Help configuring whitelisting

Vernon Schryver vjs@calcite.rhyolite.com
Thu Sep 18 21:19:11 UTC 2003


> From: Craig Constantine <craig@blkbx.com>

> ...
> DCCM_ENABLE=on
> DCCM_ARGS="-a REJECT -W"
> DCCM_LOGDIR=H?log
> DCCM_WHITECLNT=whiteclnt
> DCCM_USERDIRS=userdirs
> DCCM_LOG_AT=50
> DCCM_REJECT_AT=50

>   My 'whitelist' file has only two lines (that aren't comments):
> -----begin-----
> include whitecommon
> include bbx-whitelist
> -----end-----

> ...
>   My 'whiteclnt' file also has only two lines:
> -----begin-----
> include whitecommon
> include bbx-participants
> -----end-----

> ...
> my 'bbx-whitelist' included into my 'whitelist' has the following lines. (I 

> ...
> # ABC News
> ok      from    abcnewsnow-editor@mail.abcnews.go.com
>         from    Breaking News <abcnewsnow-editor@mail.abcnews.go.com>
>         env_from        bouncesb@q.go.com
>         mail_host       q.go.com.
> -----end-----
>
> So why is the message rejected? I'm lost...

1. You seem to be using the public DCC servers.  So how does the
  server whitelist in /var/dcc/whitelist affect anything?  In other words,
  forget /var/dcc/whitelist unless you are running your own DCC server
  as well as not using any other server.  
  Put that "include bbx-whitelist" line into your /var/dcc/whiteclnt file.

2.  To make mail_host work, dccm needs to know that you care.
  Add "-Smail_host" to to DCCM_ARGS in dcc_conf.

3. "mail_host q.go.com" is invalid as log messages will tell you
  when you include bbx-whitelist in whiteclnt.  Try something like
  the examples in the default whiteclnt installed by `make install`
  from the homedir/whiteclnt file in the source or something like
    ok  substitute mail_host q.go.com
   
>   I'm going to write a little Perl program that will take an env_To value 
> to find, walk down the /var/dcc/log tree and spit out "suggestions" to add 
> to your whitelist for all message that were rejected for that env_To.
>   That way when user 'x' whines, I can just run the program, making it 
> search for a given env_To then, look at the "suggestions" and pick out the 
> line or two I need to add to make them happy. I'd be DELIGHTED to send in 
> my Perl code...

That's one way.  Another tactic is to turn on per-user logging and
whitelists and use something like the CGI scripts in /var/dcc/cgi-bin.
Then users (or you with their passwords) can look at log files and
adjust individual whitelists.
Others have cleand up those CGI scripts and made them fit their local user
interface rules.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.