DCC showing whitelist, don't know why

Chris Aseltine ophidian@newsnation.com
Sun Feb 26 16:28:15 UTC 2017

Okay, I think I figured it out.  One detail that I had omitted thus far is that all "ham" is forwarded to a second mailbox where I have actually been reading it.  I believe the forwarded copy is getting whitelisted because the mail server IP during said forwarding is, of course,  So in effect, the whitelist; remark is a red herring, and the real problem is that these spams are passing greylisting before showing up in Spamhaus ZEN.  Thanks for the help.

-----Original Message-----
From: DCC [mailto:dcc-bounces@rhyolite.com] On Behalf Of Vernon Schryver
Sent: Sunday, February 26, 2017 9:38 AM
To: dcc@rhyolite.com
Subject: RE: DCC showing whitelist, don't know why

> From: Chris Aseltine <ophidian@newsnation.com>

> So the only question I still have is, why does it show up as:
> X-DCC--Metrics: quantum; whitelist
> Is that saying that has been whitelisted because it passed greylisting and the positive bulk result was ignored?

No, dccm greylisting does not override DCC results.

The following in line in your message on 25 Feb 2017 21:53:29 +0000 strongly suggests that you are running incoming mail past DCC twice:

] Feb 25 15:39:37 <my hostname> sendmail[53702]: v1PLdb7d053702: Milter delete: header X-DCC--Metrics: <my hostname> 1356; bulk Body=1 Fuz1=1 Fuz2=many

The dccm log file you posted today came from the first sendmail+dccm pass, which you have configured with -aIGNORE or with a whiteclnt line to ignore DCC results.

The second DCC pass found a characteristic that you have whitelisted.

Perhaps you are using dccproc for the 2nd DCC pass.

Please recall

Vernon Schryver    vjs@rhyolite.com
DCC mailing list      DCC@rhyolite.com

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.