False postive for CENTRALCOMMAND.COM newsletter

Sean Rima sean-sender-732ecf@tcob1.net
Sat May 18 01:16:08 UTC 2002

Hash: SHA1

On Fri, 17 May 2002, Vernon Schryver spake:

>> Just notioced that the latest Centralcommand.com newsletter is being
>> marked as many.
>> the checksums are:
>> X-DCC-tcob1-Metrics: tcob1.net 1042; Body=many Fuz1=many Fuz2=many
>>                                                       checksum  server
>>                                                       wlist
>>                  env_From: 51cb1d01 803256f7 54c88978 3cbac0b2
>>                      From: 550717fa b8335e44 5a13ae9a 5e254d78
>>                Message-ID: f4bdfa7c 0e5d0292 164672eb 4724a6f3
>>                  Received: 486c69ae 5c221a50 a9f103cb 441a424c
>>                      Body: 388b254b c7b8deb4 611c460a a73eadc3 many
>>                      Fuz1: 9263b12e 3cefe27f a9fb4844 de19b541 many
>>                      Fuz2: 53b5a154 81c1df13 29bf9e45 f665b93d many
> If it is a "newsletter," then it certainly does not sound like a
> "false positive."

Okay I can understand this.
> `dblist -Vh` says that variations of that particular message have been
> seen at more than one DCC server, which makes clear that it is bulk.
> It seems to have it a trap or otherwise been noted as extremely bulky
> at server-ID 1012.  The data compression mechanisms in the servers
> and in the flooding make it impossible to say how many other places
> have seen that message or marked it as extremely bulky.
> The fact that you issued delete request for some of the checksums for
> that message suggests that I should make honoring delete requests off
> by default.  Unless you know for a fact that the message was not
> unsolicited bulk mail where it was marked as "many", you stepped over
> the line.

I stand corrected on this and yes you are correct, I will bear this in
mond in future. It was a case of being over zealous in trying to be
helpfull. Maybe a local option to remove checksums only from the local
database without removing it from the global databases.
> As the DCC documentation says and as I've told you, the DCC detects
> bulk mail.  You must add a white list to distinguish between solicited
> and unsolicited bulk mail.  Anyone who is rejecting all mail marked
> "many" has not read the documentation or is intentionally misusing or
> at least not using the DCC as intended if you rejecting all mail
> marked "many."

I had some misunderstanding at the beginning of how dcc checked things
out but I never reject mail, I simply has exim move to to a spam
directory in my mailbox and I check them out manually. If it is not spam
then I add it to the system whitelist and schedule it to be mailed to
the original user/domain later on.

See Ya, Sean

- -- 
  Sean Rima                                http://www.tcob1.net
  Linux User:      231986          Jabber:   tcobone@jabber.org
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Use GPG for Secure Mail


More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.