Mercurial > notdcc

annotate dcc.8.in @ 3:b689077d4918

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Ignore old patches
author Peter Gervai <grin@grin.hu>
date Tue, 10 Mar 2009 14:31:24 +0100
parents c7f6b056b673
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
1 .\" Copyright (c) 2008 by Rhyolite Software, LLC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
2 .\"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
3 .\" This agreement is not applicable to any entity which sells anti-spam
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
4 .\" solutions to others or provides an anti-spam solution as part of a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
5 .\" security solution sold to other entities, or to a private network
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
6 .\" which employs the DCC or uses data provided by operation of the DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
7 .\" but does not provide corresponding data to other users.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
8 .\"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
9 .\" Permission to use, copy, modify, and distribute this software without
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
10 .\" changes for any purpose with or without fee is hereby granted, provided
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
11 .\" that the above copyright notice and this permission notice appear in all
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
12 .\" copies and any distributed versions or copies are either unchanged
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
13 .\" or not called anything similar to "DCC" or "Distributed Checksum
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
14 .\" Clearinghouse".
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
15 .\"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
16 .\" Parties not eligible to receive a license under this agreement can
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
17 .\" obtain a commercial license to use DCC by contacting Rhyolite Software
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
18 .\" at sales@rhyolite.com.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
19 .\"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
20 .\" A commercial license would be for Distributed Checksum and Reputation
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
21 .\" Clearinghouse software. That software includes additional features. This
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
22 .\" free license for Distributed ChecksumClearinghouse Software does not in any
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
23 .\" way grant permision to use Distributed Checksum and Reputation Clearinghouse
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
24 .\" software
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
25 .\"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
26 .\" THE SOFTWARE IS PROVIDED "AS IS" AND RHYOLITE SOFTWARE, LLC DISCLAIMS ALL
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
27 .\" WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
28 .\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL RHYOLITE SOFTWARE, LLC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
29 .\" BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
30 .\" OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
31 .\" WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
32 .\" ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
33 .\" SOFTWARE.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
34 .\"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
35 .\" Rhyolite Software DCC 1.3.103-1.112 $Revision$
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
36 .\"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
37 .Dd February 26, 2009
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
38 .ds volume-ds-DCC Distributed Checksum Clearinghouse
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
39 .Dt DCC 8 DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
40 .Os " "
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
41 .Sh NAME
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
42 .Nm DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
43 .Nd Distributed Checksum Clearinghouse
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
44 .Sh DESCRIPTION
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
45 The Distributed Checksum Clearinghouse or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
46 .Nm
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
47 is a cooperative, distributed
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
48 system intended to detect "bulk" mail or mail sent to many people.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
49 It allows individuals receiving a single mail message to determine
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
50 that many
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
51 other people have received essentially identical copies of the message
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
52 and so reject or discard the message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
53 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
54 Source for the server, client, and utilities
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
55 is available at Rhyolite Software, LLC, http://www.rhyolite.com/dcc/
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
56 It is free for organizations that do not sell spam or virus filtering
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
57 services.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
58 .Ss How the DCC Is Used
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
59 The DCC can be viewed as a tool for end users to enforce their
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
60 right to "opt-in" to streams of bulk mail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
61 by refusing bulk mail except from sources in a "whitelist."
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
62 Whitelists are the responsibility of DCC clients,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
63 since only they know which bulk mail they solicited.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
64 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
65 False positives or mail marked as bulk by a DCC server that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
66 is not bulk occur only when a recipient of a message reports it
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
67 to a DCC server as having been received many times
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
68 or when the "fuzzy" checksums of differing messages are the same.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
69 The fuzzy checksums ignore aspects of messages in order to compute
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
70 identical checksums for substantially identical messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
71 The fuzzy checksums are designed to ignore only
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
72 differences that do not affect meanings.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
73 So in practice, you do not need to worry about DCC false positive indications
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
74 of "bulk," but not all bulk mail is unsolicited bulk mail or spam.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
75 You must either use whitelists to distinguish solicited from unsolicited bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
76 mail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
77 or only use DCC indications of "bulk" as part of a scoring system such
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
78 as SpamAssassin.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
79 Besides unsolicited bulk email or spam,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
80 bulk messages include legitimate mail such as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
81 order confirmations from merchants,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
82 legitimate mailing lists,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
83 and empty or test messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
84 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
85 A DCC server estimates the number copies of a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
86 message by counting checksums reported by DCC clients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
87 Each client must decide which
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
88 bulk messages are unsolicited and what degree of "bulkiness" is objectionable.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
89 Client DCC software marks, rejects, or discards mail that is bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
90 according to local thresholds on target addresses from DCC servers
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
91 and unsolicited according to local whitelists.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
92 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
93 DCC servers are usually configured to receive reports from as many targets
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
94 as possible, including sources that cannot be trusted to not exaggerate the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
95 number of copies of a message they see.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
96 A user of a DCC client angry about receiving a message could report it with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
97 1,000,000 separate DCC reports
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
98 or with a single report claiming 1,000,000 targets.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
99 An unprincipled user could subscribe a "spam trap" to mailing lists
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
100 such as those of the IETF or CERT.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
101 Such abuses of the system area not problems,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
102 because much legitimate mail is "bulk."
