version 1.1.17 of the DCC

Vernon Schryver vjs@calcite.rhyolite.com
Wed Dec 11 22:22:07 UTC 2002


> From: "Sven" <sven@dmv.com>

> ...
> Having installed it, everything seems to be running OK so far. I do have a
> question regarding the added  "dccm deletes all X-DCC headers of the right
> brand name to foil tricky spammers" feature. In sending test messages
> through my server array, I see utterly no difference in the X-DCC headers
> being generated. What is or is not supposed to be there now?
> i.e. Before: X-DCC-dmv.com-Metrics: bebe.dmv.com 1095; Body=1 Fuz1=1 Fuz2=1
> and After:  X-DCC-dmv.com-Metrics: bebe.dmv.com 1095; Body=1 Fuz1=1 Fuz2=1
> I see no difference between the 1.1.16 and 1.1.17 versions .....
>
> Is this feature only added for those dccm running without " -aIGNORE" ??

Dccm and dccproc have always deleted the first X-DCC header of the
current brand name in incoming mail.  For example, if you feed your
system a message already containing the header line 
    X-DCC-dmv.com-Metrics: bebe.dmv.com 1095; Body=ok Fuz1=ok Fuz2=ok
it would have been replaced with the right header.

The bug-fix is to deal with mail containing two or more incoming
headers.  Dccm would have replaced only the first X-DCC-dmv.com-Metrics
header, allowing a bad guy to preload spam with two headers and
potentially fooling another MTA or MUA that passes mail with an "ok"
or some other low-count value.  Dccm now replaces all such headers
instead of only the first.

As far as I know, no spammer has bothered to try to forge X-DCC headers.
It doesn't seem like a profitable attack, but you can never tell.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.