DCCM looping

Vernon Schryver vjs@calcite.rhyolite.com
Tue Feb 20 15:47:43 UTC 2007


> From: Rob McMahon 

> > I have a vague hope that an infinite loop related to another MIME
> > problem that I noticed and fixed late last year might solve these cases
> > of dccm looping.


> when all hell broke loose, all email was locked solid when I came in on 
> Monday morning, and dccm wouldn't stay up for more than a few minutes 
> without turning back into a total CPU hog.  Installing 2.3.51 appears to 
> have fixed the problem.
>
> So: has anyone else seen this? I'm wondering if it might have been a 
> deliberate DoS attack.  Do we know what qualities of a message caused 
> the problem?  The other alternative is that it wasn't malicious at all 
> but was a mass mailing of (badly formed?) email.

Since the problems happen on subsequent mail messages, and since a
small percentage of the millions of mail systems on the Internet use
dccm, I think the dccm looping is an unintended, even unrealized side
effect of bad spam.

For most sites, there is a bigger reason to install the current version
of the DCC code.  It significantly increases the DCC hit rates.  Some
installations that pre-filter with DNS blacklist or other mechanisms
and where most legitimate mail involves MIME have been seeing DCC spam
ratios below 20%.  Installing the current version with the other MIME
fix has generally doubled their hit rates.  Many other installations
with 30-40% hit rates with previous versions are now seeing better
than 50%.

(The ratio of spam detected by DCC clients of a DCC server to all
mail checked by the DCC clients is among the per-server graphs.)

It is necessary to install the new version on all of your DCC clients.
DCC clients are those that run dccproc, dccm, or dccifd.  Many DCC
servers have overlooked clients.  This command run as root or the
dcc user will find clients seen by a server since it was last started:
   cdcc "id XXXX; clients -V"
or
   cdcc "id XXXX; password secret; clients -V"
where "secret" is the password for server-ID XXXX in /var/dcc/ids
If you see a DCC client-serer protocol version (the 'v' column)
other than 7 such as 4 then you have a very old and creaky client.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.