Using both dccifd and dccm, or dccm for greylisting only

Vernon Schryver vjs@calcite.rhyolite.com
Fri Oct 14 22:31:17 UTC 2005


> From: "Philip Hachey" 

> >What would the difference be if you set DCCM_REJECT_AT=999999 in

> Perfect!  This is exactly what I needed.  I didn't know what would tell 
> dccm to write "bulk" in the header.  

That will tell dccm to put "bulk" in the header if any of the
"cmn" checksums (BODY, FUZ1, or FUZ2) have counts >=999,999.
I mentioned 999,999 because SpamAssassin translates the DCC value
"MANY" to 999,999.  In fact "MANY" 1 plus 16,777,199.  It is called
"DCC_TGTS_TOO_MANY" in the source because it is the largest target
count that the database and the two protocols can handle.

I think the right threshold for what I understand of your installation
is probably less than 0.1% of 999999, but then I also think DCC clients
need whitelists.


> I suppose the only thing to do now is disable SA's call to dcc_check and 
> write a custom rule that just looks for "bulk" in a X-DCC header, and then 
> assigns SA's score for DCC if it's found.

Wouldn't it be easer to put dccifd, dccproc, and the dccifd UNIX domain
socket in a directory where SpamAsassin won't find them?
Perhaps by building the DCC code with `./configure --homedir=/obscure...`?


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.