annotate dccd.0 @ 5:0a7a5940ee3a

Change description per license
author Peter Gervai <grin@grin.hu>
date Tue, 10 Mar 2009 15:03:24 +0100
parents c7f6b056b673
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
1 dccd(8) Distributed Checksum Clearinghouse dccd(8)
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
2
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
3 NNAAMMEE
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
4 ddccccdd -- Distributed Checksum Clearinghouse Daemon
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
5
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
6 SSYYNNOOPPSSIISS
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
7 ddccccdd [--6644ddVVbbffFFQQ] --ii _s_e_r_v_e_r_-_I_D [--nn _b_r_a_n_d] [--hh _h_o_m_e_d_i_r] --II [_h_o_s_t_-_I_D][_,_u_s_e_r]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
8 [--aa [_s_e_r_v_e_r_-_a_d_d_r][_,_s_e_r_v_e_r_-_p_o_r_t]] [--qq _q_s_i_z_e]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
9 [--GG [_o_n_,][_w_e_a_k_-_b_o_d_y_,][_w_e_a_k_-_I_P_,][_e_m_b_a_r_g_o][_,_w_i_n_d_o_w][_,_w_h_i_t_e]]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
10 [--WW [_r_a_t_e][_,_c_h_g][_,_d_b_s_i_z_e]] [--KK [_n_o_-]_t_y_p_e] [--TT _t_r_a_c_e_m_o_d_e]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
11 [--uu _a_n_o_n_-_d_e_l_a_y[_*_i_n_f_l_a_t_e]] [--CC _d_b_c_l_e_a_n] [--LL _l_t_y_p_e_,_f_a_c_i_l_i_t_y_._l_e_v_e_l]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
12 [--RR [_R_L___S_U_B],[_R_L___A_N_O_N],[_R_L___A_L_L___A_N_O_N],[_R_L___B_U_G_S]]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
13
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
14 DDEESSCCRRIIPPTTIIOONN
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
15 DDccccdd receives reports of checksums related to mail received by DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
16 clients and queries about the total number of reports of particular
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
17 checksums. A DCC server never receives mail, address, headers, or other
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
18 information from clients, but only cryptographically secure checksums of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
19 such information. A DCC server cannot determine the text or other infor-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
20 mation that corresponds to the checksums it receives. It only acts as a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
21 clearinghouse of total counts of checksums computed by clients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
22
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
23 Each DCC server or close cluster of DCC servers is identified by a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
24 numeric _s_e_r_v_e_r_-_I_D. Each DCC client is identified by a _c_l_i_e_n_t_-_I_D, either
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
25 explicitly listed in the _i_d_s file or the special anonymous client-ID.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
26 Many computers are expected to share a single _c_l_i_e_n_t_-_I_D. A _s_e_r_v_e_r_-_I_D is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
27 less than 32768 while a _c_l_i_e_n_t_-_I_D is between 32768 and 16777215. DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
28 server-IDs need be known only to DCC servers and the people running them.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
29 The passwords associated with DCC server-IDs should be protected, because
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
30 DCC servers listen to commands authenticated with server-IDs and their
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
31 associated passwords. Each client that does not use the anonymous ID
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
32 must know the client-ID and password used by each of its servers. A sin-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
33 gle client computer can use different passwords with different server
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
34 computers. See the _i_d_s file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
35
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
36 A whitelist of known good (or bad) sources of email prevents legitimate
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
37 mailing lists from being seen as unsolicited bulk email by DCC clients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
38 The whitelist used by a DCC server is built into the database when old
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
39 entries are removed by dbclean(8). Each DCC client has its own, local
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
40 whitelist, and in general, whitelists work better in DCC clients than
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
41 servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
42
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
43 The effectiveness of a Distributed Checksum Clearinghouse increases as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
44 the number of subscribers increases. Flooding reports of checksums among
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
45 DCC servers increases the effective number of subscribers to each server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
46 Each ddccccdd daemon tries to maintain TCP/IP connections to the other
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
47 servers listed in the _f_l_o_d file, and send them reports containing check-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
48 sums with total counts exceeding thresholds. Changes in the _f_l_o_d file
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
49 are noticed automatically within minutes.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
50
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
51 Controls on report flooding are specified in the _f_l_o_d file. Each line
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
52 specifies a hostname and port number to which reports should be flooded,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
53 a server-ID to identify and authenticate the output stream, a server-ID
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
54 to identify and authenticate an input stream from the same server, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
55 flags with each ID. The ability to delete reports of checksums is handy,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
56 but could be abused. If _d_e_l is not present among the _i_n_-_o_p_t_s options for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
