Server whitelist not working in DCC 1.2.11

Gary Mills mills@cc.UManitoba.CA
Thu Oct 16 02:37:52 UTC 2003


On Wed, Oct 15, 2003 at 02:12:51PM -0600, Vernon Schryver wrote:
> > From: Gary Mills <mills@cc.UManitoba.CA>
> 
> > I have 512 /24 blocks, which requires 131072 entries.  They rarely
> > change, so should be okay on the server side.  The client whitelist
> > has about 5000 entries.
> 
> Oh, that's more than 80K.  Even 80K is probably too large because
> it is mapped into memory.  There's little good to be said about
> increases in memory footprints, except by hardware vendors.
> 131K entries in the server's database is too few to notice.
> 
> It seems a little surprising to whitelist all IP addresses at a
> university instead of only those that might reasonable send legitimate
> bulk mail.  Mail from networks in labs and dorms sounds like a good
> place for heavy filtering.

Unfortunately, almost any computer on campus can be a source of
legitimate bulk mail.  All you have to do is to build a local address
list, and send the mail.  People expect it to work.  However, we
almost never have a spam problem from on-campus computers.  The main
problem that we have with student-owned computers is from worms,
trojans, and copyright violations. We have to locate them and shut
them down anyway, because they are a security hazard.  Otherwise, we
let people do whatever they want, and assume that they will act
responsibly.

> I assume there's some reason a couple of lines like "connect:10.1 ok"
> in a sendmail access_db wouldn't work to whitelist your /16s.

Only because I haven't investigated that option.  Adding the IP entries
to the server whitelist seemed easiest.  As well, our mail server runs
two milters.  The first is DCC, and the second is the Trend virus
scanner.  Mail from local addresses should still be virus-scanned.

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.