Good starting numbers for spamassassins dcc

Michał Grzędzicki
Sat May 2 17:05:49 UTC 2009

Wiadomość napisana w dniu 2009-05-02, o godz. 18:54, przez Vernon  

>> From: =?ISO-8859-2?Q?Micha=B3_Grz=EAdzicki?= <>
>> checks for X-DCC: bulk only if it has been added upstream,  =
> I think it is good to run DCC checks during the original SMTP  
> transaction.
> The best way is to let the MTA reject spam during the transaction.
yes this is much betted then  deleting spam, but in our current config  
with amavis it it would be hard to get

> Even if one cannot do that, dccifd or dccm can add X-DCC headers when
> run as part of sendmail, postfix, or other MTAs.
>> Are fuz1 and fuz2 computed from same parts of email eg. sender,  =
>> subject, X-Client + body, or fuz2 takes more headers ? Then wery  =
>> simillar spams can have same body hash same fuz1 but difrend fuz2  =
>> because fuz2 takes in acount X-Client header whitch difers in this  
>> 2  =
>> spams or mayby they take same subset of email, header + body but  
>> use  =
>> difrend fuzzing algoritm (like omiting whitespaces ignoring case  
>> ect.  =
>> to ignore minor diferences in spams)
> All three DCC checksums, body, fuz1, and fuz2, are computed on only
> the message body starting after the blank line that ends the SMTP  
> headers.
> The fuzziness of the fuz1 and fuz2 checksums differ.
> I will not say how they differ, although it is not a secret for anyone
> willing to read the source.

ok, thank You for clarification

>> If they use same subset of headers + body there's no point in  =
>> diferenting threstholds for fuz1 and fuz2, and if fuz2 inputs more  =
>> data it should have smaller thresthold then fuz1.
> I think the thresholds for the checksums should be the same.
> Except for tiny messages and certain other cases, all three DCC
> checksums are computed message bodies.
> However, only reports of bulky checksums are flooded, so your DCC
> server is more likely to receive reports of fuzzy checksums than
> simple "body" checksums.

thank You for all the answers

Michał Grzędzicki

More information about the DCC mailing list

Contact by mail or use the form.