Central whitelist questions

Gary Mills mills@cc.UManitoba.CA
Fri Oct 25 16:32:44 UTC 2002


On Mon, Oct 14, 2002 at 02:31:05PM -0600, Vernon Schryver wrote:
> > From: Gary Mills <mills@cc.UManitoba.CA>
> 
> > ...
> > > > Should I be adding them to the server whitelist, then?
> > > 
> > > Only if you will have more than a few 10,000 entries, including IP addreses.
> >
> > I recently added 131072 IP addresses, for our class B networks.
> 
> Since things are working and 131K is more than 80K, you must have added
> them to your servers's whitelists to be incorporated into your servers's
> databases by dbclean.
> Since you're already using server white-lists for IP addresses,
> it seems reasonable to use them for other purposes.
> Of course, unlike DCC client white lists where changes are noticed 
> a few minutes after they're made, server white lists are updated only
> when you run dbclean.

Yes, that's correct.  The IP address entries don't change, so adding
them to the server whitelist is no problem.

> (Never mind that I'd probably use one sendmail access DB entry to
> white-list each class-B network instead of 64K DCC server entries.)

Okay, how would I do that?  By bypassing the DCC milter?  My sendmail
configuration actually has two milters, one for DCC and one for the
Trend virus scanner.  I don't want to bypass the anti-virus milter.

> > about the `ok' entries?  Which whitelist is best for them?
> 
> I doubt I understand.  Server white list entries can be "ok", "ok2", or
> "many".  "Many" is a blacklisting.  A message must have two checksums with
> "ok2" to be considered white-listed.

I was asking about whitelist entries for mailing lists to which our
users subscribe.  I'm putting them into the `dccm' client whitelist
for now.  I assume that's reasonable.

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.