Thu Apr 3 00:45:08 UTC 2003
Valentin Chopov wrote: > Hi, > > I have an idea of new feature of the dcc client (e.g. dccm). > I think it will be nice to reject the spam e-mail before the > "reject threshold" is reached from the suspicious IP addresses. > The question is: If dccm rejects some amount of mail from A.B.C.D > why to accept all of the rest mail from this IP address. > My sugegestion is to define 3 types of "rej-thold" instead of 1 > "rej-thold". > "hard-rej-thold" - this is the same as thw current "rej-thold" > "soft-rej-thold" and "limit-rej-thold" > I'll try to explain my idea with an example: > hard-rej-thold=1000 > soft-rej-thold=100 > limit-rej-thold=10 > > If we rejected at least 10 messages with "hard-rej-thold=1000" from > the IP address A.B.C.D, after that to start rejecting messages with > "soft-rej-thold=100" from the same IP address. You may have something here which could be worth thinking about. I ran one of our weekly reports over the log files for one of our inbound servers. The following output shows the top ten hosts which had mail rejected by DCC: Attempts Blocked by DCC 1710 184.108.40.206 1243 220.127.116.11 1101 18.104.22.168 1032 22.214.171.124 466 126.96.36.199 455 188.8.131.52 451 184.108.40.206 447 220.127.116.11 439 18.104.22.168 428 22.214.171.124 The 12.129.205.X hosts are flowgo which can't be blocked outright because some of their stuff is occassional legitimate. We have customers send each other little notes via their web site.
More information about the DCC