But if your firewall supports state tables, you wouldn't need to this correct!?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Litwiller Sent: Monday, October 06, 2003 8:21 PM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] If you use DCC w/SA please read So since I really don't know anything about the iptables firewall on my mail server do you more details so I can check to make sure that this is set correctly? Dave Lugo wrote: >Howdy all, > >It's been noticed that more mid-sized sites are using the DCC with SA. >This is potentially very cool, as it means the pool of checksums will >grow, providing better bulk detection for all participating sites and >clients. > >However (yeah, there's a BUT here :), it seems that there are numerous >sites that aren't poking the necessary holes in their firewalls, >thereby wasting their bandwidth, as well as bandwidth on the DCC server >side. > >For proper DCC client to remote server functioning, the following will >do the trick: > > allow udp local gt 1023 to remote 6277 allow udp remote 6277 to local > gt 1023 > > >Here's some semi-boilerplate* info I've sent a few sites: > >------------- >Your organization's DCC clients appears to be behind a firewall that >allows outgoing UDP packets to distant port 6277 but filters responses >from those same distant UDP port 6277. As a result, the retransmission >mechanisms in the DCC client code try hard but never get answers. > >It might help to think of port 6277 like port 53. > >Feel free to use the public DCC servers, but please fix your firewall. >It is increasing your DCC traffic by about 50 times. >------------- > >I'm hopeful that a "do firewall $foo for DCC" in the SA docs, plus this >friendly reminder, will help some or most sites that haven't yet >realized that they are rejecting DCC query responses. > >Best regards, > >Dave > >PS - for specific firewall configuration info, please consult the >documentation/readme/man pages/etc for your site. > >PPS - I'm not subscribed to Spamassassin-talk, so if you want me to see >your reply, please cc me :) > >* boilerplate verbiage provided by Vernon > > > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
