dccm feature request

Vernon Schryver vjs@calcite.rhyolite.com
Fri May 21 18:04:15 UTC 2004


> From: Kelsey Cummings 

> > 1000 does not sound like a high limit, and 10-20 seems awfully low.
>
> Well, we've found that AOL likes to blacklist our mail servers after sending
> them less than 1000 spams.  The most obvious response is to drop the dcc
> limits do 500 or so and hope that it drops us below the AOL auto-rathole

That's a good argument for a threshold of 500 or maybe even 100. 
But what about 10-20?  What spammers send only a few dozen?

What spam would leak if you ran your DCC client (dccm, dccproc, dccifd)
with -tIP,500,500
dccd with -KIP
dbclean with -tIP,1day,750,1day
and with suitable "OK IP 10.2.3.4" client or server whitelist lines?

I'm not sure that would work, because I'm confused about which of your
and your customers' hosts are vulnerable to which kinds of spammer attacks.


> AOL seems to be the target of choice for the CGI exploiting spam runs.

Regardless of AOL, wouldn't it be best to fix the CGI holes, if
necessary, turning off the ability of users to install CGI scripts
without prior approval?  Or imposing serious penalties, such as 
fines of $1000/day of an exploited CGI script.  
Or are you talking about customer or co-located web servers?


> spam run through our servers.  Spam sourced from our network is always from
> exploited home PCs, customer CGI, or colocation. 

You can't control any of that spam with SMTP filters unless it goes
through one of your own mail systems.  Do you block or rate limit port
25 in your routers?


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.