1792 requests/sec are too many from 32768 127.0.0.1,41617

Chris Aseltine ophidian@newsnation.com
Wed Jul 18 16:52:46 UTC 2007


On Wed, 18 Jul 2007, Vernon Schryver wrote:

> The current -G option must be "whatever", such as -Gweak-ip. If you
> want to increase the embargo to 1 hour and accept all mail from an
> SMTP client after any message has passed greylisting, try the man page
> suggestion of GREY_DCCD_ARGS="-Gweak-IP,1hour"

Okay thanks.

>> The reason is in about the last month or so, I've seen a huge uptick in
>> the amount of greylisting-resistant spamming, usually it's a picture of a
>> chick measuring some guy's dong with a tape measure, pushing pills or
>> whatever.
>
> The only increase I've noticed in greylist-resistant spam that I've
> noticed is in backscatter.  I wonder if you are using `dccd
> -Gweak-body` or `dccm -GIPmask/xx` with too broad a netmask.

Well, I'm using IPmask/16.  Are you saying I'm (potentially) getting the
same exact spam from two different zombies in the same /16, separated by
some amount of time, and so it counts as passing the embargo?

I'm not using -Gweak-body, and based on the randomizations present in the
email, I would think that's not it, but..

> Unless you are using a DNS blacklist that is purely automatic, an
> embargo less than several hours or a day sounds optimistic.

I thought most DNS blocklists were automatic?  At least the ones that are
powered by spamtraps?




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.