Relay thru sys in whitelist

Vernon Schryver vjs@calcite.rhyolite.com
Sat Jun 29 02:30:12 UTC 2002


> From: "Rose, Bobby" <brose@med.wayne.edu>

> Well I think I answered my own question.  It does let it thru. I check
> /var/dcc/logs and found spam messages were forwarded from that system
> that have a many tag but was allowed thru because the host was in the
> whitelist.
>
> Why doesn't dcc use the original host?  Sendmail's access map is able to
> reject mail that originated from a system that is blocked even it's
> relayed thru another.

> > Should DCCM let a message registered as many thru if the message was
> > forwarded from a system in your whitelist?  I've seen messages get thru
> > that Spamassassin shows and being listed in DCC and after looking at the
> > headers, I see that it's was forwarded on from a system in my whitelist.

I don't understand the references to SpamAssassin, "forwarded on",
"use the original host," "a system that is blocked," and so on.

The DCC is a system for detecting bulk mail and rejecting or discarding
bulk mail that is unsolicited according to local white lists.  Mail
that has been seen elsewhere and so has a total recipient count above
your local rejection threshold (DCCM_REJECT_AT in dcc_conf for dccm
or -c values for dccproc) is what you consider bulk.  Whether it is
solicited depends on whether at least one (or two for "OK2") of its
dozen checksums is in your white list.

If it is solicited bulk mail, whether a CERT Advisory, a note about
your high school class reunion, or a department-wide note from your
boss, then you wouldn't want to reject or discard it.

That the DCC system by default (`dccd -K` and no relevant IP, From,
env_From, or other white list entries) does not care about the source
of a bulk message is a desirable feature.  For example, it means that
bulk mail sent from new SMTP relays or proxies is also detected and
can be rejected.

Spam filtering and MX forwarders is an awkward combination and not
just for the DCC but for any filtering system including sendmail access
databases.  If you white-list your MX forwarders by name or IP address,
then you'll not reject any spam they send.  In that case, you probably
need to install your filters on your MX forwarders.  If you don't
white list your MX forwarders, you probably need to white-list any
legitimate bulk mail they send, again for any filtering scheme.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.