Hi;
Vernon Schryver wrote:
<snip>
The checksum of two different messages both with the same fixed footer
or other string appended are practically certain to differ if the
checksums of the original messages differ. The odds of the checksums
of the modified messages being the same are on the order of 1 in 10 to
38th power.
<snip>
Cheers for that.
I wasn't aware of how fuzzy the fuzzy matching was, especially on short
messages, so I put 2+2 together and made 5.
Some times I need the clue stick for things to sink in ;-)
Rgds
Neil
Vernon Schryver wrote:
From: neil <[EMAIL PROTECTED]>
Is there a way to exclude a string from being included in DCC hashing ?
no, but as far as I understand description of the problem, excluding
strings from the checksums would not be useful.
We add a footer to webmail, then DCC on other boxes as part of
spamassassin, but I think it is registering as a hit as the footer is
constant.
I want to just test the body as we do get some hijacked accounts
spamming, but the majority or our web mail traffic is person to person
and not bulk.
I have had a read of whiteclnt and seen the testmsg-whitelist, but that
does not do what I want. Is there a way to make a checksum of our footer
and exclude just that?
I could have exim add the footer after spam scanning I suppose. We have
to add the footer at management insistence, so I cant just remove it at
source :-)
Apologies in advance if this has been asked or answered before I
did a quick search of the list and FAQ but couldn't find anything.
The checksum of two different messages both with the same fixed footer
or other string appended are practically certain to differ if the
checksums of the original messages differ. The odds of the checksums
of the modified messages being the same are on the order of 1 in 10 to
38th power. There is a vastly larger danger that your computers will
suffer undetected data errors in RAM or on buses and so compute wrong
and equal checksums.
Exactly what problem needs solving?
If you have found that tiny messages consisting of nothing, "yes",
"no," "test," etc. and with your footer are being detected as bulk,
then a local equivalent to testmsg-whitelist is the solution.
All copies of z message consisting of "test" and your footer are identical
and so "bulk." There is no way that the DCC client code can know that
such small but not tiny messages should be ignored unless you say so
with white list entries. As far as the DCC client code can tell, the
copies of "test" and your footter might be small advertisements for
herbal viagra.
The solution is to look add the hex checksums for such messages to
your /var/dcc/whiteclnt file. You can get the checksums from log
files in /var/dcc/log. Look for a line like the following in the
log file a test message that should be ignore:
Fuz2: 67bcbe1f 0ddf6c3b c2da2ec2 6bd3e844 0
Then add a line like this to /var/dcc/whiteclnt
ok hex Fuz2 67bcbe1f 0ddf6c3b c2da2ec2 6bd3e844
You will need to ensure that /var/dcc/whiteclnt is being used by
dccproc or dccifd. If you are using dccifd, you probably need not
do anything. If you are using dccproc, you should enable and
use dccifd instead. If you must use dccproc, tell SpamAssassin to
run dccproc with -w/var/dcc/whiteclnt (or wherever you put your whiteclnt
file).
Vernon Schryver [EMAIL PROTECTED]
_______________________________________________
DCC mailing list [email protected]
http://www.rhyolite.com/mailman/listinfo/dcc
_______________________________________________
DCC mailing list [email protected]
http://www.rhyolite.com/mailman/listinfo/dcc
