dcc client feature suggestion

Tim Wicinski tim@meer.net
Thu Apr 3 00:45:08 UTC 2003


Valentin Chopov wrote:
> Hi,
> 
> I have an idea of new feature of the dcc client (e.g. dccm).
> I think it will be nice to reject the spam e-mail before the
> "reject threshold" is reached from the suspicious IP addresses.
> The question is: If dccm rejects some amount of mail from A.B.C.D
> why to accept all of the rest mail from this IP address.
> My sugegestion is to define 3 types of "rej-thold" instead of 1
> "rej-thold".
> "hard-rej-thold" - this is the same as thw current "rej-thold"
> "soft-rej-thold" and "limit-rej-thold"
> I'll try to explain my idea with an example:
> hard-rej-thold=1000
> soft-rej-thold=100
> limit-rej-thold=10
> 
> If we rejected  at least 10 messages with "hard-rej-thold=1000" from
> the IP address A.B.C.D, after that to start rejecting messages with
> "soft-rej-thold=100" from the same IP address.

You may have something here which could be worth thinking about.  I ran 
one of our weekly reports over the log files for one of our inbound 
servers.  The following output shows the top ten hosts which had mail 
rejected by DCC:

Attempts Blocked by DCC
1710    216.109.92.216
1243    69.0.248.114
1101    64.245.43.112
1032    130.94.182.6
466     12.129.205.70
455     12.129.205.74
451     12.129.205.75
447     12.129.205.60
439     12.129.205.65
428     12.129.205.69

The 12.129.205.X hosts are flowgo which can't be blocked outright 
because some of their stuff is occassional legitimate.  We have 
customers send each other little notes via their web site.






More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.