how to whitelist

Vernon Schryver vjs@calcite.rhyolite.com
Fri Feb 2 15:09:40 UTC 2007


> From: Frank.Tegtmeyer@drv-bund.de

> Because of some other mail components we have to use dccproc.

It might be worthwhile to somehow arrange to use dccifd, perhas
by using the ASCII protocol described in `man dccifd`
If whatever calls dccproc is written in Perl or C, you could copy 
code in dcc/dccifd/dccif-test.pl or dcc/dccifd/dccif-test.c

>                                                         We don't have
> mail_host available.

With -R, dccproc can decode many formats of locally added Received: headers
to find the host name and IP address of the remote SMTP client.

> /home/dcc/bin/dccproc -S sender,Mailing-List -w /home/dcc/whiteclnt -t
> $RECIPIENTS

Unless you are trying to look for a "sender,Mailing-List" header, 
I suspect that should be 

/home/dcc/bin/dccproc -S sender S Mailing-List -w /home/dcc/whiteclnt -t $RECIPIENTS

> for env_from checks we tried:
> /home/dcc/bin/dccproc -f$envelope_sender -S sender,Mailing-List -w
> /home/dcc/whiteclnt -t $RECIPIENTS

Is $envelope_sender a complete SMTP Mail_From value like user@example.com?

> # doesn't work:
> OK      substitute Mailing-List contact notification-help@lists.sophos.com;
> run by ezmlm

That will look for these SMTP header lines:

    Mailing-List: contact notification-help@lists.sophos.com; run by ezmlm

> OK      env_from   notification@lists.sophos.com

That will look for the SMTP envelope Mail_From value
notification@lists.sophos.com

Hints about what dccproc thought was the envelope Mail_From value
by running `dccproc -E -l /log/dir` for a suitable log directory /log/dir


> 1. Are there any examples how to match Received-Headers? Because of their
> nature
>    (included timestamps) they are not fixed strings, so how can they be
> matched?

Checking Received headers is not interesting today.
Long ago some spam was generate constant Received headers.

> 2. We saw many checksums for some messages presented here at the
> mailinglist.
>     We get only Body, Fuz1 and Fuz2 - do we have to reconfigure our DCC
> server
>    to get more?

You can add -K values to DCCD_ARGS in /var/dcc/dcc_conf
but they are unlikely to be useful.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.