Log message from WLIST tracing

Vernon Schryver vjs@calcite.rhyolite.com
Thu Apr 1 15:51:32 UTC 2010


> From: Matus UHLAR - fantomas 

> On 01.04.10 08:27, Gary Mills wrote:

> >     Apr  1 08:18:20 setup01 dccm[14901]: [ID 702911 mail.error] too many IP address blocks in line 513 of localnets.wh included from whiteclnt
> > 
> > The file contains 512 /24 networks plus 127.0.0.1
>
> I wonder if you can't aggregate them into one /15 or two /16 ranges.

Exactly.

I've added this text to section of the main dcc man page on whitelists:

    hosts
	 is a host name, an IPv4 or IPv6 address, a block of IP
	 addresses specified as starting and ending addresses sep-
	 arated by a dash (-), or a block in the standard xxx/mm
	 form.  A host name is converted to IP addresses with DNS,
	 the /etc/hosts file, or other mechanisms.
	 The /var/dcc/whitelist file used by the DCC server.
	 dccd(8), treats all host names, IP addresses, and address
	 blocks the same.  Each IP address must be added to the
	 DCC database as its checksum.  DCC servers only hear
	 about checksums and so could not use a list of IP
	 addresses.  To prevent accidentally adding billions of
	 records to the database (contemplate a line like "OK IP
	 fe80::0/120), server whitelist entries cannot specify
	 blocks larger than 65,536 or /16.
	 The DCC clients, dccifd(8), dccm(8) or dccproc(8), know
	 about IP addresses and their whitelists can contain IP
	 addresses.  The global /var/dcc/whiteclnt file or a per-
	 user whiteclnt file can contain up to 64 ranges of 256 or
	 more IP addresses.  Smaller ranges are added as individ-
	 ual addresses.


> and, btw, is there real need for whitelisting all your IP addresses?
> I mean, do your users send to many bulk messages that you need whitelist
> them all?
> DCC could be used to block user-generated spam imho...

I agree.

"SUBMIT IP 10.1.2.0-10.1.2.255"
can be used to tell dccm, dccifd, or dccproc that SMTP clients at those 
IP addresses run mail user or submission agents that are not trusted
to never send unsolicited bulk email but also cannot handle temporary
4yz SMTP rejections for greylisting or clashing mail recipeint whitelists.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.