57 the incoming ID, incoming delete requests are logged and then ignored.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
58 Floods from DCC "brands" that count only mail to spam traps and whose
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
59 servers use the --QQ option to count extremely bulk mail should be marked
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
60 with _t_r_a_p_s. They can be seen as counting millions of targets, so the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
61 _t_r_a_p_s flag on their _f_l_o_d file entry changes their incoming flooded
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
62 reports counts to _m_a_n_y_.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
63
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
64 DDccccdd automatically checks its _f_l_o_d and _i_d_s files periodically. Cdcc(8)
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
65 has the commands nneeww iiddss and fflloooodd cchheecckk to tell ddccccdd to check those two
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
66 files immediately. Both files are also checked for changes after the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
67 SIGHUP signal.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
68
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
69 OOPPTTIIOONNSS
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
70 The following options are available:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
71
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
72 --66 enable IPv6. The default is equivalent to --44. See also the IPv4
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
73 and IPv6 options in the _f_l_o_d file description below and the _I_P_v_6 _o_n
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
74 cdcc(8) command.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
75
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
76 --44 disable IPv6. See also --66.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
77
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
78 --dd enables debugging output. Additional --dd options increase the number
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
79 of messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
80
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
81 --VV displays the version of the DCC server daemon.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
82
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
83 --bb causes the server to not detach itself from the controlling tty or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
84 put itself into the background.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
85
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
86 --FF uses write() instead of mmap() in some cases to modify the DCC data-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
87 base. It is the default on Solaris.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
88
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
89 --ff turns off --FF.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
90
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
91 --QQ causes the server to treat reports of checksums as queries except
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
92 from DCC clients marked trusted in the _i_d_s file with _r_p_t_-_o_k. See --uu
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
93 to turn off access by anonymous or unauthenticated clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
94
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
95 --ii _s_e_r_v_e_r_-_I_D
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
96 specifies the ID of this DCC server. Each server identifies itself
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
97 as responsible for checksums that it forwards to other servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
98
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
99 --nn _b_r_a_n_d
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
100 is an arbitrary string of letters and numbers that identifies the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
101 organization running the DCC server. The brand is required, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
102 appears in the SMTP _X_-_D_C_C headers generated by the DCC.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
103
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
104 --hh _h_o_m_e_d_i_r
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
105 overrides the default DCC home directory, _/_v_a_r_/_d_c_c.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
106
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
107 --II [_h_o_s_t_-_I_D][_,_u_s_e_r]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
108 changes the server's globally unique identity for flooding from the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
109 default value consisting of the first 16 characters of the host
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
110 name. or changes the UID and GID of the process _H_o_s_t_-_I_D is a string
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
111 of up to 16 characters that replaces the first 16 characters of the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
112 system's hostname in assertions of the server-ID that are flooded to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
113 peers. _U_s_e_r must be valid user name.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
114
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
115 --aa [_s_e_r_v_e_r_-_a_d_d_r][_,_s_e_r_v_e_r_-_p_o_r_t]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
116 adds an hostname or IP address to the list of local IP addresses
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
117 that the server answers. Multiple --aa options can be used to specify
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
118 a subset of the available network interfaces or to use more than one
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
119 port number. The default without any --aa options is to listen on all
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
120 local IP addresses. It can be useful to list some of the IP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
121 addresses of multi-homed hosts to deal with firewalls. By default
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
122 _s_e_r_v_e_r_-_p_o_r_t is 6277 for DCC servers and 6276 for Greylist servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
123 It is the UDP port at which DCC requests are received and the TCP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
124 port for incoming floods of reports.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
125
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
