> From: Matus UHLAR - fantomas <[email protected]> > To: [email protected]
> since many phishing attacks targeted on our company in the near past, and > resulting spam outbreaks of which we are a victim for some time, I would > like to know if we can have some database of checksums that appeared locally > (at our servers) for a MANY times, where MANY would be different number than > global MANY. Why would you need 2 different MANY numbers? Why not share the checksums of phishing attacks targeting your company with the world? Some organizations apply DCC checks on their out-going email. By sharing phishing attacks targeting your company, you might stop some of them at their soruce and possibly even alert the owners of the source networks? > The logical alternative is to run DCC servers only for our company (which > requires commercial version of DCC), and always query both servers with > public and private checksum databases. Whether you need to buy a license for commercial use of DCC is unrelated to whether you run your own DCC servers. Some organizations have commercial DCC licenses but do not run DCC servers. Other organizations run private DCC servers using the free DCC version. You need a commercial license if you sell anti-spam appliances or services, or if you do not share your checksums. > Whle I don't have problems running commercial DCC, thiis would also require > double checking for checksums in both MTA and SpamAssassin, which I found a > bit hard to implement, unless some (commercial?) version implements it. > > Any recommendations about this problem? The best way to use DCC is during the original SMTP transaction, and so in the MTA. I think it would be easy to configure Postfix or sendmail to consult 2 sets of DCC servers. With Postfix, use two dccifd daemons as before-queue filters. With sendmail, add two Xdcc lines differing in DCC home directories. If you must apply DCC checks after the SMTP transaction, I think it would be straight forward to hack a copy of the SpamAssassin DCC.pm to use a second set of parameters and so consult a second dccifd daemon The second module would be called something like DCC2.pm. I'd probably write a sed recipe to generate DCC2.pm from DCC.pm from apache.org or the misc directory in DCC source to ease handling updates. Vernon Schryver [email protected] _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
