http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5790
------- Additional Comments From [EMAIL PROTECTED] 2008-01-17 11:07 ------- > On a failing test a large proportion of NXDomain responses from a name server > never make it back to the querying host. Is there any misguided firewall > or router sitting between both hosts which might misinterpret a barrage of > NXDomain responses as some kind of a DoS attack and drop packets? Or an > equivalent DoS protection functionality on the host itself? Perhaps I am not familiar enough with tcpdump, but when I look at the tcpdump output it looks to me that there are exactly the same number of responses as there are queries. So I don't quite understand how one can conclude that there are large proportion of NXDomain responses from a name server that never make it back to the querying host. Note that tcpdump was running on the machine running the dnsbl test (the querying host). In any case, there is nothing between the two machines. All the machines that I have been testing on are connected to the same ethernet switch. Also, there is no special softwere running on the failing test machine. Perhaps Solaris 8 has something like that built in. In any case, looking at the logs it looks to me as if the responses are reaching the test machine but are not being received by SpamAssassin. Perhaps Solaris 8 can not handle a large number of responses in a short period of time. I am wondering why there are so many queries. I had thought that the dnsbl test would only query the spamassassin server. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
