'empty' messages

Pavel Urban pavel.urban@ct.cz
Mon Sep 19 18:21:05 UTC 2005


Vernon Schryver wrote:

>>From: Pavel Urban <pavel.urban@ct.cz>
> 
> 
>>I'm receiving user complaints about empty messages marked as spam by 
>>dcc. Some people in our company routinely send messages with just 
>>Subject: and 'empty' body. I've tried to add a rule for the most common 
>>destination, but it obviously doesn't work. Is there a way to whitelist 
>>this kind of traffic? Thanks!
> 
> 
> Are the messages really empty or do they consist of empty MIME attachements
> as in the spam you sent?  Such empty MIME attachements are difficult
> to whitelist by body checksum because they consist mostly of random
> MIME boundary strings.  If they really are empty, they can be whitelisted
> with John Levine's list of empty and test body checksums.  That can
> be fetched automatically into /var/dcc/testmsg-whitelist with
> /var/dcc/libexec/fetch-testmsg-whitelist run by cron.
> It should be used by including it in /var/dcc/whiteclnt:
> 
>   include testmsg-whitelist
>  
> 
> 

Yes, I've tried this whitelist and it will probably help. The problem is 
that some stupid MUA/Webmail/something that is used somewhere in our 
company produces such empty-in-quotes messages (as the one I've 
attached). I'll try to work around this somehow... maybe on Amavis level.

>>ok      env_to  postmaster
>>         env_to  postmaster@iol.cz
>>         env_to  abuse@iol.cz
>>         env_to  tech@iol.cz
> 
> 
> In what way do those whitelist entries not work?  They should exempt
> mail sent to those mailboxes from DCC checks.
> 

The attached 'spam' was addressed To: tech@iol.cz. I thought this rule 
would skip dcc check... am I wrong?

> Do you trust your local users to never send evil spam?  If so,
> could you whitelist your local IP addresses, perhaps with
> 
>     ok  ip 192.168.0.0/16
>     ok  ip 194.228.2.64/26
> 

Not an option. I have four antivirus systems that are in mail system DMZ 
(192.168/16). They are global, for all customers - approx 500.000, and 
they should filter both incoming and outgoing mail. I can add some 
selected IP addresses - does this rule mean 'if mail passed through this 
IP anywhere in the chain, it is OK'? If it is the last IP before 
antivirus system, I'm stuck again.

> 
> Vernon Schryver    vjs@rhyolite.com
> _______________________________________________
> DCC mailing list      DCC@rhyolite.com
> http://www.rhyolite.com/mailman/listinfo/dcc


-- 
***********************************************************************
Pavel Urban (pavel.urban@imaginet.cz)
IOL system disaster
Internet OnLine, owned by Cesky Telecom, a.s. (www.ct.cz)
***********************************************************************
    Vegetables should not operate electronic equipment.
           Computer Stupidities, http://rinkworks.com/stupid/
***********************************************************************



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.