Mercurial > notdcc

annotate dcc.html.in @ 3:b689077d4918

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Ignore old patches
author Peter Gervai <grin@grin.hu>
date Tue, 10 Mar 2009 14:31:24 +0100
parents c7f6b056b673
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
2 <HTML>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
3 <HEAD>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
4 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
5 <TITLE>dcc.0.8</TITLE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
6 <META http-equiv="Content-Style-Type" content="text/css">
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
7 <STYLE type="text/css">
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
8 BODY {background-color:white; color:black}
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
9 ADDRESS {font-size:smaller}
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
10 IMG.logo {width:6em; vertical-align:middle}
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
11 </STYLE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
12 </HEAD>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
13 <BODY>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
14 <PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
15 <!-- Manpage converted by man2html 3.0.1 -->
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
16 <B><A HREF="dcc.html">DCC(8)</A></B> Distributed Checksum Clearinghouse <B><A HREF="dcc.html">DCC(8)</A></B>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
17
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
18
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
19 </PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
20 <H2><A NAME="NAME">NAME</A></H2><PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
21 <B>DCC</B> -- Distributed Checksum Clearinghouse
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
22
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
23
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
24 </PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
25 <H2><A NAME="DESCRIPTION">DESCRIPTION</A></H2><PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
26 The Distributed Checksum Clearinghouse or <B>DCC</B> is a cooperative, distrib-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
27 uted system intended to detect "bulk" mail or mail sent to many people.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
28 It allows individuals receiving a single mail message to determine that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
29 many other people have received essentially identical copies of the mes-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
30 sage and so reject or discard the message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
31
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
32 Source for the server, client, and utilities is available at Rhyolite
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
33 Software, LLC, http://www.rhyolite.com/dcc/ It is free for organizations
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
34 that do not sell spam or virus filtering services.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
35
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
36 <A NAME="How-the-DCC-Is-Used"><B>How the DCC Is Used</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
37 The DCC can be viewed as a tool for end users to enforce their right to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
38 "opt-in" to streams of bulk mail by refusing bulk mail except from
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
39 sources in a "whitelist." Whitelists are the responsibility of DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
40 clients, since only they know which bulk mail they solicited.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
41
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
42 False positives or mail marked as bulk by a DCC server that is not bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
43 occur only when a recipient of a message reports it to a DCC server as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
44 having been received many times or when the "fuzzy" checksums of differ-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
45 ing messages are the same. The fuzzy checksums ignore aspects of mes-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
46 sages in order to compute identical checksums for substantially identical
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
47 messages. The fuzzy checksums are designed to ignore only differences
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
48 that do not affect meanings. So in practice, you do not need to worry
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
49 about DCC false positive indications of "bulk," but not all bulk mail is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
50 unsolicited bulk mail or spam. You must either use whitelists to distin-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
51 guish solicited from unsolicited bulk mail or only use DCC indications of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
52 "bulk" as part of a scoring system such as SpamAssassin. Besides unso-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
53 licited bulk email or spam, bulk messages include legitimate mail such as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
54 order confirmations from merchants, legitimate mailing lists, and empty
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
55 or test messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
56
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
57 A DCC server estimates the number copies of a message by counting check-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
58 sums reported by DCC clients. Each client must decide which bulk mes-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
59 sages are unsolicited and what degree of "bulkiness" is objectionable.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
60 Client DCC software marks, rejects, or discards mail that is bulk accord-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
61 ing to local thresholds on target addresses from DCC servers and unso-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
62 licited according to local whitelists.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
63
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
64 DCC servers are usually configured to receive reports from as many tar-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
65 gets as possible, including sources that cannot be trusted to not exag-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
66 gerate the number of copies of a message they see. A user of a DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
67 client angry about receiving a message could report it with 1,000,000
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
68 separate DCC reports or with a single report claiming 1,000,000 targets.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
69 An unprincipled user could subscribe a "spam trap" to mailing lists such
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
70 as those of the IETF or CERT. Such abuses of the system area not prob-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
71 lems, because much legitimate mail is "bulk." You cannot reject bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
72 mail unless you have a whitelist of sources of legitimate bulk mail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
73
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
74 DCC can also be used by an Internet service provider to detect bulk mail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
75 coming from its own customers. In such circumstances, the DCC client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
76 might be configured to only log bulk mail from unexpected (not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
77 whitelisted) customers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
78
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
79 <A NAME="What-the-DCC-Is"><B>What the DCC Is</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
80 A DCC server accumulates counts of cryptographic checksums of messages
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
81 but not the messages themselves. It exchanges reports of frequently seen
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
82 checksums with other servers. DCC clients send reports of checksums
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
83 related to incoming mail to a nearby DCC server running <B><A HREF="dccd.html">dccd(8)</A></B>. Each
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
84 report from a client includes the number of recipients for the message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
85 A DCC server accumulates the reports and responds to clients the the cur-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
86 rent total number of recipients for each checksum. The client adds an
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
87 SMTP header to incoming mail containing the total counts. It then dis-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
88 cards or rejects mail that is not whitelisted and has counts that exceed
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
89 local thresholds.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
90
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
