1792 requests/sec are too many from 32768 127.0.0.1,41617

Chris Aseltine ophidian@newsnation.com
Wed Jul 18 02:38:14 UTC 2007


On Wed, 18 Jul 2007, Vernon Schryver wrote:

> Restarting dccd should have no effect on those messages, at least not
> for the current version.
>
> Unless sendmail is misconfigured with something like a loop,
> restarting sendmail will have no effect.

Well, one of restarting sendmail or dccd (or both) makes this problem go
away.  I'm just telling you what I'm observing.

> The message means that `dccd -G on` is receiving a suspiciously high
> rate of requests from the `dccm` (or dccifd or dccproc) process at
> 127.0.0.1 using DCC client-ID 32768.

Yeah, don't know why.  My system does maybe 500 messages per day tops
(maybe 490 spam, 10 legit).  For each mail that comes in, once this
problem starts happening, I get "2798 requests/sec are too many from..."
for every email received, until I restart.

Oddly, restarting also seemed to cause my original email to get resent,
but I have no idea why that is ... I assume it is unrelated.

Actually the reason I was playing with it is because I want to increase my
embargo time from the default.  Right now my only option is -G IPweak/16
or whatever.  If I want to use that, and increase my embargo to say, an
hour, what would be an example of the syntax for my dcc_conf file?

The reason is in about the last month or so, I've seen a huge uptick in
the amount of greylisting-resistant spamming, usually it's a picture of a
chick measuring some guy's dong with a tape measure, pushing pills or
whatever.  I'm hoping that after an hour, either the spammer will give up
or the zombie/proxy/whatever will show up in DNS blocklists by that
time...




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.