Newbie suffering...

John Sutton john@scl.co.uk
Thu Feb 12 13:30:57 UTC 2004


Hi there

Thanks for that!  I think this is one of those cases where "RTFS" (Source) 
was perhaps a bad idea...

I need some help to make a modification to the source of dccm, so I should 
first explain my problem as perhaps there is a better solution than that 
which I have in mind?

I need to introduce spam control on my server which is dealing with about 
30,000 emails per day for some hundredes of users.  How am I going to compile 
appropriate whitelistings for the solicited bulk mail for my users?  I can 
run with "dccm -a IGNORE" for a few weeks, but I don't really want to have to 
trawl through 1000's of log files every day looking for likely candidates, 
and nor can I expect my users to do that, or even to examine the source of 
each email they get to read the X-DCC header line.  Remember, these are 
users...;-)

So I figure what I need to do is to run for a few weeks with -a IGNORE and 
modify dccm so that bulk mail has the Subject: header changed to read (say) 
"Subject: SPAM?: Re: Fwd: Gimme Viagra!".  Then I tell the users to look 
through their inbox listings and let me know about anything which has been 
marked "SPAM?:" but shouldn't have been.  Thus I compile the white listings 
and then after a few weeks remove the -a IGNORE switch.

How else can I do this?  I've looked instead at running:

milter-spamc -> spamd -> dccifd

which would allow me to do the Subject header modification, but that is 3 
daemons running and the one in the middle is Perl, yuk.

So here is my proposed modification of dccm which I think in principle is 
very straightforward:

1) introduce a new switch, say, "-f optarg" meaning "flag bulk mail by 
prepending the string optarg to the Subject header".  -f is valid ONLY with 
-a IGNORE, otherwise it is itself ignored.

2) introduce a lump of storage into the bottom half of the WORK struct 
(underneath WORK_REZERO) so that in dccm_header() I can store the Subject.

3) at *the_appropriate_point* in dccm_eom() i.e. at that point at which it is 
decided that this email WOULD have been rejected/discarded were it not for 
the -a IGNORE setting, I can modify the Subject.

And my problem is number 3!  Where *is* that point in dccm_eom()?  This block 
of code misled me:

-----------------------------------
    if (wp->cw.reject_tgts == 0) {
        /* it is not spam for any target */
        if (wp->cw.honor & DCC_HONOR_GREY_EMBARGO) {
            totals.tgts_embargoed += wp->cw.tgts;
            ++totals.msgs_embargoed;
            return set_reply(wp);
        }
        /* deliver it if all (remaining) targets want it */
        work_done(wp, "accept");
        return SMFIS_ACCEPT;
    }
 
    /* it is spam for at least some targets */
 
    if (wp->cw.action == CMN_IGNORE) {
        /* if we are ignoring spam but can greylist it, do so */
        if (wp->cw.honor & DCC_HONOR_GREY_EMBARGO) {
            totals.tgts_embargoed += wp->cw.tgts;
            ++totals.msgs_embargoed;
            return set_reply(wp);
        }
        totals.tgts_rejected += wp->cw.reject_tgts;
        work_done(wp, "ignore and accept");
        return SMFIS_ACCEPT;
    }
-----------------------------------

because you'll surely have to agree, it is not a question of what *I* mean by 
"ignore and accept", it is a question of what the author of this code means 
by it!  This is what led me to think that "no message ever gets (potentially) 
rejected/discarded".

 From your response (and that from John Doherty), it would appear that if I 
remove the -a IGNORE flag then the bulk mail *will* get bounced, and so I 
assume that the second block of code above is a bit of old stuff left in 
there to trick the unwary!  (I actually haven't as yet risked running without 
the -a IGNORE switch because I can't afford to lose my solicited bulk mail 
from OpenSRS, Nominet, etc.!)

Anyway, if you could give me some feedback on the general idea and (if you 
think its worth doing) some ideas about point 3 above, I will be grateful.  I 
will of course post a patch of my efforts in due course!

TIA
John

On Wednesday 11 February 2004  7:49 pm, you wrote:
> > From: John Sutton <john@scl.co.uk>
> >
> > DCCM_ARGS="-Q -aIGNORE -d -d -d -d -d -d -d -d -d -d -d -d -d"
> >
> > Looking through the code in dccm/dccm.c, I would expect to see:
> >
> > result: ignore and accept
>
> This is what the dccm man page says about "-a IGNORE".
>
>    -a IGNORE | REJECT | DISCARD
> 	specifies the action taken when DCC server counts or -t thresholds
> 	say that a message is unsolicited bulk.  IGNORE causes the message
> 	to be unaffected except for adding a header line to the message.
> 	Spam can also be REJECTed, or accepted and silently DISCARDed with-
> 	out being delivered to local mailboxes.  The default is REJECT.
>
> What do you mean by "ignore and accept"?  If it is for the SMTP client
> to be told 250-OK but for the message to be discarded, then as with
> sendmail access_DB files, you might want "-aDISCARD" instead.
>
> > Is this happening because all the mail is coming from one source and that
> > source is on the local net?  And if so, how do I stop that happening?
>
> Mail from 127.0.0.1 is usually whitelisted.  You might need to add
> "-g not-IP" to turn off that whitelisting.
>
>
> Vernon Schryver    vjs@rhyolite.com
> _______________________________________________
> DCC mailing list      DCC@rhyolite.com
> http://www.rhyolite.com/mailman/listinfo/dcc

-- 

***************************************************
John Sutton
SCL Internet
URL http://www.scl.co.uk/
Tel. +44 (0) 1239 711 888
***************************************************




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.