91 A special value of the number of addressees is "MANY" and means it is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
92 certain that this message was bulk and might be unsolicited, perhaps
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
93 because it came from a locally blacklisted source or was addressed to an
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
94 invalid address or "spam trap." The special value "MANY" is merely the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
95 largest value that fits in the fixed sized field containing the count of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
96 addressees. That "infinity" accumulated total can be reached with mil-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
97 lions of independent reports as well as with one or two.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
98
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
99 DCC servers <I>flood</I> or send reports of checksums of bulk mail to neighbor-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
100 ing servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
101
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
102 To keep a server's database of checksums from growing without bound,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
103 checksums are forgotten when they become old. Checksums of bulk mail are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
104 kept longer. See <B><A HREF="dbclean.html">dbclean(8)</A></B>.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
105
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
106 DCC clients pick the nearest working DCC server using a small shared or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
107 memory mapped file, <I>@prefix@/map</I>. It contains server names, port num-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
108 bers, passwords, recent performance measures, and so forth. This file
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
109 allows clients to use quick retransmission timeouts and to waste little
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
110 time on servers that have temporarily stopped working or become unreach-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
111 able. The utility program <B><A HREF="cdcc.html">cdcc(8)</A></B> is used to maintain this file as well
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
112 as to check the health of servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
113
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
114 <A NAME="X-DCC-Headers"><B>X-DCC Headers</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
115 The DCC software includes several programs used by clients. <B><A HREF="dccm.html">Dccm(8)</A></B> uses
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
116 the sendmail "milter" interface to query a DCC server, add header lines
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
117 to incoming mail, and reject mail whose total checksum counts are high.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
118 Dccm is intended to be run with SMTP servers using sendmail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
119
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
120 <B><A HREF="dccproc.html">Dccproc(8)</A></B> adds header lines to mail presented by file name or <I>stdin</I>, but
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
121 relies on other programs such as procmail to deal with mail with large
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
122 counts. <B><A HREF="dccsight.html">Dccsight(8)</A></B> is similar but deals with previously computed check-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
123 sums.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
124
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
125 <B><A HREF="dccifd.html">Dccifd(8)</A></B> is similar to dccproc but is not run separately for each mail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
126 message and so is far more efficient. It receives mail messages via a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
127 socket somewhat like dccm, but with a simpler protocol that can be used
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
128 by Perl scripts or other programs.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
129
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
130 DCC SMTP header lines are of one of the forms:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
131
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
132 X-DCC-brand-Metrics: client server-ID; bulk cknm1=count cknm2=count ...
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
133 X-DCC-brand-Metrics: client; whitelist
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
134 where
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
135 <I>whitelist</I> appears if the global or per-user <I>whiteclnt</I> file marks the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
136 message as good.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
137 <I>brand</I> is the "brand name" of the DCC server, such as "RHYOLITE".
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
138 <I>client</I> is the name or IP address of the DCC client that added the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
139 header line to the SMTP message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
140 <I>server-ID</I> is the numeric ID of the DCC server that the DCC client con-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
141 tacted.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
142 <I>bulk</I> is present if one or more checksum counts exceeded the DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
143 client's thresholds to make the message "bulky."
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
144 <I>bulk</I> <I>rep</I> is present if the DCC reputation of the IP address of the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
145 sender is bad.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
146 <I>cknm1</I>,<I>cknm2</I>,... are types of checksums:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
147 <I>IP</I> address of SMTP client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
148 <I>env</I><B>_</B><I>From</I> SMTP envelope value
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
149 <I>From</I> SMTP header line
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
150 <I>Message-ID</I> SMTP header line
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
151 <I>Received</I> last Received: header line in the SMTP message
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
152 <I>substitute</I> SMTP header line chosen by the DCC client, pre-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
153 fixed with the name of the header
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
154 <I>Body</I> SMTP body ignoring white-space
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
155 <I>Fuz1</I> filtered or "fuzzy" body checksum
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
156 <I>Fuz2</I> another filtered or "fuzzy" body checksum
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
157 <I>rep</I> DCC reputation of the mail sender or the esti-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
158 mated probability that the message is bulk.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
159 Counts for <I>IP</I>, <I>env</I><B>_</B><I>From</I>, <I>From</I>, <I>Message-Id</I>, <I>Received</I>, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
160 <I>substitute</I> checksums are omitted by the DCC client if the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
161 server says it has no information. Counts for <I>Fuz1</I> and <I>Fuz2</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
162 are omitted if the message body is empty or contains too lit-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
163 tle of the right kind of information for the checksum to be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
164 computed.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
165 <I>count</I> is the total number of recipients of messages with that check-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
166 sum reported directly or indirectly to the DCC server. The
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
167 special count "MANY" means that DCC client have claimed that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
168 the message is directed at millions of recipients. "MANY"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
169 imples the message is definitely bulk, but not necessarily
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
170 unsolicited. The special counts "OK" and "OK2" mean the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
171 checksum has been marked "good" or "half-good" by DCC servers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
172
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
173 <A NAME="Mailing-lists"><B>Mailing lists</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
174 Legitimate mailing list traffic differs from spam only in being solicited
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
175 by recipients. Each client should have a private whitelist.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
176
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
177 DCC whitelists can also mark mail as unsolicited bulk using blacklist
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
178 entries for commonly forged values such as "From: user@public.com".
