Grey-listed message never accepted.

Vernon Schryver vjs@calcite.rhyolite.com
Tue Oct 25 15:24:06 UTC 2005


> From: Gary Mills <mills@cc.umanitoba.ca>
> To: "Paul R. Ganci" <ganci@nurdog.com>
> Cc: dcc@rhyolite.com

> > Note that the last message was sent ~12 minutes after the first attempt. 
> > The greylister is setup to accept any properly resent message after 3 
> > minutes. For this particular message the greylister never accepts it 
> > even though everything (sender Email, recipient Email, sending server IP 
> > address and msgid). Now I know the greylister works for other messages. 
> > Why might it have failed for this message and how to I go about 
> > debugging it?
>
> Notice how the size of the message increases, although not with each
> retry.  That would alter the checksum.  I've seen several similar
> instances where the MTA would append a disclaimer to each message,
> and would do it again for each retry.  Check your DCC logs if you
> have them, to confirm what's happening in this instance.

Yes, dccm/dccifd greylisting normally checks that the same message
is retransmitted.  In theory this forces spammers trying to get past
greylisting by replaying their target lists using the same zombies to
use the same hash-busting efforts, which would aid normal DCC detection.

If you don't like that feature, add "-Gweak-body" to GREY_DCCD_ARGS
in /var/dcc/dcc_conf

See the discussion of -G in the dccd man page or
http://www.dcc-servers.net/dcc/dcc-tree/dccd.html#OPTION-G


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.