ok2 env_to possible?

Vernon Schryver vjs@calcite.rhyolite.com
Mon Mar 8 23:36:05 UTC 2004


> From: John Sutton 

> ...
> I am automatically generating a file called virtusertable.dcc which is 
> included by whiteclnt and which consists of all lhs's from virtusertable 
> prefixed by "ok2 env_to".
>
> Thus (if it was working as I'd hoped ;-), any cgi or modphp script which 
> sends to a virtusertable user will pick up 2 ok2's and so such messages will 
> be whitelisted.  This is necessary not only for privacy reasons but also 
> because many such scripts send exactly the same message repeatedly e.g. "A 
> new order has been placed on your web site.", etc, and so must NOT be 
> reported because they are "bulk".  OTOH, as happens frequently, when some 
> spammer find and hijacks a customer's cgi script, e.g. the notorious 
> formmail.pl, the submissions made by the script will *not* be whitelisted 
> (since the recipients will not predominantly if at all be virtusertable 
> users) and so these messages will (in due course) be blocked by a DDC 
> checksum report.
>
> In short, if my reasoning is sound and if ok2 env_to were not broken, the DCC 
> would solve the problem of cgi spam which is a major headache to me.


Why not instead:

 - get rid of the infamous formmail.pl and prevent its return with
    enforced AUP fines or UNIX directory permissions.

 - arrange with some sendmail.cf rules so that those virtual users can
    send mail only to their approriate virtusertable destinations.

 - whitelist by FUZ2 checksum the messages of those CGI scripts.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.