126 If _s_e_r_v_e_r_-_a_d_d_r is absent and if the getifaddrs(8) function is sup-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
127 ported, separate UDP sockets are bound to each configured network
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
128 interface so that each DCC clients receives replies from the IP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
129 addresses to which corresponding request are sent. If ddccccdd is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
130 started before all network interfaces are turned on or there are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
131 interfaces that are turned on and off or change their addresses such
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
132 as PPP interfaces, then the special string _@ should be used to tell
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
133 ddccccdd to bind to an IN_ADDRANY UDP socket.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
134
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
135 Outgoing TCP connections to flood checksum reports to other DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
136 servers used the IP address of a single --aa option, but only if there
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
137 is single option that is not localhost. See also the _f_l_o_d file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
138
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
139 --qq _q_s_i_z_e
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
140 specifies the maximum size of the queue of requests from anonymous
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
141 or unauthenticated clients. The default value is the maximum DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
142 RTT in seconds times 200 or 1000.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
143
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
144 --GG [_o_n_,][_w_e_a_k_-_b_o_d_y_,][_w_e_a_k_-_I_P_,][_e_m_b_a_r_g_o][_,_w_i_n_d_o_w][_,_w_h_i_t_e]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
145 changes ddccccdd to a Greylist server for dccm(8) or dccifd(8).
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
146 Greylisting consists of temporarily rejecting or embargoing mail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
147 from unfamiliar combinations of SMTP client IP address, SMTP enve-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
148 lope sender, and SMTP envelope recipient. If the SMTP client per-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
149 sists for _e_m_b_a_r_g_o _s_e_c_o_n_d_s and so is probably not an open proxy,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
150 worm-infected personal computer, or other transient source of spam,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
151 the triple of _(_I_P _a_d_d_r_e_s_s_,_s_e_n_d_e_r_,_r_e_c_i_p_i_e_n_t_) is added to a database
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
152 similar to the usual DCC database. If the SMTP client does not try
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
153 again after _e_m_b_a_r_g_o seconds and before _w_i_n_d_o_w seconds after the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
154 first attempt, the triple is forgotten. If the SMTP client persists
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
155 past the embargo, the triple is added to the database and becomes
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
156 familiar and the message is accepted. Familiar triples are remem-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
157 bered for _w_h_i_t_e seconds after the last accepted mail message. The
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
158 triple is forgotten if it is ever associated with unsolicited bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
159 email.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
160
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
161 All three durations can be a number of minutes, hours, days, or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
162 weeks followed by _M_I_N_U_T_E_S, _M, _H_O_U_R_S, _H, _D_A_Y_S, _D, _W_E_E_K_S or _W. The
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
163 default is --GG _2_7_0_s_e_c_o_n_d_s_,_7_d_a_y_s_,_6_3_d_a_y_s. The first duration or the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
164 _e_m_b_a_r_g_o should be longer than open proxies can linger retransmit-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
165 ting. The second _w_i_n_d_o_w time should be as long as legitimate mail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
166 servers persist in retransmitting to recognize embargoed messages
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
167 whose retransmissions were not received because of network or other
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
168 problems. The _w_h_i_t_e time should be long enough to recognize and not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
169 embargo messages from regular senders.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
170
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
171 Usually the DCC greylist system requires that an almost identical
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
172 copy of the message be retransmitted during the _e_m_b_a_r_g_o. If
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
173 _w_e_a_k_-_b_o_d_y is present, any message with the same triple of sender IP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
174 address, sender mail address, and target mail address ends the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
175 embargo, even if the body of the message differs.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
176
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
177 If _w_e_a_k_-_I_P is present, all mail from an SMTP client at an IP address
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
178 is accept after any message from the same IP address has been
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
179 accepted.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
180
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
181 Unlike DCC checksums, the contents of greylist databases are private
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
182 and do not benefit from broad sharing. However, large installations
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
183 can use more two or more greylist servers flooding triples among
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
184 themselves. Flooding among greylist servers is controlled by the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
