"no answer from dcc.dcc-servers.net"

Thaddaeus Slany ts.ctms1@cert.siemens.de
Fri Jun 6 01:32:36 UTC 2003


Vernon Schryver wrote:
> 
> > From: Spike Ilacqua <spike@indra.com>
> 
> > ...
> > > Might you be having a firewall issue that is blocking return packets?
> >
> > Nothing on our end.  And a packet capture shows traffic in both
> > direction.  It magically started working again at 16:35 MDT, but it
> > seems to be a recurring issue.
> > ...
> 
> Those messages imply that all 9 of the public DCC servers are not
> answering.  That suggests the problem is common to the path to all of
> them.  Since the servers are fairly widely distributed, that means
> the problem must be fairly close to the client.
> 
> Vernon Schryver    vjs@rhyolite.com


hi Vernon, [cc dcc@calcite.rhyolite.com]

after installing /var/dcc and dccproc in chroot-ed environment I get
same

"no answer from dcc.dcc-servers.net" - messages in my logfile after a
bunch of time of perfect operation before.
Do you have any hint for me what is causing this effect in a chroot
environment?

In my chroot environment I am using a script for calling "dccproc" for
processing e-mails through dcc.

If I use same script in my usual root environment there are no problems
so far.

I am sure I installed all necessary libraries and dcc-files in my chroot
environment.

e.g. ldd /usr/local/bin/dccproc
         libm.so.6 => /lib/libm.so.6 (0x40024000)
         libc.so.6 => /lib/libc.so.6 (0x40046000)
         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)


I have done some "strace" debugging in calling chroot /new_root cdcc
'info', but detected no real strange things. What I am wondering about
is, right after a fresh installation of my /var/dcc in chroot
environment, a "chroot /new_root cdcc info" is showing all working dcc
servers. But after using my script calling "dccproc" for some time
processing incoming e-mails successfully, "DCC" seems loosing all
working dcc servers resulting in "no answer from dcc.dcc-servers.net" on
every checked e-mail message. If I then call a "chroot /new_root cdcc
info" to see info about working servers I get back an empty list
corresponding to the message in the log. It was not possible for me to
"reinizialize" the list with working servers under the chroot again. Do
you or someone have any idea what is causing this?

I would like to have "DCC", "dccproc" and "smtpd" running in a chroot
jail for security reasons. I know "a nice chroot jail may be a pain to
build but should give you enough of a warm fuzzy to make it worth your
while." :-)

Any help is appreciated in solving my "chroot" related dcc problem. BTW,
on my old linux server, same dcc check script is running in a chroot
jail with no such problems. The new and fresh installed server is using
a Suse Linux kernel version 2.4.20-4GB.

Best regards,
Thaddaeus Slany, BNV-GZ Technik
thaddaeus.slany@bnv-gz.de

http://www.bnv-gz.de



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.