Whitelisting on a per domain basis

Vernon Schryver vjs@calcite.rhyolite.com
Tue Dec 14 20:40:49 UTC 2010


> From: Matthew Richardson 

> >  - Another strategy would be to add a locally invented SMTP header like 
> >     "X-no-dcc:ok" or "x-no-check:dcc" to the message before dccm, dccifd,
> >    or dccproc see the message, and then use -Sx-no-dcc in /var/dcc/dcc_conf
> >      and a line like "ok substitute x-no-dcc ok" in /var/dcc/whiteclnt

> I realised after sending it, that I had omitted to mention that I am using
> dccm as a milter with Postfix.

I have no idea how the Postfix milters are handled including when in
milters are invoked compared to when local headers are added.
I don't know how much of the sendmail milter interface that Postfix
supports.  

All of my Postfix+DCC testing has been with dccifd as a Postfix
before-queue filter as described in the dccifd man page.


> Your third option looks most workable.  It looks as if it would have an
> unwanted side-effect, namely that the "X-DCC-nnn-Metrics:" would say
> "whitelist".  The same issue would also exist with whiteclnt however.

Why is that a problem?  To compute DCC results for all mail, but reject
only for some recipient domains and if you were using sendmail, I would
point the ${dcc_userdir} macro a directory containing a whiteclnt file
with an "option dcc-off" or a set of "option threshold type,rej-thold"
lines that turn off DCC rejections (and perhaps other lines for
greylisting, DNSBLs, etc.).

Can you get Postfix to set the ${dcc_userdir} macro or the 
${rcpt_mailer} and ${rcpt_addr} macros?
See the -U option in the dccm man page in your source or at
http://www.dcc-servers.net/dcc/dccm.html#OPTION-U



> What I think I am really after would be a method on a per-domain basis to
> either set or cancel or adjust DCCM_REJECT_AT, whilst leaving the
> "X-DCC-nnn-Metrics:" in place for accepted mail so that the user's client
> software could filter on it.

Most DCC parameters can be set in the global /var/dcc/whiteclnt file
and overidden with individual per-user files.  See the main DCC man page in
your source or at
http://www.dcc-servers.net/dcc/dcc.html#White-and-Blacklists
and the proof-of-concept cgi scripts in your source or in the
demonstration at
http://cgi-demo:cgi-demo@www.rhyolite.com/dcc-demo-cgi-bin/


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.