DNSBL -Bset:URL mode

Vernon Schryver vjs@calcite.rhyolite.com
Wed Nov 3 18:01:38 UTC 2010


> From: Kostik <koc@fax.ru>
> To: dcc@rhyolite.com

> Yes, all so as you say. But there are situations when you need fast
> overwrite DNSBL that would fix the customer problem. What would then slow
> to solve the problem with third party blacklists. The process of solving
> blacklisting problems with some DNSBL providers is not fast.
>
> In the majority of the MTA I can override a DNSBL-ed IP via whitelist but I
> can not do this with DNSBL-ed body URL. That is why I asked this question.

I always recommend whitelisting mail senders that you trust by 
adding lines to /var/dcc/whiteclnt, /var/dcc/whitecommon, or 
per-user /var/dcc/userdirs/...USER/whiteclint files.
Dccifd ignores URLs in mail from whitelisted senders or otherwise
whitelisted by headers such as List-ID.


> 1. Now the response from DCC in the case of a positive response from DNSBL
> is: "Body=many Fuz1=many Fuz2=many".  May be possible to somehow
> distinguish "many" as millions of targets from "many" as blacklisted?  Or
> as a set weight for the any type of blacklists. For example:
>
> whiteclnt:
> 300    substitute helo localhost # count one letter weighing 300
>
> DNSBL:
> -B set:weight=300 - sets the DNS blacklist weight
>
> For what would the DCC-client can use different scripts for different
> situations. What would distinguish a truly bulk-mailing from the
> blacklisted sender. IMHO, now these different causes marked as the same value.

No, the DCC clients, dccm, dccproc, dccifd, report mail that is locally
determined to be spam to the DCC server with a target count of "many".


> 2. Questions about dccifd's param: -t type,[log-thold,]rej-thold
> Now I personally do not lack the ability to specify multiple rej-thold.
>
> My example:
> ---
> rej-thold=1000 - rejected in any case
> presumably-rej-thold=500  - reject the condition with other filters
> log-thold=100  - log messgae
>
> Appears as a more flexible configuration solution with fewer false
> positives, I think so.

No, dccifd has only a single rejection for each checksum.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.