185 _g_r_e_y___f_l_o_d file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
186
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
187 All greylist cooperating or flooding greylist servers _m_u_s_t use the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
188 same --GG values.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
189
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
190 Clients of greylist servers cannot be anonymous and must have
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
191 client-IDs and passwords assigned in the _i_d_s file. This implies
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
192 that cdcc commands directed to greylist servers must specify the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
193 server-ID.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
194
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
195 White- and blacklists are honored by the DCC clients. whitelisted
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
196 messages are embargoed or checked with a greylist server. The
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
197 greylist triples of blacklisted messages, messages whose DCC counts
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
198 make them spam, and other messages known to be spam are sent to a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
199 greylist server to be removed from the greylist database and cause
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
200 an embargo on the next messages with those triples.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
201
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
202 Messages whose checksums match greylist server whitelists are not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
203 embargoed and the checksums of their triples are not added to the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
204 greylist database.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
205
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
206 The target counts of embargoed messages are reported to the DCC net-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
207 work to improve the detection of bulk mail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
208
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
209 --WW [_r_a_t_e][_,_c_h_g][_,_d_b_s_i_z_e]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
210 controls quick database cleaning. If the database is larger than
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
211 _d_b_s_i_z_e, it seems that the database has not recently and is not about
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
212 to be cleaned, ddccccdd is receiving fewer than _r_a_t_e requests per sec-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
213 ond, and if telling DCC clients that the database is about to be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
214 cleaned reduces that rate by _c_h_g%, then ddccccdd starts dbclean(8) for a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
215 quick database cleaning. The cleaning is abandoned if it takes too
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
216 long. The default values are equivalent to --WW _1_._0_,_4_0_._0_,_R_S_S where
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
217 _R_S_S is the maximum dccd resident set displayed the system log by --dd
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
218 when ssttaarrttss.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
219
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
220 --KK [_n_o_-]_t_y_p_e
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
221 marks checksums of _t_y_p_e (not) be kept or counted in the database
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
222 unless they appear in the whitelist. Explicit settings add to or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
223 remove from the initial contents of the list, which is equivalent to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
224 --KK _B_o_d_y --KK _F_u_z_1 --KK _F_u_z_2.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
225
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
226 --TT _t_r_a_c_e_m_o_d_e
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
227 causes the server to trace or record some operations. _t_r_a_c_e_m_o_d_e
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
228 must be one of the following:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
229 _A_D_M_N administrative requests from the control program, cdcc(8)
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
230 _A_N_O_N errors by anonymous clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
231 _C_L_N_T errors by authenticated clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
232 _R_L_I_M rate-limited messages
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
233 _Q_U_E_R_Y all queries and reports
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
234 _R_I_D_C some messages concerning the report-ID cache that is used
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
235 to detect duplicate reports from clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
236 _F_L_O_O_D messages about inter-server flooding connections
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
237 _F_L_O_O_D_2 messages about flooded reports
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
238 _I_D_S unknown server-IDs in flooded reports
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
239 _B_L requests from clients in the _b_l_a_c_k_l_i_s_t file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
240 _D_B odd database events including long chains of duplicate
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
241 checksums
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
242 _W_L_I_S_T reports of whitelisted checksums from authenticated, not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
243 anonymous DCC clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
244 The default is _A_N_O_N _C_L_N_T.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
245
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
246 --uu _a_n_o_n_-_d_e_l_a_y[_*_i_n_f_l_a_t_e]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
247 changes the number of milliseconds anonymous or unauthenticated
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
248 clients must wait for answers to their queries and reports. The
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
249 purpose of this delay is to discourage large anonymous clients. The
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
250 _a_n_o_n_-_d_e_l_a_y is multiplied by 1 plus the number of recent anonymous
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
