Discrepancy between public servers

Cedric Knight cedric@gn.apc.org
Fri Jul 24 09:16:55 UTC 2009


Hi

I run dccifd with SpamAssassin using the public DCC servers, and a user
has recently reported a non-bulk email getting caught as spam.  I
checked and it seems odd to me that there is such a large discrepancy
for the offending checksum between different DCC servers:

X-DCC-Misty-Metrics: mail 1170; Body=1 Fuz1=1 Fuz2=many
                                                      checksum  server
                 env_From: 28cec8de 444a5192 3d08f152 651fd1fb       0
                     From: 79af87a5 8716075c 1f9667c1 95b6f0b7       0
               Message-ID: d43994f1 08b825db 67624e9a 6b298130       0
                 Received: 5670dfb0 82821e39 71afee36 b217b67b       0
                     Body: 7e1aab3a 07098a85 b63e65cc 2f25ac14       1
                     Fuz1: ebc11451 b12abc2d 5f876d7c 8afcae55       1
                     Fuz2: 67279754 87ed81a3 be38bdad 1e7e51af    many

X-DCC-wuwien-Metrics: mail 1290; Body=0 Fuz1=0 Fuz2=0
                                                      checksum  server
                 env_From: 28cec8de 444a5192 3d08f152 651fd1fb       0
                     From: 79af87a5 8716075c 1f9667c1 95b6f0b7       0
               Message-ID: d43994f1 08b825db 67624e9a 6b298130       0
                 Received: 5670dfb0 82821e39 71afee36 b217b67b       0
                     Body: 7e1aab3a 07098a85 b63e65cc 2f25ac14       0
                     Fuz1: ebc11451 b12abc2d 5f876d7c 8afcae55       0
                     Fuz2: 67279754 87ed81a3 be38bdad 1e7e51af       0

X-DCC-z.dcc-servers-Metrics: mail 1049; Body=0 Fuz1=0 Fuz2=0
                                                      checksum  server
                 env_From: 28cec8de 444a5192 3d08f152 651fd1fb       0
                     From: 79af87a5 8716075c 1f9667c1 95b6f0b7       0
               Message-ID: d43994f1 08b825db 67624e9a 6b298130       0
                 Received: 5670dfb0 82821e39 71afee36 b217b67b       0
                     Body: 7e1aab3a 07098a85 b63e65cc 2f25ac14       0
                     Fuz1: ebc11451 b12abc2d 5f876d7c 8afcae55       0
                     Fuz2: 67279754 87ed81a3 be38bdad 1e7e51af       0

Variations of a factor of ten or so, or between 0 and 1, I could
understand, but how can the same checksum score 0 on most servers (at
most 3), and 'many' on Misty?  Could there be some corruption in the
database or the flood?

I've checked on some other hits, and it's not unique to that one sample:

$dccproc -Q -d -C <fp-dcc-bbc.eml
X-DCC-INFN-TO-Metrics: mail 1233; Body=0 Fuz1=0 Fuz2=0
                                                      checksum  server
                 env_From: a1f75b4b 45bac58c 7d0dc870 46b534f5       0
                     From: 238bdb31 2f80713d 38a823c6 e5c4cb0f       0
               Message-ID: 0cffe9bf f4ebc1d7 51f0c426 1be6e3a0       0
                 Received: ece268b8 8689246a 2f3bef01 b772b461       0
                     Body: e6b1758e b10d7a22 1077f4d5 1784d7f6       0
                     Fuz1: 41428ac8 318bc1fd 989470b4 f99a689a       0
                     Fuz2: f9747715 3248962f b345bd8d b5dbe63d       0

$ cdcc "add 71.246.8.99 RTT-4000 ms"
$ dccproc -Q -d -C <fp-dcc-bbc.eml
note recvfrom(???,0): Connection refused
X-DCC-Misty-Metrics: mail 1170; Body=0 Fuz1=0 Fuz2=many
                                                      checksum  server
                 env_From: a1f75b4b 45bac58c 7d0dc870 46b534f5       0
                     From: 238bdb31 2f80713d 38a823c6 e5c4cb0f       0
               Message-ID: 0cffe9bf f4ebc1d7 51f0c426 1be6e3a0       0
                 Received: ece268b8 8689246a 2f3bef01 b772b461       0
                     Body: e6b1758e b10d7a22 1077f4d5 1784d7f6       0
                     Fuz1: 41428ac8 318bc1fd 989470b4 f99a689a       0
                     Fuz2: f9747715 3248962f b345bd8d b5dbe63d    many

BTW I wrote to dcc@misty.com as the contact listed for the server on
http://www.rhyolite.com/dcc/ but it bounced "550 5.1.1
<dcc@misty.com>... User unknown"

Thanks for any help

CK



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.