bad DCC traffic from e-corp.net

Vernon Schryver vjs@calcite.rhyolite.com
Mon Sep 2 16:27:01 UTC 2002


> From: Trevor Astrope <astrope@e-corp.net>

> ...
> I installed dccproc to use with spamassassin, as it is a requirement, and
> was unaware that it was causing these problems. It did appear to be
> working well at first, but I now see a lot of dccproc connection refused
> messages in the logs.
>
> It is a fairly busy mail server and we do get a lot of spam to harvested
> addresses from our web site. I appologize for the lack of info for e-corp,
> as the domain has changed to sitesell.com, but the server names were not
> changed.
>
> I've disabled the dcc checks in spamassassin and appologize for any
> problems this has caused. I did not intend to abuse the service. I have no
> idea why the client is sending the bad data.

I can't tell what other software any given DCC client is using, but
judging from independent sources, there are plenty of other sites
using SpamAssassin with dccproc.  As I can tell, only a few DCC clients
of the public servers I control are sending many DCC NOPs.

Dccproc uses the common DCC client library, which maintains the host
names, IP addresses, round trip times, recent failures, and other
information for each DCC server in the /var/dcc/map file (or wherever
you put it).  All DCC clients using that file update it.  This tactic
minimizes the costs of DNS lookups of the host names of DCC servers as
well as other costs.

Can you point me to the instructions for using dccproc with SpamAssassin?
I've seen one note that included errors such as using `dccproc -Q`.
If the instructions you used included creating the /var/dcc/map file from
scratch on every mail message, then the flood of NOPs would be explained.

If your system sees more than 10,000 mail messages/day, then it would
probably be to your advantage to run a local DCC server with the public
servers only as backups.  Anonymous operations are delayed by passage
through the Internet as well as the value of `dccd -u`.
(See http://www.rhyolite.com/anti-spam/dcc/dcc-tree/dccd.html#OPTION-u )
The European public DCC servers are seeing noticeable traffic from
some of the larger anonymous DCC clients in the western part of the U.S.
Those clients are paying 250 to 350 milliseconds for each mail message.
That doesn't matter if you handle fewer than one message in 10 seconds
but sounds undesirable several times per second.

The round of NOPs required to discover a working server doubles that
cost, and would be a Bad Thing(tm) on every mail message whether due
to SpamAssassin instructions or WIN32 software.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.