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
103 You cannot reject bulk mail unless you have a whitelist of sources
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
104 of legitimate bulk mail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
105 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
106 DCC can also be used by an Internet service provider to detect bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
107 mail coming from its own customers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
108 In such circumstances, the DCC client might be configured to only log
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
109 bulk mail from unexpected (not whitelisted) customers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
110 .Ss What the DCC Is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
111 A DCC server accumulates counts of cryptographic checksums of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
112 messages but not the messages themselves.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
113 It exchanges reports of frequently seen checksums with other servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
114 DCC clients send reports of checksums related to incoming mail to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
115 a nearby DCC server running
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
116 .Xr dccd 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
117 Each report from a client includes the number of recipients for the message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
118 A DCC server accumulates the reports and responds to clients the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
119 the current total number of recipients for each checksum.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
120 The client adds an SMTP header to incoming mail containing the total
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
121 counts.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
122 It then discards or rejects mail that is not whitelisted and has
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
123 counts that exceed local thresholds.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
124 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
125 A special value of the number of addressees is "MANY" and means
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
126 it is certain that this message was bulk and might be unsolicited,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
127 perhaps because it came from a locally blacklisted source or was
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
128 addressed to an invalid address or "spam trap."
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
129 The special value "MANY" is merely the largest value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
130 that fits in the fixed sized field containing the count of addressees.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
131 That "infinity" accumulated total can be reached with millions of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
132 independent reports as well as with one or two.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
133 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
134 DCC servers
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
135 .Em flood
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
136 or send
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
137 reports of checksums of bulk mail to neighboring servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
138 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
139 To keep a server's database of checksums from growing without bound,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
140 checksums are forgotten when they become old.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
141 Checksums of bulk mail are kept longer.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
142 See
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
143 .Xr dbclean 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
144 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
145 DCC clients pick the nearest working DCC server using a small shared
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
146 or memory mapped file,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
147 .Pa @prefix@/map .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
148 It contains server names, port numbers, passwords, recent performance
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
149 measures, and so forth.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
150 This file allows clients to use quick retransmission timeouts
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
151 and to waste little time on servers that have temporarily
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
152 stopped working or become unreachable.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
153 The utility program
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
154 .Xr cdcc 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
155 is used to maintain this file as well as to check the health of servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
156 .Ss X-DCC Headers
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
157 The DCC software includes several programs used by clients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
158 .Xr Dccm 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
159 uses the sendmail "milter" interface to query a DCC server,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
160 add header lines to incoming mail,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
161 and reject mail whose total checksum counts are high.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
162 Dccm is intended to be run with SMTP servers using sendmail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
163 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
164 .Xr Dccproc 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
165 adds header lines to mail presented by file name or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
166 .Pa stdin ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
167 but relies on other programs
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
168 such as procmail to deal with mail with large counts.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
169 .Xr Dccsight 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
170 is similar but deals with previously computed checksums.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
171 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
172 .Xr Dccifd 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
173 is similar to dccproc but is not run separately for each mail message
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
174 and so is far more efficient.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
175 It receives mail messages via a socket somewhat like dccm,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
176 but with a simpler protocol that can be used by Perl scripts
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
177 or other programs.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
178 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
179 DCC SMTP header lines are of one of the forms:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
180 .Bd -literal -offset 2n
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
181 X-DCC-brand-Metrics: client server-ID; bulk cknm1=count cknm2=count ...
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
182 X-DCC-brand-Metrics: client; whitelist
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
183 .Ed
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
184 where
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
185 .Bl -hang -offset 3n -compact
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
186 .It Em whitelist
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
187 appears if the global or per-user
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
188 .Pa whiteclnt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
189 file marks the message as good.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
190 .It Em brand
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
191 is the "brand name" of the DCC server, such as "RHYOLITE".
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
192 .It Em client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
193 is the name or IP address of the DCC client that added the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
194 header line to the SMTP message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
195 .It Em server-ID
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
196 is the numeric ID of the DCC server that the DCC client contacted.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
197 .It Em bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
198 is present if one or more checksum counts exceeded the DCC client's
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
199 thresholds to make the message "bulky."
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
200 .It Em bulk rep
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
201 is present if the DCC reputation of the IP address of the sender is bad.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
202 .It Em cknm1 , Ns Em cknm2 , Ns ...
