Central whitelist questions

Vernon Schryver vjs@calcite.rhyolite.com
Mon Oct 14 16:16:00 UTC 2002


> From: Gary Mills <mills@cc.UManitoba.CA>

> > > I'm setting up a procedure so that users can nominate bulk mail for
> > > inclusion in a central whitelist.  They will provide the name of a
> > > DCC log file.  A script will then extract the appropriate information
> > > from the collected log files to build a file in whitelist format.
> > 
> > What is the appropriate information and how do you determine it
> > automatically?
>
> I was thinking of the envelope and header `from' values.

Unless that "nominating" involves a person checking the submissions, I'd
do something a little different.  I'd use something like the CGI scripts
in the DCC source to let users modify a whitelist file (or several files),
and then use scripts to collect the whitelist for dccd or dccm.
If people act as gatekeepers, I'd still probably have them use something
like the CGI scripts, since they could point-and-click to select
among all of the possible white-listing stigmata in those DCC log files.


> > Adding white list entries for all checksums of a sample
> > message might too quickly exhaust the 80,000 limit on the size of the
> > client white list hash tables.
>
> Should I be adding them to the server whitelist, then?

Only if you will have more than a few 10,000 entries, including IP addreses.

The biggest problem with using the server whitelists is that you must
ensure that all of your servers have the same whitelist.  That's easy
if you control all of your servers, but also implies you cannot use
the servers of other organizations for backup.


> ...
> Actually, each dccm filter is talking only to the local dcc server,
> but the two servers peer with eachother.  I could change that.

I can't think why that could be other than a very good idea.

> ...
> Checking just now, on one mail server, both `dccd' and `dccm' are
> working correctly.  `dccm' is using 460 of 472 file descriptors.  It
> has 88 threads.

That seems a little high given the modest loads that `cdcc stats`
here says are seen by your two servers.  I hope you've configured
client-IDs so that your dccm processes do not have to wait the default
`dccd -u` delay imposed on anonymous clients.  In other words, I hope
that when run on your servers, `cdcc info` talks about a "queue wait"
of less than 10 milliseconds instead of more than 50.

(Dccd systems with higher loads can have queue waits above 50 ms even
for local clients, particularly if they don't have a lot of RAM.)


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.