Best way to whitelist mailing lists

Vernon Schryver vjs@calcite.rhyolite.com
Tue Sep 3 15:59:32 UTC 2002


> From: "Roy Hooper" <rhooper@cyberus.ca>

> ...
> In my opinion, only the domain portions would be.  The local part has too
> little meaning to be of any practical use without the domain portion.

How would the domain portions of the env_To be useful?  Except in the
less common (in messages/day as opposed to virtual domains) case of
a single SMTP server answering for multiple domains, some of which
want DCC filtering and some don't, why would one white-list on env_To
domains?   Even with virtual domains or 3rd, 4th, or 5th level sub-domains
that don't agree, isn't it easier to punt to individual users?

I suppose there could be mail_host1, mail_host2, mail_host3, ..., mail_hostN
"substitute"  checksums for the last N parts of the the env_From domain
name, but would that really be useful?  In real cases, isn't it always
sufficent to white-list all of a legitimate bulk mail senders FQDNs?


> On the subject of whitelisting, it occurs to me that whitelisting local
> messages while integrated with Procmail might be easier done if there was a
> way to combine whitelists into one directive.  As an example I might want to
> say:
>
> whitelist From safe_local@address.com and hostname 10.0.0.0/8

That was the idea of the OK2 white list value.  
Saying that it had not been used enough to notice is an understatement.


> This could possibly be done by by extending whitelist syntax slightly to
> have linked lists of operations through use of optional and and or keywords
> just before count?

Syntax is always mere sugar and cannot affect the substance of a
mechanism.  The DCC works on checksums.  Local DCC white lists are
nothing more than hash tables of checksums just like the MD5 checksums
sent DCC servers.  The basic problem is that It makes no sense to ask
whether the MD5 checksums of two strings are "close"


> ...
> > Note that sendmail access_db entries can be used to white-list based
> > on parts of the envelope. ...

> Except for people using DCC with SpamAssassin and who are not using
> sendmail...

Those people could use SpamAssassin regular expressions to combine
X-DCC headers with whatever else they wish.  (I'm assuming that the
SpamAssassin regular expressions are somehow exposed in a user interface;
I've never looked closely at SpamAssassin.)  It would probably be best
to add the X-DCC header before SpamAssassin sees the message.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.