1792 requests/sec are too many from 32768 127.0.0.1,41617

Vernon Schryver vjs@calcite.rhyolite.com
Sat May 26 19:56:39 UTC 2007


> From: "Chris Aseltine" 

> What exactly would an error like this mean, or what would cause it?
>
> May 25 23:52:30 dakota dccd grey[176]: 1792 requests/sec are too many from
> 32768 127.0.0.1,41617

It means that the DCC client on port 41617 on 127.0.0.1 with DCC client-ID
32768 sent at least 1792 requests in the preceeding second to the greylist
server.

1792 requests/second are more than 150 million requests per day.
A DCC client hitting a server that hard is probably attempting a
denial of service attack.

1792 requests/second about greylisting imply 1792 SMTP transactions
per second or more than 150 million mail messages per day from a
single MTA.  That is even less likely to be kosher.

If that greylist database server traffic rate is reasonable,
add an -R setting such as "-R 2000' to GREY_DCCD_ARGS in /var/dcc/dcc_conf
and restart `dccd -Gon` with `/var/dcc/libexec/rcDCC start`


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.