> > From: Matus UHLAR - fantomas <[email protected]> > > To: [email protected] > > > since many phishing attacks targeted on our company in the near past, and > > resulting spam outbreaks of which we are a victim for some time, I would > > like to know if we can have some database of checksums that appeared locally > > (at our servers) for a MANY times, where MANY would be different number than > > global MANY.
On 21.03.11 14:57, Vernon Schryver wrote: > Why would you need 2 different MANY numbers? because I found mail that appeared 1000 times on our servers much more suspect than mail that appeared 1000 times in the whole world, while only 5 times on our servers. The same can apply for slovakia etc... Or is there I don't understand correctly about DCC? > Why not share the > checksums of phishing attacks targeting your company with the world? Of course, but the difference above is what I'm interested in. [...] > Whether you need to buy a license for commercial use of DCC is > unrelated to whether you run your own DCC servers. Some organizations > have commercial DCC licenses but do not run DCC servers. Other > organizations run private DCC servers using the free DCC version. > You need a commercial license if you sell anti-spam appliances or > services, or if you do not share your checksums. that's it :) > > Whle I don't have problems running commercial DCC, thiis would also require > > double checking for checksums in both MTA and SpamAssassin, which I found a > > bit hard to implement, unless some (commercial?) version implements it. > > > > Any recommendations about this problem? > > The best way to use DCC is during the original SMTP transaction, > and so in the MTA. Reporting in the MTA, checking in the spam filter is what I want to achieve :) > I think it would be easy to configure Postfix or sendmail to consult 2 > sets of DCC servers. With Postfix, use two dccifd daemons as before-queue > filters. With sendmail, add two Xdcc lines differing in DCC home > directories. > > If you must apply DCC checks after the SMTP transaction, I think > it would be straight forward to hack a copy of the SpamAssassin > DCC.pm to use a second set of parameters and so consult a second > dccifd daemon The second module would be called something like DCC2.pm. > I'd probably write a sed recipe to generate DCC2.pm from DCC.pm from > apache.org or the misc directory in DCC source to ease handling updates. well, I'll goo this way if I won't find a better one. -- Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Boost your system's speed by 500% - DEL C:\WINDOWS\*.* _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