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
203 are types of checksums:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
204 .Bl -hang -offset 2n -width "Message-IDx" -compact
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
205 .It Em IP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
206 address of SMTP client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
207 .It Em env_From
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
208 SMTP envelope value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
209 .It Em From
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
210 SMTP header line
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
211 .It Em Message-ID
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
212 SMTP header line
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
213 .It Em Received
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
214 last Received: header line in the SMTP message
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
215 .It Em substitute
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
216 SMTP header line chosen by the DCC client, prefixed with the name of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
217 the header
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
218 .It Em Body
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
219 SMTP body ignoring white-space
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
220 .It Em Fuz1
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
221 filtered or "fuzzy" body checksum
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
222 .It Em Fuz2
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
223 another filtered or "fuzzy" body checksum
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
224 .It Em rep
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
225 DCC reputation of the mail sender or the estimated
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
226 probability that the message is bulk.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
227 .El
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
228 Counts for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
229 .Em IP , env_From , From ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
230 .Em Message-Id , Received ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
231 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
232 .Em substitute
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
233 checksums are omitted by the DCC client if the server
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
234 says it has no information.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
235 Counts for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
236 .Em Fuz1
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
237 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
238 .Em Fuz2
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
239 are omitted if the message body is empty or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
240 contains too little of the right kind of information
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
241 for the checksum to be computed.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
242 .It Em count
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
243 is the total number of recipients of messages with that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
244 checksum reported directly or indirectly to the DCC server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
245 The special count "MANY" means that DCC client have claimed that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
246 the message is directed at millions of recipients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
247 "MANY" imples the message is definitely bulk, but not necessarily unsolicited.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
248 The special counts "OK" and "OK2" mean the checksum has been
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
249 marked "good" or "half-good" by DCC servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
250 .El
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
251 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
252 .Ss Mailing lists
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
253 Legitimate mailing list traffic differs from spam only in being solicited
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
254 by recipients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
255 Each client should have a private whitelist.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
256 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
257 DCC whitelists can also mark mail as unsolicited bulk using
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
258 blacklist entries for commonly forged values such as "From: user@public.com".
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
259 .Ss White and Blacklists
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
260 DCC server and client whitelist files share a common format.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
261 Server files are always named
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
262 .Pa whitelist
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
263 and one is required to be in the DCC home directory
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
264 with the other server files.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
265 Client whitelist files are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
266 named
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
267 .Pa whiteclnt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
268 in the DCC home directory or a subdirectory specified with the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
269 .Fl U
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
270 option for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
271 .Xr dccm 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
272 They specify mail that should not be reported to a DCC server or that is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
273 always unsolicited and almost certainly bulk.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
274 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
275 A DCC whitelist file contains blank lines, comments starting
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
276 with "#",
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
277 and lines of the following forms:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
278 .Bl -tag -offset 2n -width 4n -compact
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
279 .It Ar include file
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
280 Copies the contents of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
281 .Ar file
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
282 into the whitelist.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
283 It can occur only in the main whitelist or whiteclnt file and not in an
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
284 included file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
285 The file name should be absolute or relative to the DCC home directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
286 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
287 .It Ar count Em value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
288 lines specify checksums that should be white- or blacklisted.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
289 .Bl -inset -offset 2n -compact
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
290 .It Ar count Em env_From Ar 821-path
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
291 .It Ar count Em env_To Ar dest-mailbox
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
292 .It Ar count Em From Ar 822-mailbox
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
293 .It Ar count Em Message-ID Ar <string>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
294 .It Ar count Em Received Ar string
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
295 .It Ar count Em Substitute Ar header string
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
296 .It Ar count Ar Hex ctype cksum
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
297 .It Ar count Em ip Ar IP-address
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
298 .El
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
299 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
300 .Bl -tag -offset 2n -width 4n -compact
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
301 .It Ar MANY Em value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
302 indicates that millions of targets have received messages with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
303 the header, IP address, or checksum
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
304 .Em value .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
305 .It Ar OK Em value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
306 .It Ar OK2 Em value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
307 say that messages with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
308 the header, IP address, or checksum
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
309 .Em value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
310 are OK and should not reported to DCC servers
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
311 or be greylisted.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
312 .Ar OK2
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
313 says that the message is "half OK."
