Computer Security
 » 
DCC

DCC on Centos 4.6 Accepting All mail if I understand correctly

View: New views
2 Messages — Rating Filter:   Alert me  

DCC on Centos 4.6 Accepting All mail if I understand correctly

by Robert Becskei-2 :: Rate this Message:

Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message

Dear list,

I've just installed DCC on my server configured it, and in /var/dcc/log I
see the following :

If I understand correctly this message is accepted for delivery instead of
being dropped cause it's obviously spam, why ?

Sincerely
Robert

 cat msg.2jjrdm
VERSION: 3
DATE: 04/25/08 13:54:45 CEST
IP: adsl-dyn13.78-99-92.t-com.sk ::ffff:78.99.92.13
HELO: adsl-dyn13.78-99-92.t-com.sk
env_From: vlakshmanan@...  mail_host=bobbarker.com
env_To: unknown  addr=unknown  dir=userdirs/unknown

Return-Path: <vlakshmanan@...>
X-Envelope-To: <magacinspy@...>
Received: from adsl-dyn13.78-99-92.t-com.sk (adsl-dyn13.78-99-92.t-com.sk
[78.99.92.13])
        by mail.topolauniverzal.co.yu (Postfix) with SMTP id 76C6182BE4
        for <magacinspy@...>; Fri, 25 Apr 2008 13:54:44 +0200
(CEST)
Received: (qmail 25505 invoked from network); Fri, 25 Apr 2008
04:54:19 -0700
Received: from unknown (HELO wsg) (98.208.175.202)
        by adsl-dyn13.78-99-92.t-com.sk with SMTP; Fri, 25 Apr 2008
04:54:19 -0700
Message-ID: <002501c8a6cb$1817e450$caafd062@wsg>
From: "Ed Day" <vlakshmanan@...>
To: <magacinspy@...>
Subject: No need to spend hours searching chemist's around!
Date: Fri, 25 Apr 2008 04:54:19 -0700
MIME-Version: 1.0
Content-Type: text/plain;
        format=flowed;
        charset="iso-8859-1";
        reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Enjoy easy and convenient PE enlargement! http://enoughfraction.com

Ed Day


### end of message body ########################
dccifd  global

X-DCC-URT-Metrics: mail.topolauniverzal.co.yu 1060; Body=many Fuz1=many
        Fuz2=many
                            reported: 1               checksum  server
                       IP: 45c16e81 5be2cac6 65a639fb 29b6354c
                 env_From: 8191f964 2d02e61a bb8c80ba cfc0fb92
                     From: c451ffa7 6668142a ea092ab1 8937cd1c
          substitute helo: 3fc71480 3a7bc0be 39a1b9dd 6dba9f99
               Message-ID: cdb34515 afcc9399 5d110b29 6ab6ae07
                 Received: b26bca05 6087094e 909df9a2 490feafc
                     Body: f119c4f7 f53c166d e3bfea0a e2db03bb    many
                     Fuz1: c540dacf ff893152 90304931 3513dc3a    many
                     Fuz2: 558ce5e6 847ee1c9 5558444f eb6e6318    many
     substitute mail_host: e1f59373 d85df116 8b9fd3e0 54c524d3

result: accept

_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc

Re: DCC on Centos 4.6 Accepting All mail if I understand correctly

by Vernon Schryver :: Rate this Message:

Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message

> From: "Becskei Robert"

> I've just installed DCC on my server configured it,

Judging from the log file, I suspect that you are not running the
current version of dccifd.  The current version is 1.3.90.  You
can determine the version you are using with `cdcc -V` or `dccifd -V`

If you are not using the current version, it would be good to install.
it.  Unless you obtained the source from a third party that broke the
shell script /var/dcc/libexec/updatedcc, running that script should
fetch, configure, compile, install, and restart dccifd.


>                                                     and in /var/dcc/log I
> see the following :
>
> If I understand correctly this message is accepted for delivery instead of
> being dropped cause it's obviously spam, why ?


> X-DCC-URT-Metrics: mail.topolauniverzal.co.yu 1060; Body=many Fuz1=many
>         Fuz2=many
>                             reported: 1               checksum  server
>                        IP: 45c16e81 5be2cac6 65a639fb 29b6354c

>                      Body: f119c4f7 f53c166d e3bfea0a e2db03bb    many
>                      Fuz1: c540dacf ff893152 90304931 3513dc3a    many
>                      Fuz2: 558ce5e6 847ee1c9 5558444f eb6e6318    many
>      substitute mail_host: e1f59373 d85df116 8b9fd3e0 54c524d3
>
> result: accept

What is the value of DCCIFD_REJECT_AT (or DCCM_REJECT_AT) in
/var/dcc/dcc_conf?  The absense of a "threshold" column in the
checksum results in that log file suggest that DCCIFD_REJECT_AT is
not set.  To reject mail with body checksums of "MANY", try setting
DCCIFD_REJECT_AT=MANY   I use a far smaller value, but I also use
per-user whitelists.


Vernon Schryver    vjs@...
_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc
LightInTheBox - Buy quality products at wholesale price!
Free Forum Powered by Nabble Forum Help