Thu Apr 3 00:45:08 UTC 2003
Valentin Chopov wrote: > Hi, > > I have an idea of new feature of the dcc client (e.g. dccm). > I think it will be nice to reject the spam e-mail before the > "reject threshold" is reached from the suspicious IP addresses. > The question is: If dccm rejects some amount of mail from A.B.C.D > why to accept all of the rest mail from this IP address. > My sugegestion is to define 3 types of "rej-thold" instead of 1 > "rej-thold". > "hard-rej-thold" - this is the same as thw current "rej-thold" > "soft-rej-thold" and "limit-rej-thold" > I'll try to explain my idea with an example: > hard-rej-thold=1000 > soft-rej-thold=100 > limit-rej-thold=10 > > If we rejected at least 10 messages with "hard-rej-thold=1000" from > the IP address A.B.C.D, after that to start rejecting messages with > "soft-rej-thold=100" from the same IP address. You may have something here which could be worth thinking about. I ran one of our weekly reports over the log files for one of our inbound servers. The following output shows the top ten hosts which had mail rejected by DCC: Attempts Blocked by DCC 1710 126.96.36.199 1243 188.8.131.52 1101 184.108.40.206 1032 220.127.116.11 466 18.104.22.168 455 22.214.171.124 451 126.96.36.199 447 188.8.131.52 439 184.108.40.206 428 220.127.116.11 The 12.129.205.X hosts are flowgo which can't be blocked outright because some of their stuff is occassional legitimate. We have customers send each other little notes via their web site.
More information about the DCC