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
314 Two
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
315 .Ar OK2
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
316 checksums associated with a message are equivalent to one
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
317 .Ar OK .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
318 .br
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
319 A DCC server never shares or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
320 .Em floods
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
321 reports containing checksums
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
322 marked in its whitelist with OK or OK2 to other servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
323 A DCC client does not report or ask its server about messages
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
324 with a checksum marked OK or OK2 in the client whitelist.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
325 This is intended to allow a DCC client to keep private mail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
326 so private that even its checksums are not disclosed.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
327 .It Ar MX Em IP-address-or-hostname
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
328 .It Ar MXDCC Em IP-address-or-hostname
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
329 mark an address or block of addresses of trust mail relays including
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
330 MX servers, smart hosts, and bastion or DMZ relays.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
331 The DCC clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
332 .Xr dccm 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
333 .Xr dccifd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
334 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
335 .Xr dccproc 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
336 parse and skip initial Received: headers added by listed MX servers to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
337 determine the external sources of mail messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
338 Unsolicited bulk mail that has been forwarded through listed addresses
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
339 is discarded by
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
340 .Xr dccm 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
341 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
342 .Xr dccifd 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
343 as if with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
344 .Fl a Ar DISCARD
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
345 instead of rejected.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
346 .Ar MXDCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
347 marks addresses that are MX servers that run DCC clients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
348 The checksums for a mail message that has been forwarded through
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
349 an address listed as MXDCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
350 queried instead of reported.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
351 .It Ar SUBMIT Em IP-address-or-hostname
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
352 marks an IP address or block addresses of SMTP submission clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
353 such as web browsers
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
354 that cannot tolerate 4yz temporary rejections
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
355 but that cannot be trusted to not send spam.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
356 Since they are local addresses, DCC Reputations are not computed for them.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
357 .El
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
358 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
359 .Ar value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
360 in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
361 .Ar count Em value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
362 lines can be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
363 .Bl -tag -offset 2n -width 4n -compact
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
364 .It Ar dest-mailbox
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
365 is an RFC\ 821 address or a local user name.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
366 .It Ar 821-path
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
367 is an RFC\ 821 address.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
368 .It Ar 822-mailbox
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
369 is an RFC\ 822 address with optional name.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
370 .It Em Substitute Ar header
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
371 is the name of an SMTP header such as "Sender" or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
372 the name of one of two SMTP envlope values, "HELO," or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
373 "Mail_Host" for the resolved host name from the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
374 .Ar 821-path
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
375 in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
376 the message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
377 .It Ar Hex ctype cksum
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
378 starts with the string
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
379 .Em Hex
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
380 followed a checksum type, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
381 a string of four hexadecimal numbers obtained from a DCC log file
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
382 or the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
383 .Xr dccproc 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
384 command using
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
385 .Fl CQ .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
386 The checksum type is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
387 .Em body , Fuz1 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
388 or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
389 .Em Fuz2
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
390 or one of the preceding checksum types such as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
391 .Em env_From .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
392 .It Ar IP-address
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
393 is a host name, IPv4 or IPv6 address, or a block
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
394 of IP addresses in the standard xxx/mm from with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
395 mm limited for server whitelists to 16 for IPv4 or 112 for IPv6.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
396 There can be at most 64 CIDR blocks in a client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
397 .Pa whiteclnt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
398 file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
399 A host name is converted to IP addresses with DNS,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
400 .Pa /etc/hosts
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
401 or other mechanisms
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
402 and one checksum for each addresses added to the whitelist.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
403 .El
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
404 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
405 .It Ar option setting
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
406 can only be in a DCC client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
407 .Pa whiteclnt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
408 file used by
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
409 .Xr dccifd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
410 .Xr dccm 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
411 or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
412 .Xr dccproc 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
413 Settings in per-user whiteclnt files override settings
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
414 in the global file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
415 .Ar Setting
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
416 can be any of the following:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
417 .Bl -tag -offset 2n -width 2n -compact
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
418 .It Ar option log-all
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
419 to log all mail messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
420 .It Ar option log-normal
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
421 to log only messages that meet the logging thresholds.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
422 .It Ar option log-subdirectory-day
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
423 .It Ar option log-subdirectory-hour
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
424 .It Ar option log-subdirectory-minute
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
425 creates log files containing mail messages in subdirectories
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
426 of the form
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
427 .Ar JJJ ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
428 .Ar JJJ/HH ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
429 or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
430 .Ar JJJ/HH/MM
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
431 where
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
432 .Ar JJJ
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
433 is the current julian day,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
434 .Ar HH
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
435 is the current hour, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
436 .Ar MM
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
437 is the current minute.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
438 See also the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
439 .Fl l Ar logdir
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
440 option for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
441 .Xr dccm 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
442 .Xr dccifd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
443 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
444 .Xr dccproc 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
445 .It Ar option dcc-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
446 .It Ar option dcc-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
447 Control DCC filtering.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
448 See the discussion of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
449 .Fl W
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
450 for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
451 .Xr dccm 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
452 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
453 .Xr dccifd 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
454 .It Ar option greylist-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
455 .It Ar option greylist-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
456 to control greylisting.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
457 Greylisting for other recipients in the same SMTP transaction
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
