New DCC user impressions

Adam Ierymenko api@xactcommerce.com
Mon Sep 23 03:26:48 UTC 2002


I'm very impressed.. I installed DCC on our company's mail server and I 
have not
received one piece of spam since.  Some of the heavier spam receivers on our
system still get a little, but they've experienced an approximately 85% 
drop in
spam count.

The spam filter catches about 1200 pieces of spam every 24 hours, which is
pretty amazing for a mail server with only about 100 active users.

I've gotten *no* false positives (except  mailing lists) with using 15 as a
threshold value for body, fuz1, *and* fuz2.  The fuz2 checksum seems to
work fine.

I've set up several spam blackhole addresses and posted them to usenet and
other places and they're already in the hands of spammers.  All the spam 
they
get is reported as '-t many' to dcc-servers.net.  I've also done this to 
some
obsolete and nonexistant addresses at our domains that get nothing but spam.

So far I've recommended DCC to about 15 people.

We run exim, and I've done some interesting scripting work to make things
friendlier and allow us to see what's going on a little better.  The 
following
script may or may not be useful to some of you, and will almost certainly
require some editing.  I'm just posting it to give you guys some ideas...

------------

This script is the wrapper I created for dccproc.  It is invoked from 
within the
exim.conf file and the results are piped into another exim process to 
receive
the processed mail.  This might not be the most efficient thing in the 
world, so
it's probably not suitable for a really heavy load mail server.. but it 
gives us a
nice log of spam blocked and sends spam to spambox@domain addresses that
people can then check if they wish.  (Some domains have valid spambox 
addresses
while others have their spambox addresses going nowhere... it depends on 
whether
they want to be able to review blocked spam or not...)

I installed dcc in /opt/dcc since I put all non-Debian-packaged software 
there.  (We
run Debian GNU/Linux systems).

#!/bin/bash

# Usage: dccproc-exim-wrapper.sh fromaddr recipientcount domain

DROPSPAM=yes

export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin

TF=`tempfile`
cat | /opt/dcc/bin/dccproc -w /opt/dcc/whiteclnt -f $1 -t $2 -h /opt/dcc 
-c CMN,15,25 -S env_from -S mail_host -S Mailing_List -S Sender -S From 
| sed s/X-DCC-.*-Metrics:/X-Spam-Checking:/ >>$TF
if [ "x`cat $TF | grep ^X-Spam-Checking: | fgrep bulk`" = "x" ]; then
        # Message is not spam
        cat $TF
else
        # Message is spam
        cat $TF | grep -i ^From: | head -n 1 >>/var/log/spamcheck/spamlog
        cat $TF | grep -i ^To: | head -n 1 >>/var/log/spamcheck/spamlog
        cat $TF | grep -i ^Return-Path: | head -n 1 
 >>/var/log/spamcheck/spamlog
        cat $TF | grep -i ^Reply-To: | head -n 1 
 >>/var/log/spamcheck/spamlog
        SUBJ=`cat $TF | grep -i ^Subject: | head -n 1`
        echo $SUBJ  >>/var/log/spamcheck/spamlog
        echo '--' >>/var/log/spamcheck/spamlog
        if [ "$DROPSPAM" = "yes" ]; then
                if [ "x$3" != "x" ]; then
                        cat $TF | mimeit text/plain spambox@$3 "SPAM 
[${SUBJ}]"
                fi
                echo QUIT
        else
                cat $TF
        fi
fi
rm -f $TF





More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.