251 requests from an IP address divided by the _i_n_f_l_a_t_e value.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
252
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
253 The string _F_O_R_E_V_E_R turns off all anonymous or unauthenticated access
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
254 not only for checksum queries and reports but also cdcc(8) ssttaattss
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
255 requests. A missing value for _i_n_f_l_a_t_e turns off inflation.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
256
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
257 The default value is _5_0_,_n_o_n_e, except when --GG is used in which case
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
258 _F_O_R_E_V_E_R is assumed and required.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
259
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
260 --CC _d_b_c_l_e_a_n
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
261 changes the default name or path of the program used to rebuild the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
262 hash table when it becomes too full. The default value is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
263 _/_v_a_r_/_d_c_c_/_l_i_b_e_x_e_c_/_d_b_c_l_e_a_n in the _/_v_a_r_/_d_c_c_/_l_i_b_e_x_e_c directory. The
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
264 value can include arguments as in _-_C _'_$_D_C_C___L_I_B_E_X_E_C_/_d_b_c_l_e_a_n _-_F_'.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
265
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
266 Dbclean _s_h_o_u_l_d _n_o_t be run by ddccccdd except in emergencies such as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
267 database corruption or hash table overflow. Dbclean(8) should be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
268 run daily with the /var/dcc/libexec/cron-dccd cron script
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
269
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
270 --LL _l_t_y_p_e_,_f_a_c_i_l_i_t_y_._l_e_v_e_l
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
271 specifies how messages should be logged. _L_t_y_p_e must be _e_r_r_o_r, _i_n_f_o,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
272 or _o_f_f to indicate which of the two types of messages are being con-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
273 trolled or to turn off all syslog(3) messages from ddccccdd. _L_e_v_e_l must
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
274 be a syslog(3) level among _E_M_E_R_G, _A_L_E_R_T, _C_R_I_T, _E_R_R, _W_A_R_N_I_N_G, _N_O_T_I_C_E,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
275 _I_N_F_O, and _D_E_B_U_G. _F_a_c_i_l_i_t_y must be among _A_U_T_H, _A_U_T_H_P_R_I_V, _C_R_O_N,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
276 _D_A_E_M_O_N, _F_T_P, _K_E_R_N, _L_P_R, _M_A_I_L, _N_E_W_S, _U_S_E_R, _U_U_C_P, and _L_O_C_A_L_0 through
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
277 _L_O_C_A_L_7. The default is equivalent to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
278 --LL _i_n_f_o_,_M_A_I_L_._N_O_T_I_C_E --LL _e_r_r_o_r_,_M_A_I_L_._E_R_R
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
279
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
280 --RR [_R_L___S_U_B],[_R_L___A_N_O_N],[_R_L___A_L_L___A_N_O_N],[_R_L___B_U_G_S]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
281 sets one or more of the four rate-limits. _R_L___S_U_B limits the number
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
282 of DCC transactions per second from subscribers or DCC clients with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
283 known client-IDs and passwords. This limit applies to each IP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
284 address independently.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
285
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
286 _R_L___A_N_O_N limits the number of DCC transactions per second from anony-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
287 mous DCC clients. This limit applies to each IP address indepen-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
288 dently. It is better to use --uu than to change this value to exclude
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
289 anonymous clients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
290
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
291 _R_L___A_L_L___A_N_O_N limits the number of DCC transactions per second from
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
292 all anonymous DCC clients. This limit applies to all anonymous
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
293 clients as a group, regardless of their IP addresses.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
294
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
295 _R_L___B_U_G_S limits the number of complaints or error messages per second
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
296 for all anonymous DCC clients as a group as well as for each DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
297 client by IP address.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
298
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
299 The default is equivalent to --RR _4_0_0_,_5_0_,_6_0_0_,_0_._1
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
300
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
301 FFIILLEESS
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
302 /var/dcc is the DCC home directory containing data and control files.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
303 dcc_db is the database of mail checksums.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
304 dcc_db.hash is the mail checksum database hash table.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
305 grey_db is the database of greylist checksums.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
306 grey_db.hash is the greylist database hash table.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
307 flod contains lines controlling DCC flooding of the form:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
308 _h_o_s_t[_,_r_p_o_r_t][_;_s_r_c[_,_l_p_o_r_t]] _r_e_m_-_I_D [_p_a_s_s_w_d_-_I_D [_o_-_o_p_t [_i_-_o_p_t]]]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
309 where absent optional values are signaled with "-" and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
310 _h_o_s_t is the IP address or name of a DCC server and _r_p_o_r_t is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
311 the name or number of the TCP port used by the remote
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
312 server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
313 _s_r_c and _l_p_o_r_t are the IP address or host name and TCP port
