One other question

John R Levine
Fri Nov 29 22:08:04 UTC 2002

> Plodding through the resolver library
> code in the MTA and then hitting a nearby BIND cache could easily
> cost more than looking for "\r\n.\r\n" to receive the message.

Perhaps, but I wouldn't dream of using BIND.  It's too slow.  Writing the
message to disk and firing up the queue manager isn't free, so I'd just as
soon avoid that.  (See below, where we agree about the important stuff.)

> If you count bits on the wire, you spend more network bytes talking
> to the root, a gTLD server, and ultimately the DNSBL server to get a
> DNSBL answer than receiving the rest of a message.

Maybe, but since I have local mirrors of all the DNSBLs I use, that
doesn't apply, either.

> The way I think the DCC should be run has spam being rejected during
> the SMTP transaction.

Probably.  I use qmail, which has a more modern security model than
sendmail, so the SMTP daemon doesn't have access to all of the delivery
logic and can't reliably tell what address will be delivered where and so
which user config file applies to what address.  But on any setup big
enough to be interesting, most of the mailboxes will be handled in one of
a very small number of ways (into /home/whoever/Maildir, or into a virtual
domain POP toaster, typically), and we'd get most of the benefit by doing
DCC at SMTP time on the addresses for which we can easily guess the
delivery address, and using dccproc on the others.

> Most people who care enough about spam to take matters into their own
> hands are running very small servers or no servers.

I think the network managers I know at Earthlink and AOL would find that
assertion pretty amusing.

John Levine,, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be,, Sewer Commissioner
"More Wiener schnitzel, please", said Tom, revealingly.

More information about the DCC mailing list

Contact by mail or use the form.