How to protect the abuse and Postmaster mailboxes?

Vernon Schryver vjs@calcite.rhyolite.com
Sun Feb 4 23:18:53 UTC 2007


> From: Gary Mills 

> > Any username can have a /var/dcc/userdirs/local/$USER/whiteclnt with 
> > "option" lines that can do various things including:
> >   - turn DNSBL (dccm or dccifd -B) tests on or off
> >   - greylisting off or off
> >   - DCC tests on or off
> >   - set DCC bulk thresholds
> > for only that user.
>
> Yes, I saw those, but it wasn't clear to me if `DCC tests' controlled
> all of them, or just the bulk mail rejection.

It seemed to me that "Distributed Checksum Clearinghouse tests"
don't have much to do with DNS blacklist tests or greylisting, so
turning "DCC tests" on or off shouldn't affect greylisting or DNSBL,
and vice versa.


>                                                In this case, I'd like
> DNSBL to be on, but greylisting and bulk mail rejection to be off.

For the legitimate but otherwise rejected mail I would think a postmaster
or abuse mailbox might get, that odd:

  - A postmaster or abuse mailbox is not likely to benefit from
     bulk mail, and so ought to have DCC tests turned on.

  - Someone claiming to be falsely listed in a DNSBL won't be able
     send a cartooney or other objection to your postmaster mailbox if
     DNSBL checks are on.

     Reports of spam containing evil URLs won't be able to get past
     dccm/dccifd/dccproc DNSBL checks applied to message bodies to an
     abuse mailbox.
     
  - Someone sending from a broken SMTP client that can't get past greylisting
     checks needs greylisting checks turned off for that mailbox.

Other role mailboxes can have other requirements.  For example, DNS
contact mailboxes can get yearly legitimate bulk mail from registrars.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.