greylisting?

[Paul R. Ganci]

Alex Neuman van der Hans wrote:

> In any case, have you ever documented how you used DCC (instead of, 
> for example, a specific greylist milter) for this purpose? It would 
> help non-sendmail users who can't use milters if you shared it 
> (perhaps on the wiki) with the rest of us.

No I haven't actually done this. However, to be clear I am using 
sendmail with the dccm milter.

DCC provides a bunch of capability beyond dccproc/dccifd. I run multiple 
dccd servers which flood among themselves and do the actual greylisting. 
The dccm milter acts as the interface between sendmail and dccd. I have 
configured my email system to reject outright on DCC checksums which 
score high enough (1000 for my system but YMMV) and to greylist 
otherwise. This all happens up front before any real server resource is 
used. Anything that gets by all this goes through 
MailScanner/SpamAssassin. I call dccifd from SpamAssassin with 
thresholds set to 100. Hence messages that have a DCC checksum score of 
100-1000 will get a SpamAssassin DCC_CHECK score.

There are downsides to this methodology. The first is that for messages 
that pass DCC the first time, a second dccifd check may be done. I am 
not sure, however, if the actual DCC servers are accessed since there is 
in principle already a DCC header which is used by SpamAssassin. 
Nonetheless there is overhead here to get the reject >1000 but only tag 
100-1000 functionality I wanted. Second there is a much larger whitelist 
burden if you choose to reject based upon DCC checksum scores. Some of 
my subscribers did miss their NY Times ... unfortunately many email 
lists and newsletters appear spammy and get high DCC checksum scores. I 
found no impact to any legitimate user Email or for that matter this 
list or the SpamAssassin list. I also found the overall load on my 
servers was cut in half using DCC up front to both reject and greylist 
as opposed to just greylist. The reason is that the 
MailScanner/SpamAssassin load is significantly reduced.

In any case if you still think there is merit to documenting my DCC 
usage I will be glad to do it as time allows me.

As you point out it all depends how much work you are willing to put in. 
I run the email system for a small, intermountain Colorado wireless ISP 
and so it is manageable for me to maintain whitelists. I put the time in 
to monitor logs, whitelist as appropriate and so this system seems to be 
quite effective. It also helps that my subscriber base is pretty 
understanding and willing to work with me.

-- 
Paul (ganci at nurdog.com)