Per-recipient DCC summaries

Gary Mills mills@cc.UManitoba.CA
Wed May 29 23:15:39 UTC 2002


I've written a perl script that reads the logs produced by dccm, and
produces per-recipient daily summaries of bulk mail, as well as a CGI
script to make the summaries available on the web.  With the addition
of user authentication, I'm hoping that this will provide a way for
users to determine what mail was rejected by DCC, and also notify us
of legitimate bulk mail that should be whitelisted.  The summaries are
intended to be compact, having one line per message.  The recipients,
though, should be the same as for the per-recipient logs that dccm can
produce.

When I analyzed the types of recipient addresses that showed up, I
found some interesting things.  DCC is currently logging all mail with
more than 100 copies, but not rejecting mail.  Of about 13,000
distinct recipients of bulk mail, 80% were local users, and 20% were
remote addresses.  Of the local addresses, 20% were unknown users, and
40% were inactive acounts, leaving only 40% for active accounts.  Many
of the unknown users were actually Usenet message IDs.  This means
that 60% of the summaries will never be seen by a user.  The other 40%
could be served by a CGI script with user authentication.

The remote addresses included over 500 different domains, the most
popular of which were hotmail.com and yahoo.com.  I soon discovered
that the mail came from private mailing lists on a couple of desktop
workstations.  There are probably many more of these on campus.
I can whitelist them, of course, but I have to know about them first.
Is there a way to whitelist all local IP addresses?  We have two
class B networks, so there are a lot of them.

Some of the remote addresses were for domains for which the mail
server does MX service.  The mail was routed to the remote mail
server, but the DCC logs and summaries were left behind.  I don't
have a way to do user authentication for the remote users, so a
CGI script won't work for them.  I'll have to devise a way to send
the summaries to the remote server as well.  This is getting too
complicated.  I can't start DCC rejecting mail until we have a good
means of feedback to the users.

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.