Reason for rejected message ?

Vernon Schryver
Wed Feb 28 03:35:42 UTC 2007

> From: Daniel Gehriger 

> > The complaints about DNS timeouts are not good.  Is something wrong
> > with your DNS system?  Dccifd should have at least received NXDOMAIN
> > for from your local caching DNS server.

>                                    There shouldn't be any issues with 
> the DNS system. Most of the time, dccifd doesn't complain about timeouts 
> but then I get waves of those messages until a new DCC DNS helper is 
> started.

I suspect that is turned around and that extra dns-helper processes
are not started until enough of the current helpers have gone missing in
action (and generated complaints) to convince dccifd to start more.

Dccifd (and dccm) keep track of the numbers of active and free dns-helper
processes and try to keep at least one spare, inactive.   If according
to the numbers, another helper is needed, it is created before an
attempt is made to talk to the herd of helpers.  If the resolver library
timeouts are working, then the helpers don't get stuck in the resolver
library code, and there should never be a problem.  If the BIND timeout
hooks are not present or not working, helpers can be busy waiting
while dccifd thinks they are idle.  Dccifd should eventually realize
as much and create more helpers, not immediately.
So I suspect that your system does not have a normal BIND resolver
library.  Does it have the "improved" Linux version?

What messages do you see in the system log from the dns-helper processes?

> > However, none of that is not relevant to this case, because dccifd says
> > that it got no answers from your DNS resolver.  Besides, "DCC-->spam"

> /var/dcc/libexec/dccifd -Ivscan -tREP,10 -tCMN,50,50 -Bset:debug=5 
>,any,any -llog -wwhiteclnt 
> -Uuserdirs -GIPmask/24 -p,10023 -o 
>,10026 -SHELO -Smail_host -SSender -SList-ID

Is fact is there a comma instead of a blank between ",10023"
and ""?

Are you sure those are all of dccifd's args?  The rejection message
for the problematic messages was
    550 5.7.1 Service unavailable; Mail rejected as SPAM
That could have been produced with a -B or -r arg, but not otherwise.

I have tried a bunch of things, but failed to duplicate anything
like the problem.

Vernon Schryver