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
314 from which the outgoing flooding connection should come.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
315 Incoming flooding connections must arrive at an address
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
316 and port specified with --aa.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
317 _r_e_m_-_i_d is the server-ID of the remote DCC server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
318 _p_a_s_s_w_d_-_I_D is a server-ID that is not assigned to a server, but
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
319 whose first password is used to sign checksum reports sent
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
320 to the remote system. Either of its passwords are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
321 required with incoming reports. If it is absent or "-",
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
322 outgoing floods are signed with the first password of the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
323 local server in the _i_d_s file and incoming floods must be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
324 signed with either password of the remote server-ID.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
325 _i_-_o_p_t and _o_-_o_p_t are comma separated lists of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
326 _o_f_f turns off flooding to the remote or local system.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
327 _t_r_a_p_s indicates that the remote sending or local receiv-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
328 ing system has only spam traps.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
329 _n_o_-_d_e_l says checksum delete requests are refused by the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
330 remote or local server and so turns off sending or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
331 accepting delete requests, respectively. By default,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
332 delete requests are sent to remote servers and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
333 accepted in incoming floods if and only if the peers
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
334 are exchanging DCC reputations.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
335 _d_e_l says delete requests are accepted by the remote or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
336 local server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
337 _n_o_-_l_o_g_-_d_e_l turns off logging of incoming requests to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
338 delete checksums.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
339 _p_a_s_s_i_v_e is used to tell a server outside a firewall to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
340 expect a peer inside to create both of the pair of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
341 input and output TCP connections used for flooding.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
342 The peer inside the firewall should use _S_O_C_K_S or _N_A_T
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
343 on its _f_l_o_d file entry for this system.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
344 _S_O_C_K_S is used to tell a server inside a firewall that it
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
345 should create both of the TCP connections used for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
346 flooding and that SOCKS protocol should be used. The
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
347 peer outside the firewall should use _p_a_s_s_i_v_e on its
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
348 _f_l_o_d file entry for this system.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
349 _N_A_T differs from _S_O_C_K_S only by not using the SOCKS proto-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
350 col.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
351 _I_D_1_-_>_I_D_2 converts server-ID _I_D_1 in flooded reports to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
352 server-ID _I_D_2. Either _I_D_1 or _I_D_2 may be the string
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
353 `self' to specify the server's own ID. _I_D_1 can be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
354 the string `all' to specify all server-IDs or a pair
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
355 of server-IDs separated by a dash to specify an
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
356 inclusive range. _I_D_2 can be the string `ok' to send
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
357 or receive reports without translation or the string
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
358 `reject' to not send outgoing or refuse incoming
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
359 reports. Only the first matching conversion is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
360 applied. For example, when `self->ok,all->reject' is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
361 applied to a locally generated report, the first con-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
362 version is applied and the second is ignored.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
363 _l_e_a_f_=_p_a_t_h_-_l_e_n does not send reports with paths longer
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
364 than _p_a_t_h_-_l_e_n server-IDs.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
365 _I_P_v_4 overrides a --66 setting for this flooding peer.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
366 _I_P_v_6 overrides the default or an explicit --44 setting.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
367 _v_e_r_s specifies the version of the DCC flooding protocol
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
368 used by the remote DCC server with a string such as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
369 `version2'.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
370 _t_r_a_c_e sends information about a single peer like the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
371 cdcc(8) command ttrraaccee FFLLOOOODD oonn does for all peers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
372 _t_r_a_c_e_2 sends information about individual flooded reports
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
373 like the cdcc(8) command ttrraaccee FFLLOOOODD22 oonn does for all
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
374 peers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
375 grey_flod is the equivalent of _f_l_o_d used by ddccccdd when it is a greylist
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