458 can still cause greylist temporary rejections.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
459 .Ar greylist-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
460 in the main whiteclnt file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
461 .It Ar option greylist-log-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
462 .It Ar option greylist-log-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
463 to control logging of greylisted mail messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
464 .It Ar option DCC-rep-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
465 .It Ar option DCC-rep-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
466 to honor or ignore DCC Reputations computed by the DCC server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
467 .It Ar option DNSBL1-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
468 .It Ar option DNSBL1-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
469 .It Ar option DNSBL2-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
470 .It Ar option DNSBL2-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
471 .It Ar option DNSBL3-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
472 .It Ar option DNSBL3-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
473 honor or ignore results of DNS blacklist checks configured with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
474 .Fl B
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
475 for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
476 .Xr dccm 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
477 .Xr dccifd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
478 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
479 .Xr dccproc 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
480 .It Ar option MTA-first
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
481 .It Ar option MTA-last
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
482 consider MTA determinations of spam or not-spam first so they can be overridden
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
483 by
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
484 .Pa whiteclnt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
485 files, or last so that they can override
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
486 .Pa whiteclnt files.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
487 .It Ar option forced-discard-ok
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
488 .It Ar option no-forced-discard
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
489 control whether
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
490 .Xr dccm 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
491 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
492 .Xr dccifd 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
493 are allowed to discard a message for one mailbox for which
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
494 it is spam when it is not spam and must be delivered to another mailbox.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
495 This can happen if a mail message is addressed to two or more mailboxes with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
496 differing whitelists.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
497 Discarding can be undesirable because false positives are not communicated
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
498 to mail senders.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
499 To avoid discarding,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
500 .Xr dccm 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
501 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
502 .Xr dccifd 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
503 running in proxy mode temporarily reject SMTP envelope
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
504 .Em Rcpt To
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
505 values that involve differing
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
506 .Pa whiteclnt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
507 files.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
508 .It Ar option threshold type,rej-thold
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
509 has the same effects as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
510 .Fl c Ar type,rej-thold
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
511 for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
512 .Xr dccproc 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
513 or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
514 .Fl t Ar type,rej-thold
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
515 for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
516 .Xr dccm 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
517 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
518 .Xr dccifd 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
519 It is useful only in per-user whiteclnt files to override the global
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
520 DCC checksum thresholds.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
521 .It Ar option spam-trap-accept
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
522 .It Ar option spam-trap-reject
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
523 say that mail should be reported to the DCC server as extremely
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
524 bulk or with target counts of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
525 .Ar MANY .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
526 Greylisting, DNS blacklist (DNSBL), and other checks are turned off.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
527 .Ar Spam-trap-accept
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
528 tells the MTA to accept the message while
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
529 .Ar spam-trap-reject
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
530 tells the MTA to reject the message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
531 Use
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
532 .Ar Spam-trap-accept
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
533 for spam traps that should not be disclosed.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
534 .Ar Spam-trap-reject
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
535 can be used on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
536 .Em catch-all
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
537 mailboxes that might receive legitimate mail by typographical errors
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
538 and that senders should be told about.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
539 .El
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
540 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
541 In the absence of explicit settings,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
542 the default in the main whiteclnt file is equivalent to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
543 .Bl -hang -offset 4n -width 4n -compact
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
544 .It Ar option log-normal
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
545 .It Ar option dcc-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
546 .It Ar option greylist-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
547 .It Ar option greylist-log-on
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
548 .It Ar option DCC-rep-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
549 .It Ar option DNSBL1-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
550 .It Ar option DNSBL2-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
551 .It Ar option DNSBL3-off
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
552 .It Ar MTA-last
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
553 .It Ar option no-forced-discard
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
554 .El
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
555 The defaults for individual recipient
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
556 .Pa whiteclnt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
557 files are the same except as change by explicit settings
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
558 in the main file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
559 .El
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
560 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
561 Checksums of the IP address of the SMTP client sending a mail message
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
562 are practically unforgeable, because it is impractical for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
563 an SMTP client to "spoof" its address or pretend to use some other IP address.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
564 That would make the IP address of the sender useful for whitelisting,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
565 except that the IP address of the SMTP client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
566 is often not available to users of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
567 .Xr dccproc 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
568 In addition, legitimate mail relays make whitelist entries for IP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
569 addresses of little use.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
570 For example,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
571 the IP address from which a message arrived might be that of a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
572 local relay instead of the home address of a whitelisted mailing list.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
573 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
574 Envelope and header
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
575 .Ar From
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
576 values can be forged,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
577 so whitelist entries for their checksums are not entirely reliable.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
578 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
579 Checksums of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
580 .Ar env_To
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
581 values are never sent to DCC servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
582 They are valid in only
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
583 .Pa whiteclnt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
584 files
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
585 and used only by
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
586 .Xr dccm 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
587 .Xr dccifd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
588 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
589 .Xr dccproc 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
590 when the envelope
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
591 .Em Rcpt To
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
592 value is known.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
593 .Ss Greylists
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
594 The DCC server,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
595 .Xr dccd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
596 can be used to maintain a greylist database for some DCC clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
597 including
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
598 .Xr dccm 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
599 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
600 .Xr dccifd 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
601 Greylisting involves temporarily refusing mail from unfamiliar
