System-wide procmail rules for DCC

Vernon Schryver
Fri Apr 12 21:30:49 UTC 2002

> From: Tim Wicinski <>

> ...
>       - the power of the DCC is not in watching for mail with "Many" checksum
>            counts that has hit a spam trap but in rejecting unsolicited
>            (i.e. not whitelisted) bulk mail before it has hit a trap.
> The house discussion has been "do we reject where *=many or do we just
> catch and store for people"?  So far blocking *=many has given us very
> large number of rejects and I've been parsing along trying to make sure
> they are truly spam and not just very wasteful and silly mailing lists
> which are hard to get off of.

'*=many' implies one or more of
 -  dictionary attacks (see 
 - netnews and web page address scraping that picked up spam traps
 - subscribers (voluntary or not) who have wired the stuff to 
     `dccproc -t many` or the equivalent with dccm
 - subscribers (voluntary or not) who have manually reporeted individual
     messages with `dccproc -t many`.
 - bad guys doing nefarious `dccproc -t many` things to such as
    CERT advisories.

Most of those are good things to reject, but they don't include novel
spam spews.  Rejecting only on '*=many' loses much of the power of
the DCC without avoiding the cost of needing whitelists for at least
messages such as CERT advisories.

>    - looking for !(^X-DCC-.*OK) suggests that server whitelist entries are
>     in use.  If you use only your own DCC servers and are willing
>     to hassle with `dbclean` every time you change the /var/dcc/whitelist
>      that's ok.
> Okay, I guess we will add the hassle. We're using server whitelists on
> lists already.

It seems to me that client whitelists syncrhonized with rdist or similar
would be less hassle.

Server whitelists are a mistake based on the old model of the DCC
as involving only a few servers run by one or a few outfits and
zillions of authenticated clients.

My next big project is to try to add per-user whiteclnt files and
log directories to dccm.  If that is practical (it may not be), it
won't be done for a while.

Vernon Schryver

More information about the DCC mailing list

Contact by mail or use the form.