whitelist problems

John Sutton john@scl.co.uk
Thu Feb 26 11:45:27 UTC 2004


Hi there

I'm struggling to understand whitelisting and would appreciate some help.  In 
particular I am using dccm and am adding entries to whiteclnt.  I should add 
that I am still using -a IGNORE (until I get things sorted out) but as far as 
I understand that is not implicated in the problems I describe below?

I *am* having some success (which I point out just so as to establish that I 
am not a complete bozo ;-), viz., these entries:

ok ip reply.nic.uk
ok ip mp.opensrs.net

are having the desired effect: there is no X-DCC-<brand>-Metrics header being 
added to messages from these 2 ip's.

But I have two problems and a query:

1) I am attempting to whitelist locally submitted "administrative" mail i.e. 
mail with specific recipients, so I've tried this:

ok2 ip localhost
ok2 env_to siteadmin@scl.co.uk

but these messages still have the X-DCC header attached so I assume that they 
are NOT being whitelisted?

2) This section appears in the vanilla whiteclnt file and I have left it in:

# Do not filter postmaster to avoid rejecting reports of spam.
#   As with all header checksums, all valid forms of the address must
#   be listed.
ok  env_to  postmaster
#   env_to  postmaster@example.com
#   env_to  postmaster@host.example.com

The phrase "all valid forms of the address must be listed" implies (to me) 
that the single rule above should NOT whitelist e.g. mail with env_to of 
postmaster@scl.net.  But it does ;-(  Are the comment lines above out of date 
and is there in fact some kind of "wildcarding" of 821-path addresses going 
on?

3) The vanilla whiteclnt file includes whitecommon at the end.  In turn, 
whitecommon lists hundreds of "ok env_from" and "ok from" rules.  But surely 
this implies that any spammer with half a brain just needs to use any one of 
these hundreds of addresses and he/she will successfully avoid detection by 
any system which has installed the vanilla dcc configuration?

TIA

***************************************************
John Sutton
SCL Internet
URL http://www.scl.co.uk/
Tel. +44 (0) 1239 711 888
***************************************************




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.