DCC firewall requirements

Vernon Schryver vjs@calcite.rhyolite.com
Mon Oct 20 21:23:23 UTC 2003


> From: Valentin Chopov <valentin@valcho.net>

> If you are going to use greylist flooding don't forget port 6276 too.

Yes, but only if your greylist servers are outside your firewalls.
Greylist servers and data are not shared except among the MX servers
for a (group of) domains.  If you have widely separate MX servers,
then you probably want them to use a common pool of greylist servers
and that may imply greylist flooding and even entries of distant
greylist servers in /var/dcc/map.  That would require opening firewall
holes for the TCP flooding greylist port (default 6276) and even UDP.
However, it's more common to have only one or two greylist servers
all behind perimeter firewalls and near or on the MX servers.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.