Blacklisted - removal?

Vernon Schryver
Wed Mar 1 22:27:36 UTC 2006

> From: "Dan Mahoney, System Admin" 

> For some reason I find this shocking, but not surprising, if you can 
> follow the difference.  After all, a goodly number of other firewalls have 
> done little more than take advantage of several opensource products 
> (Linux, Snort) -- so it's no surprise that what's above could be 
> DCC/SpamAssassin/Razor/Pyzor at all to me.

There are plenty of brands of "spam appliances" that are bascially
unconfigured Linux distributions that with SpamAssassin talking to
dccproc.  Almost all of them are unmodified and so practically
impossible to distinguish from DCC installations legitmately using
the public servers.

> The thing that confuses me, and I ask this only from an interest point of 
> view, not debate -- is why would the software deliberately send malformed 
> packets?  I.e. why make it more obvious they're bending the clearly stated 
> rules?

Barracuda pioneered that strategy, including shipping a /var/dcc/map
file that pointed to the public DCC servers after promising to stop.

> Clearly these geniuses have read the license, and have decided 
> somehow to circumvent it -- and my expectation is that if in fact you've 
> done the PR-unfriendly thing and filed the appropriate cease and desists, 
> you're not at liberty to discuss them anyway.

They may be using an old DCC version from before the license changed
to exclude spam appliance vendors.

I've not checked, but from what I've been told one or more Linux
distributions includes old DCC and SpamAssassin code.  I suspect that
some GNU priest has decided that the current license is politically
correct and so is sticking with the old code instead of removing it
from the distribution.  That causes problems for sites that install it
from those Linux distributions.  They end up using dccproc instead of
dccifd.  That can result in multiplying by up to 48 the number of packets
an even slightly busy mail system (>10K mail/day) sends to the public
DCC servers.  Even 10 Krequests/day become noticable when multiplied
by 48.   That brings them to my attention and often eventually into the
blacklist as they ignore my email.

What bugs me most about this is that it I suspect it is the old familiar
FSF phoniness.  If the current DCC source license is too restrictive
to include current DCC source (as is their right to decide), then the
license on the use of  public DCC servers has *ALWAYS* been too restrictive
to ship the default /var/dcc/map{.txt,} file.  Organizations that don't
qualify for the current free DCC source license in general never qualified
to use the public DCC servers.

Vernon Schryver

More information about the DCC mailing list

Contact by mail or use the form.