Maximizing effectiveness against 'empty' spam?

Robert Thille list-dcc@rangat.org
Wed Jun 16 22:37:17 UTC 2004


I'm working on integrating our products with DCC via the dccifd
and QA has come up with something they believe is a bug: the
non-rejection of messages with empty bodies.
The dccifd isn't complaining about 'missing message body', so
I'm pretty sure my software is talking to the dccifd correctly.

However, with the DCCIFD_REJECT_AT set at '10', sending 11 identical
messages with empty bodies doesn't get any messages rejected.

DCCIFD_WHITECLNT is 'whiteclnt', pretty much unmodified from the
distribution, and we're not using the dcc-testmsg-whitelist.txt file
that's available at iecc.com.

dccifd invocation:
/u0/dcc/libexec/dccifd -SDccTestBlackList -Linfo,mail.debug \
   -Lerror,mail.debug -l log -t CMN,1,10 -w whiteclnt -U userdirs

I'm guessing that the problem is the '-t CMN' part, since the man page
lists CMN as 'Body, Fuz1, Fuz2'.  Do Fuz1 and Fuz2 cover the headers,
or are they just 'fuzzy' checksums of the body?
Setting the threshold for individual header fields like the dccifd.8
page lists (IP, env_From, From, Message-ID, Received) doesn't seem like
a good approach for this, but a (perhaps fuzzy) checksum of the entire
header might work.

I'll admit that I don't see empty SPAM as being a large problem, but QA
and the people I work for do, so I'm looking for solutions :-)

Thanks,

Robert Thille



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.