bad DCC traffic from e-corp.net

Trevor Astrope astrope@e-corp.net
Mon Sep 2 16:38:07 UTC 2002


Here are the instructions in the spamassassin README:


    # tar xfvz dcc-dccproc.tar.Z
    # cd dcc-dccproc-X.X.X
    # ./configure && make && make install
    # cdcc 'new map'
    # cdcc 'add dcc.rhyolite.com'
    # cdcc 'info'

Perhaps there is something wrong with my client. I'm running spamassassin
on my home machine as well to filter all my mail, and haven't experienced
any problems. My home IP is 24.200.195.195 if you would like to check to
make sure all is ok with that client.



Thanks for the info...I'll look into running a server, as there are about
4k to 5k messages being processed per day with plans to increase it if all
goes well.

P.S. Can others please remove the hostmaster@e-corp.net and
kevoy@wired-ee.com addresses from the thread... Thanks.


On Mon, 2 Sep 2002, Vernon Schryver wrote:

> > From: Trevor Astrope <astrope@e-corp.net>
>
> > ...
> > I installed dccproc to use with spamassassin, as it is a requirement, and
> > was unaware that it was causing these problems. It did appear to be
> > working well at first, but I now see a lot of dccproc connection refused
> > messages in the logs.
> >
> > It is a fairly busy mail server and we do get a lot of spam to harvested
> > addresses from our web site. I appologize for the lack of info for e-corp,
> > as the domain has changed to sitesell.com, but the server names were not
> > changed.
> >
> > I've disabled the dcc checks in spamassassin and appologize for any
> > problems this has caused. I did not intend to abuse the service. I have no
> > idea why the client is sending the bad data.
>
> I can't tell what other software any given DCC client is using, but
> judging from independent sources, there are plenty of other sites
> using SpamAssassin with dccproc.  As I can tell, only a few DCC clients
> of the public servers I control are sending many DCC NOPs.
>
> Dccproc uses the common DCC client library, which maintains the host
> names, IP addresses, round trip times, recent failures, and other
> information for each DCC server in the /var/dcc/map file (or wherever
> you put it).  All DCC clients using that file update it.  This tactic
> minimizes the costs of DNS lookups of the host names of DCC servers as
> well as other costs.
>
> Can you point me to the instructions for using dccproc with SpamAssassin?
> I've seen one note that included errors such as using `dccproc -Q`.
> If the instructions you used included creating the /var/dcc/map file from
> scratch on every mail message, then the flood of NOPs would be explained.
>
> If your system sees more than 10,000 mail messages/day, then it would
> probably be to your advantage to run a local DCC server with the public
> servers only as backups.  Anonymous operations are delayed by passage
> through the Internet as well as the value of `dccd -u`.
> (See http://www.rhyolite.com/anti-spam/dcc/dcc-tree/dccd.html#OPTION-u )
> The European public DCC servers are seeing noticeable traffic from
> some of the larger anonymous DCC clients in the western part of the U.S.
> Those clients are paying 250 to 350 milliseconds for each mail message.
> That doesn't matter if you handle fewer than one message in 10 seconds
> but sounds undesirable several times per second.
>
> The round of NOPs required to discover a working server doubles that
> cost, and would be a Bad Thing(tm) on every mail message whether due
> to SpamAssassin instructions or WIN32 software.
>
>
> Vernon Schryver    vjs@rhyolite.com
>

Regards,

Trevor Astrope
astrope@e-corp.net




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.