'empty' messages

Vernon Schryver vjs@calcite.rhyolite.com
Mon Sep 19 19:27:09 UTC 2005


> > /var/dcc/libexec/fetch-testmsg-whitelist run by cron.
> > It should be used by including it in /var/dcc/whiteclnt:
> > 
> >   include testmsg-whitelist

> Yes, I've tried this whitelist and it will probably help. The problem is 
> that some stupid MUA/Webmail/something that is used somewhere in our 
> company produces such empty-in-quotes messages (as the one I've 
> attached). I'll try to work around this somehow... maybe on Amavis level.

Could you get the stupid MUA/Webmail/something to add a signature or
advertising like "Super Wonderful Systeme used by Internet OnLine"
to the HTML part of the empty messages?
Adding enough English (or Spanish or Polish) text would allow the
DCC clients to compute a FUZ2 checksum that you could whitelist.

(I made an English dictionary for the FUZ2 checksum.  Native speakers
provided Spanish and Polish.)


> >>ok      env_to  postmaster
> >>         env_to  postmaster@iol.cz
> >>         env_to  abuse@iol.cz
> >>         env_to  tech@iol.cz
> > 
> > In what way do those whitelist entries not work?  They should exempt
> > mail sent to those mailboxes from DCC checks.
>
> The attached 'spam' was addressed To: tech@iol.cz. I thought this rule 
> would skip dcc check... am I wrong?

If the SMTP envelope Rcpt-To consisted of <tech@iol.cz> and if 
to env_to tech@iol.cz
was in /var/dcc/whiteclnt
then none of the checksums for the message should have been sent to
the DCC server for checking.

Have you tried feeding a test message to
   dccproc -E l/tmp -ccmn,0 -QC -w whiteclnt -i msg-file
and looking at the resulting /tmp/msg.* file to see what 
is happening?


> they should filter both incoming and outgoing mail. I can add some 
> selected IP addresses - does this rule mean 'if mail passed through this 
> IP anywhere in the chain, it is OK'? If it is the last IP before 
> antivirus system, I'm stuck again.

I do not understand that question.

DCC whitelisting by IP address applies to a single IP address.  That
is the IP address of the SMTP client that sent the mail message.
That address either supplied to dccifd, dccm, or dccproc by the MTA
or picked out of a Received: header.  
That can be changed by adding "rcvd-nxt" to the options the MTA
sends to dccifd with `dccproc -r` (in version 1.3.17).


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.