dccm feature request

Kelsey Cummings kgc@sonic.net
Fri May 21 18:43:26 UTC 2004


On Fri, May 21, 2004 at 12:04:15PM -0600, Vernon Schryver wrote:
> > From: Kelsey Cummings 
> 
> > > 1000 does not sound like a high limit, and 10-20 seems awfully low.
> >
> > Well, we've found that AOL likes to blacklist our mail servers after sending
> > them less than 1000 spams.  The most obvious response is to drop the dcc
> > limits do 500 or so and hope that it drops us below the AOL auto-rathole
> 
> That's a good argument for a threshold of 500 or maybe even 100. 
> But what about 10-20?  What spammers send only a few dozen?
> 
> What spam would leak if you ran your DCC client (dccm, dccproc, dccifd)
> with -tIP,500,500
> dccd with -KIP
> dbclean with -tIP,1day,750,1day
> and with suitable "OK IP 10.2.3.4" client or server whitelist lines?
> 
> I'm not sure that would work, because I'm confused about which of your
> and your customers' hosts are vulnerable to which kinds of spammer attacks.

I'll have to go read up on what the suggested options would do for me.  Our
dcc use has been very vanilla until recently so I'm not versed on it's
tuning.

> You can't control any of that spam with SMTP filters unless it goes
> through one of your own mail systems.  Do you block or rate limit port
> 25 in your routers?

No, and I'm not after it right now beyond helping enforce our policies
and assuring quick response to abuse as it comes up.  

-- 
Kelsey Cummings - kgc@sonic.net           sonic.net, inc.
System Administrator                      2260 Apollo Way
707.522.1000 (Voice)                      Santa Rosa, CA 95407
707.547.2199 (Fax)                        http://www.sonic.net/
Fingerprint = D5F9 667F 5D32 7347 0B79  8DB7 2B42 86B6 4E2C 3896



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.