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
602 SMTP clients and is unrelated to filtering with a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
603 Distributed Checksum Clearinghouse.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
604 .br
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
605 See http://projects.puremagic.com/greylisting/
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
606 .Ss Privacy
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
607 Because sending mail is a less private act than receiving it,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
608 and because sending bulk mail is usually not private at all
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
609 and cannot be very private,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
610 the DCC tries first to protect the privacy of mail recipients,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
611 and second the privacy of senders of mail that is not bulk.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
612 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
613 DCC clients necessarily disclose some information about mail they have
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
614 received.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
615 The DCC database contains checksums of mail bodies,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
616 header lines, and source addresses.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
617 While it contains significantly less information than is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
618 available by "snooping" on Internet links,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
619 it is important that the DCC database be treated as containing
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
620 sensitive information and to not put the most private information
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
621 in the DCC database.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
622 Given the contents of a message, one might determine
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
623 whether that message has been received
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
624 by a system that subscribes to the DCC.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
625 Guesses about the sender and addressee of a message can also be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
626 validated if the checksums of the message have been sent to a DCC server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
627 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
628 Because the DCC is distributed,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
629 organizations can operate their own DCC servers, and configure
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
630 them to share or "flood" only the checksums of bulk mail that is not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
631 in local whitelists.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
632 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
633 DCC clients should not report the checksums of messages known to be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
634 private to a DCC server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
635 For example, checksums of messages local to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
636 a system or that are otherwise known a priori to not be unsolicited bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
637 should not be sent to a remote DCC server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
638 This can accomplished by adding entries for the sender to the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
639 client's local whitelist file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
640 Client whitelist files can also include entries for email recipients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
641 whose mail should not be reported to a DCC server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
642 .Ss Security
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
643 Whenever considering security,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
644 one must first consider the risks.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
645 The worst DCC security problems are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
646 unauthorized commands to a DCC service,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
647 denial of the DCC service,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
648 and corruption of DCC data.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
649 The worst that can be done with remote commands to a DCC server is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
650 to turn it off or otherwise cause it to stop responding.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
651 The DCC is designed to fail gracefully,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
652 so that a denial of service attack
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
653 would at worst allow delivery of mail that would otherwise be rejected.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
654 Corruption of DCC data might at worst cause mail that is already
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
655 somewhat "bulk" by virtue of being received by two or more people
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
656 to appear have higher recipient numbers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
657 Since DCC users
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
658 .Em must
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
659 whitelist all sources of legitimate bulk mail,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
660 this is also not a concern.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
661 Such security risks should be addressed,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
662 but only with defenses that don't cost more than the possible damage from
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
663 an attack.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
664 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
665 The DCC must contend with senders of unsolicited bulk mail who
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
666 resort to unlawful actions
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
667 to express their displeasure at having their advertising blocked.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
668 Because the DCC protocol is based
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
669 on UDP, an unhappy advertiser could try to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
670 flood a DCC server with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
671 packets supposedly from subscribers or non-subscribers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
672 DCC servers defend against that attack by rate-limiting requests
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
673 from anonymous users.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
674 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
675 Also because of the use of UDP, clients must be protected
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
676 against forged answers to their queries.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
677 Otherwise an unsolicited bulk mail advertiser could send
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
678 a stream of "not spam" answers to an SMTP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
679 client while simultaneously sending mail that would otherwise be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
680 rejected.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
681 This is not a problem for authenticated clients of the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
682 DCC because they share a secret with the DCC.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
683 Unauthenticated, anonymous DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
684 clients do not share any secrets with the DCC, except for unique and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
685 unpredictable bits in each query or report sent to the DCC.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
686 Therefore, DCC servers cryptographically sign answers to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
687 unauthenticated clients with bits from the corresponding queries.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
688 This protects against attackers that do not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
689 have access to the stream of packets from the DCC client.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
690 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
691 The passwords or shared secrets used in the DCC client and server programs
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
692 are "cleartext" for several reasons.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
693 In any shared secret authentication system,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
694 at least one party must know the secret or keep the secret in cleartext.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
695 You could encrypt the secrets in a file, but because they are used
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
696 by programs, you would need a cleartext copy of the key to decrypt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
697 the file somewhere in the system, making such a scheme more expensive
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
698 but no more secure than a file of cleartext passwords.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
699 Asymmetric systems such as that used in UNIX allow one party to not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
700 know the secrets, but they must be and are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
701 designed to be computationally expensive when used in applications
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
702 like the DCC that involve thousands or more authentication checks per second.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
703 Moreover, because of "dictionary attacks,"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
704 asymmetric systems are now little more secure than
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
705 keeping passwords in cleartext.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
706 An adversary can compare the hash values of combinations of common words
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
707 with /etc/passwd hash values to look for bad passwords.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
708 Worse, by the nature of a client/server protocol like that used in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
709 the DCC, clients must have the cleartext password.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
710 Since it is among the more numerous and much less secure clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
711 that adversaries would seek files of DCC passwords,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
712 it would be a waste to complicate the DCC server with an asymmetric
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
713 system.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
714 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
715 The DCC protocol is vulnerable to dictionary attacks to recover passwords.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
716 An adversary could capture some DCC packets, and then check to see
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
717 if any of the 100,000 to 1,000,000 passwords in so called
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
