dccm feature request

Kelsey Cummings kgc@sonic.net
Fri May 21 17:23:01 UTC 2004


On Fri, May 21, 2004 at 10:43:55AM -0600, Vernon Schryver wrote:
> > From: Kelsey Cummings 
> 
> > Here's my situation.  I've only be able to get a rather high limit (1000
> 
> > nice if I could define a reject level for mail sourced from the webservers
> > at 10, or 20 which would have a pronounced affect at dropping outbound
> > spam.
> >
> > One way to accomplish this would be to define classes of users/hosts that
> > have differing thresholds.  Untrusted, with a very low limit, trusted, with
> > a reasonable limit for 'normal' use within our AUP, and Whitelisted, for
> > allowed bulk senders. 
> 
> 1000 does not sound like a high limit, and 10-20 seems awfully low.

Well, we've found that AOL likes to blacklist our mail servers after sending
them less than 1000 spams.  The most obvious response is to drop the dcc
limits do 500 or so and hope that it drops us below the AOL auto-rathole
threshold where we can keep on playing whackamole on the sources inside our
network without having to reroute outbound mail flows to keep legit mail
moving.

AOL seems to be the target of choice for the CGI exploiting spam runs.
I can take action to deal with AOL specifically by setting up a dedicated
server for outbound AOL mail and running some restrictive content filtering
and quarantining but I don't relish that idea.

Perhaps there is another approach I can take to prevent spam from leaving
servers under my control besides DCC bulk detection.

Any suggestions from others?  I can't be the only one struggling with this
problem.  Incidentally, it's been ages since we've had a customer relay a
spam run through our servers.  Spam sourced from our network is always from
exploited home PCs, customer CGI, or colocation.  I imagine we are as clean
as any other ISP our size with a full time abuse desk staff.

-- 
Kelsey Cummings - kgc@sonic.net           sonic.net, inc.
System Administrator                      2260 Apollo Way
707.522.1000 (Voice)                      Santa Rosa, CA 95407
707.547.2199 (Fax)                        http://www.sonic.net/
Fingerprint = D5F9 667F 5D32 7347 0B79  8DB7 2B42 86B6 4E2C 3896



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.