always seeing a Fuz2, etc. count of 1, no server name in X-DCC- header

Vernon Schryver vjs@calcite.rhyolite.com
Wed Apr 14 22:05:58 UTC 2010


> From: Chris Aseltine <ophidian@newsnation.com>

> Okay, so, ... are you just hypothesizing that the spam in question was 
> sufficiently 'customized' to evade even Fuz2?  I guess I could accept 
> that, but all of my junk-mail is showing Fuz2=1.  I would expect at least 
> some of them to show up as bulk.  Otherwise how is the program useful?

If you don't find dccm useful, then please remove it as soon as possible.


> >> By the way here is the original message.
> >
> > That dccm at your site said the DCC target counts for that copy of my 
> > response to your first message were 1 suggests that it had not been 

> I'm not sure I understand: http://dakota.newsnation.com/~ophidian/junkmsg44.txt
> is the junk mail that I was talking about which had Fuz2=1.  It wasn't a 
> mailing list message.  I was showing in case you had any idea if something 
> in the message was throwing off Fuz2.

I overlooked your URL and thought the text you fed dccproc was a copy
of my respose.

The message at URL is heavily customized with a lot of text

However, that URL raises other questions.  

First, why are you hitting both Spamhaus ZEN and the CBL?
Isn't the CBL included in ZEN?  Why pay your own delay, bandwidth,
and processing expenses and cost the CBL for the unneeded check?

Why was that message not rejected during the SMTP transaction?
Checking for spam after telling the mail sender that the message has
been accept is a bad, albeit very popular mistake.  If the filter
suffers a false positive and dumps a legitimate message in a "spam
folder" then the message s likely to disappear.  Your mother will think
you're snubbing her.
Or worse, if you bounce spam after the end of the SMTP transaction,
you send spam to innocent third parties.
On the other hand, if you reject detected spam during the SMTP transaction,
the sender knows to use a phone or something.
If it was not a false positive, many spammers (although far from all or the
worst) will remove your address from their target lists.


If I were using your set of blacklists, I would have wired them
through `dccm -B`.  That would have good effects:
  - spam is detected during instead of after the STMP transaction
     so that false positives do not disappear into blackholes
  - I can find the full text (or first 30KBytes by default) of any
      rejected mail in /var/dcc/log
  - if you use /var/dcc/libexec/hackmc to adjust sendmail.cf/mc, then
     detected spam is reported with "many" to DCC so that targets using
     different filters with dccm, dccifd, or dccproc would know that
     similar messages are spam.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.