one local DCC server.  (Of course, I mean a local,
caching, recursing DNS server answering local queries about distant domain
names instead of an authoritative DNS server for your own domain names.)


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.