718 "cracker dictionaries"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
719 applied to a packet generated the same signature.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
720 This is a concern only if DCC passwords are poorly chosen, such
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
721 as any combination of words in an English dictionary.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
722 There are ways to prevent this vulnerability regardless of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
723 how badly passwords are chosen, but they are computationally expensive
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
724 and require additional network round trips.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
725 Since DCC passwords are created and typed into files once
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
726 and do not need to be remembered by people,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
727 it is cheaper and quite easy to simply choose good passwords
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
728 that are not in dictionaries.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
729 .Ss Reliability
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
730 It is better to fail to filter unsolicited bulk mail than to fail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
731 to deliver legitimate mail, so DCC clients fail in the direction of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
732 assuming that mail is legitimate or even whitelisted.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
733 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
734 A DCC client sends a report or other request and waits for an answer.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
735 If no answer arrives within a reasonable time,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
736 the client retransmits.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
737 There are many things that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
738 might result in the client not receiving an answer,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
739 but the most important is packet loss.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
740 If the client's request does not reach the server,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
741 it is easy and harmless for the client to retransmit.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
742 If the client's request reached the server but the server's response was lost,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
743 a retransmission to the same server would be misunderstood as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
744 a new report of another copy of the same message unless it is detected
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
745 as a retransmission by the server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
746 The DCC protocol includes transactions identifiers for this purpose.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
747 If the client retransmitted to a second server,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
748 the retransmission would be misunderstood by the second server as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
749 a new report of the same message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
750 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
751 Each request from a client includes a timestamp to aid the client in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
752 measuring the round trip time to the server and to let the client pick
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
753 the closest server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
754 Clients monitor the speed of all of the servers they know including
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
755 those they are not currently using,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
756 and use the quickest.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
757 .Ss Client and Server-IDs
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
758 Servers and clients use numbers or IDs to identify themselves.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
759 ID 1 is reserved for anonymous, unauthenticated clients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
760 All other IDs are associated with a pair of passwords in the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
761 .Pa ids
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
762 file, the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
763 current and next or previous and current passwords.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
764 Clients included their client IDs in their messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
765 When they are not using the anonymous ID,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
766 they sign their messages to servers with the first password
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
767 associated with their client-ID.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
768 Servers treat messages with signatures that match neither of the passwords
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
769 for the client-ID in their own
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
770 .Pa ids
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
771 file as if the client had used the anonymous ID.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
772 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
773 Each server has a unique
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
774 .Em server-ID
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
775 less than 32768.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
776 Servers use their IDs to identify checksums that they
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
777 .Em flood
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
778 to other servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
779 Each server expects local clients sending administrative
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
780 commands to use the server's ID and sign administrative commands
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
781 with the associated password.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
782 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
783 Server-IDs must be unique among all systems that share reports
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
784 by "flooding."
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
785 All servers must be told of the IDs all other servers whose
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
786 reports can be received in the local
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
787 .Pa @prefix@/flod
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
788 file described in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
789 .Xr dccd 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
790 However, server-IDs can be mapped during flooding between
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
791 independent DCC organizations.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
792 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
793 .Em Passwd-IDs
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
794 are server-IDs that should not be assigned to servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
795 They appear in the often publicly readable
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
796 .Pa @prefix@/flod
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
797 and specify passwords in the private
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
798 .Pa @prefix@/ids
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
799 file for the inter-server flooding protocol
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
800 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
801 The client identified by a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
802 .Em client-ID
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
803 might be a single computer with a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
804 single IP address, a single but multi-homed computer, or many computers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
805 Client-IDs are not used to identify checksum reports, but
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
806 the organization operating the client.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
807 A client-ID need only be unique among clients using a single server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
808 A single client can use different client-IDs for different servers,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
809 each client-ID authenticated with a separate password.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
810 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
811 An obscure but important part of all of this is that the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
812 inter-server flooding algorithm
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
813 depends on server-IDs and timestamps attached to reports of checksums.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
814 The inter-server flooding mechanism
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
815 requires cooperating DCC servers to maintain reasonable clocks
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
816 ticking in UTC.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
817 Clients include timestamps in their requests, but as long as their
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
818 timestamps are unlikely to be repeated, they need not be very accurate.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
819 .Ss Installation Considerations
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
820 DCC clients on a computer share information about which servers
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
821 are currently working and their speeds in a shared memory segment.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
822 This segment also contains server host names, IP addresses, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
823 the passwords needed to authenticate known clients to servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
824 That generally requires that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
825 .Xr dccm 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
826 .Xr dccproc 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
827 .Xr dccifd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
828 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
829 .Xr cdcc 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
830 execute with an UID that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
831 can write to the DCC home directory and its files.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
832 The sendmail interface, dccm,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
833 is a daemon that can be started by an "rc" or other script already
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
834 running with the correct UID.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
835 The other two, dccproc and cdcc need to be set-UID because they are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
836 used by end users.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
837 They relinquish set-UID privileges when not needed.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
838 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
839 Files that contain cleartext passwords including the shared file used by clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
840 must be readable only by "owner."
