Mods to Fuz2 seem to make it less effective

Tim Wicinski tim@meer.net
Fri Mar 7 00:01:38 UTC 2003


Vernon Schryver wrote:
>>From: Tim Wicinski <tim@meer.net>
> 
> 
>>...
>>We've seen a similiar situation. We went from 1.1.8 to 1.2.22 and the 
>>amount of spam has risen.  We were seeing a 60% blocking factor from 
>>DCC, but that number has dropped below 50% and our local blacklists are 
>>picking up the slack.
> 
> 
> Those are very poor numbers.  Informants among your users have said
> things that lead me to believe your DCC rejection threshold is well
> above 200.  Are you rejecting only at "many" instead of a value far
> less than 200 but still clearly "bulk"?  If so, is that because of
> the difficulties of whitelists?   I think the right way to use the
> DCC is with whitelists and a threshold below a few dozen.

Your informants are, as usual, correct. However, lowering the bulk 
numbers have been something we tried and were unsuccessful in, due to 
the number of legitimate bounces.

Also, when we process the spam we do receive, I always check via 
'dccproc -H' the bulk numbers before tagging as 'many'.  They usually do 
not have a high enough number to warrant lowering the value.

If I see a majority of spam we process as having counts > 200 or 250, 
I'll be more likely to consider that.  I'll study those numbers more 
carefully when we process the daily spam flow.

tim




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.