376 server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
377 flod.map is an automatically generated file in which ddccccdd records its
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
378 progress sending or flooding reports to DCC peers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
379 grey_flod.map is the equivalent of _f_l_o_d_._m_a_p _u_s_e_d _b_y ddccccdd when it is a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
380 greylist server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
381 ids contains the IDs and passwords known by the DCC server. An _i_d_s
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
382 file that can be read by others cannot be used. It contains
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
383 blank lines, comments starting with "#" and lines of the form:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
384 _i_d[_,_r_p_t_-_o_k][_,_d_e_l_a_y_=_m_s[_*_i_n_f_l_a_t_e]] _p_a_s_s_w_d_1 [_p_a_s_s_w_d_2]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
385 where
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
386 _i_d is a DCC _c_l_i_e_n_t_-_I_D or _s_e_r_v_e_r_-_I_D.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
387 _R_p_t_-_o_k if present overrides --QQ by saying that this client is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
388 trusted to report only checksums for unsolicited bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
389 mail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
390 _d_e_l_a_y_=_m_s[_*_i_n_f_l_a_t_e] delays answers to systems using the client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
391 _i_d. The _d_e_l_a_y in milliseconds is multiplied by 1 plus the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
392 number of recent requests from an IP address using _i_d
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
393 divided by the _i_n_f_l_a_t_e value. See --uu.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
394 _p_a_s_s_w_d_1 is the password currently used by clients with identi-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
395 fier _i_d. It is a 1 to 32 character string that does not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
396 contain blank, tab, newline or carriage return characters.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
397 _p_a_s_s_w_d_2 is the optional next password that those clients will
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
398 use. A DCC server accepts either password if both are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
399 present in the file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
400 Both passwords can be absent if the entry not used except to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
401 tell ddccccdd that server-IDs in the flooded reports are valid.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
402 The string _u_n_k_n_o_w_n is equivalent to the null string.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
403 whitelist contains the DCC server whitelist. It is not used directly but
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
404 is loaded into the database when dbclean(8) is run.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
405 grey_whitelist contains the greylist server whitelist. It is not used
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
406 directly but is loaded into the database when dbclean(8) is run
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
407 with --GG.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
408 blacklist if present, contains a list of IP addresses and blocks of IP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
409 addresses DCC clients that are ignored. Each line in the file
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
410 should be blank, a comment starting with '#', or an IP address
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
411 or block of IP addresses in the form
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
412 [_t_r_a_c_e_,] [_o_k_,] [_b_a_d] xxx.xxx.xxx.xxx[/yy]
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
413 Changes to the file are automatically noticed and acted upon
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
414 within a few minutes. Addresses or blocks of addresses can be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
415 preceded with _o_k to "punch holes" in blacklisted blocks or with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
416 _t_r_a_c_e to log activity. This mechanism is intended for no more
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
417 than a few dozen blocks of addresses.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
418 dccd_clients contains client IP addresses and activity counts.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
419 grey_clients contains greylist client IP addresses and activity counts.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
420
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
421 EEXXAAMMPPLLEESS
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
422 ddccccdd is usually started with other system daemons with something like the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
423 script _/_v_a_r_/_d_c_c_/_l_i_b_e_x_e_c_/_r_c_D_C_C. That scripts uses values in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
424 /var/dcc/dcc_conf to start the server. With the argument _s_t_o_p,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
425 _/_v_a_r_/_d_c_c_/_l_i_b_e_x_e_c_/_r_c_D_C_C can be used to stop the daemon.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
426
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
427 The database grows too large unless old reports are removed. dbclean(8)
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
428 should be run daily with the /var/dcc/libexec/cron-dccd cron script
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
429
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
430 SSEEEE AALLSSOO
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
431 cdcc(8), dcc(8), dbclean(8), dblist(8), dccifd(8), dccm(8), dccproc(8).
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
432 dccsight(8),
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
433
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
434 HHIISSTTOORRYY
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
435 ddccccdd is based on an idea from Paul Vixie. It was designed and written at
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
436 Rhyolite Software, starting in 2000. This document describes version
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
437 1.3.103.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
438
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
439 February 26, 2009