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
841 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
842 The data files required by a DCC can be in a single "home" directory,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
843 .Pa @prefix@ .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
844 Distinct DCC servers can run on a single computer, provided they use
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
845 distinct UDP port numbers and home directories.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
846 It is possible and convenient for the DCC clients using a server
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
847 on the same computer to use the same home directory as the server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
848 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
849 The DCC source distribution includes sample control files.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
850 They should be modified appropriately and then copied to the DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
851 home directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
852 Files that contain cleartext passwords must not be publicly readable.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
853 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
854 The DCC source includes "feature" m4 files to configure
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
855 sendmail to use
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
856 .Xr dccm 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
857 to check a DCC server about incoming mail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
858 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
859 See also the INSTALL.html file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
860 .Ss Client Installation
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
861 Installing a DCC client starts with obtaining or compiling program binaries
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
862 for the client server data control tool,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
863 .Xr cdcc 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
864 Installing the sendmail DCC interface,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
865 .Xr dccm 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
866 or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
867 .Xr dccproc 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
868 the general or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
869 .Xr procmail 1
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
870 interface
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
871 is the main part of the client installation.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
872 Connecting the DCC to sendmail with dccm is most powerful,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
873 but requires administrative control of the system running sendmail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
874 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
875 As noted above, cdcc and dccproc should be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
876 set-UID to a suitable UID.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
877 Root or 0 is thought to be safe for both, because they are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
878 careful to release privileges except when they need them to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
879 read or write files in the DCC home directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
880 A DCC home directory,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
881 .Pa @prefix@
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
882 should be created.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
883 It must be owned and writable by the UID to which cdcc is set.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
884 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
885 After the DCC client programs have been obtained,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
886 contact the operator(s) of the chosen DCC server(s)
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
887 to obtain
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
888 each server's
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
889 hostname,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
890 port number,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
891 and a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
892 .Em client-ID
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
893 and corresponding password.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
894 No client-IDs or passwords are needed touse
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
895 DCC servers that allow anonymous clients.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
896 Use the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
897 .Em load
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
898 or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
899 .Em add
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
900 commands
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
901 of cdcc to create a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
902 .Pa map
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
903 file in the DCC home directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
904 It is usually necessary to create a client whitelist file of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
905 the format described above.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
906 To accommodate users sharing a computer but not ideas about what
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
907 is solicited bulk mail,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
908 the client whitelist file can be any valid path name
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
909 and need not be in the DCC home directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
910 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
911 If dccm is chosen,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
912 arrange to start it with suitable arguments
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
913 before sendmail is started.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
914 See the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
915 .Pa homedir/dcc_conf
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
916 file and the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
917 .Pa misc/rcDCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
918 script in the DCC source.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
919 The procmail DCCM interface,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
920 .Xr dccproc 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
921 can be run manually or by a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
922 .Xr procmailrc 5
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
923 rule.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
924 .Ss Server Installation
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
925 The DCC server,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
926 .Xr dccd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
927 also requires that the DCC home directory exist.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
928 It does not use the client shared or memory mapped file of server
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
929 addresses,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
930 but it requires other files.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
931 One is the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
932 .Pa @prefix@/ids
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
933 file of client-IDs, server-IDs, and corresponding passwords.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
934 Another is a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
935 .Pa flod
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
936 file of peers that send and receive floods of reports of checksums
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
937 with large counts.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
938 Both files are described
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
939 in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
940 .Xr dccd 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
941 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
942 The server daemon should be started when the system is rebooted,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
943 probably before sendmail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
944 See the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
945 .Pa misc/rcDCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
946 and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
947 .Pa misc/start-dccd
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
948 files in the DCC source.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
949 .Pp
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
950 The database should be cleaned regularly with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
951 .Xr dbclean 8
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
952 such as by running the crontab job that is in the misc directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
953 .Sh SEE ALSO
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
954 .Xr cdcc 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
955 .Xr dbclean 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
956 .Xr dcc 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
957 .Xr dccd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
958 .Xr dccifd 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
959 .Xr dccm 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
960 .Xr dccproc 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
961 .Xr dblist 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
962 .Xr dccsight 8 ,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
963 .Xr sendmail 8 .
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
964 .Sh HISTORY
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
965 Distributed Checksum Clearinghouses are based on an idea of Paul Vixie
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
966 with code designed and written at Rhyolite Software starting in 2000.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
967 This document describes version 1.3.103.