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
179
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
180 <A NAME="White-and-Blacklists"><B>White and Blacklists</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
181 DCC server and client whitelist files share a common format. Server
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
182 files are always named <I>whitelist</I> and one is required to be in the DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
183 home directory with the other server files. Client whitelist files are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
184 named <I>whiteclnt</I> in the DCC home directory or a subdirectory specified
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
185 with the <B>-U</B> option for <B><A HREF="dccm.html">dccm(8)</A></B>. They specify mail that should not be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
186 reported to a DCC server or that is always unsolicited and almost cer-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
187 tainly bulk.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
188
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
189 A DCC whitelist file contains blank lines, comments starting with "#",
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
190 and lines of the following forms:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
191 <I>include</I> <I>file</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
192 Copies the contents of <I>file</I> into the whitelist. It can occur
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
193 only in the main whitelist or whiteclnt file and not in an
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
194 included file. The file name should be absolute or relative to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
195 the DCC home directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
196
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
197 <I>count</I> <I>value</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
198 lines specify checksums that should be white- or blacklisted.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
199 <I>count</I> <I>env</I><B>_</B><I>From</I> <I>821-path</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
200 <I>count</I> <I>env</I><B>_</B><I>To</I> <I>dest-mailbox</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
201 <I>count</I> <I>From</I> <I>822-mailbox</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
202 <I>count</I> <I>Message-ID</I> <I>&lt;string&gt;</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
203 <I>count</I> <I>Received</I> <I>string</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
204 <I>count</I> <I>Substitute</I> <I>header</I> <I>string</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
205 <I>count</I> <I>Hex</I> <I>ctype</I> <I>cksum</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
206 <I>count</I> <I>ip</I> <I>IP-address</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
207
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
208 <I>MANY</I> <I>value</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
209 indicates that millions of targets have received messages
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
210 with the header, IP address, or checksum <I>value</I>.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
211 <I>OK</I> <I>value</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
212 <I>OK2</I> <I>value</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
213 say that messages with the header, IP address, or check-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
214 sum <I>value</I> are OK and should not reported to DCC servers
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
215 or be greylisted. <I>OK2</I> says that the message is "half
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
216 OK." Two <I>OK2</I> checksums associated with a message are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
217 equivalent to one <I>OK</I>.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
218 A DCC server never shares or <I>floods</I> reports containing
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
219 checksums marked in its whitelist with OK or OK2 to other
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
220 servers. A DCC client does not report or ask its server
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
221 about messages with a checksum marked OK or OK2 in the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
222 client whitelist. This is intended to allow a DCC client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
223 to keep private mail so private that even its checksums
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
224 are not disclosed.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
225 <I>MX</I> <I>IP-address-or-hostname</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
226 <I>MXDCC</I> <I>IP-address-or-hostname</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
227 mark an address or block of addresses of trust mail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
228 relays including MX servers, smart hosts, and bastion or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
229 DMZ relays. The DCC clients <B><A HREF="dccm.html">dccm(8)</A></B>, <B><A HREF="dccifd.html">dccifd(8)</A></B>, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
230 <B><A HREF="dccproc.html">dccproc(8)</A></B> parse and skip initial Received: headers added
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
231 by listed MX servers to determine the external sources of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
232 mail messages. Unsolicited bulk mail that has been for-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
233 warded through listed addresses is discarded by <B><A HREF="dccm.html">dccm(8)</A></B>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
234 and <B><A HREF="dccifd.html">dccifd(8)</A></B> as if with <B>-a</B> <I>DISCARD</I> instead of rejected.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
235 <I>MXDCC</I> marks addresses that are MX servers that run DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
236 clients. The checksums for a mail message that has been
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
237 forwarded through an address listed as MXDCC queried
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
238 instead of reported.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
239 <I>SUBMIT</I> <I>IP-address-or-hostname</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
240 marks an IP address or block addresses of SMTP submission
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
241 clients such as web browsers that cannot tolerate 4yz
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
242 temporary rejections but that cannot be trusted to not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
243 send spam. Since they are local addresses, DCC Reputa-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
244 tions are not computed for them.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
245
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
246 <I>value</I> in <I>count</I> <I>value</I> lines can be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
247 <I>dest-mailbox</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
248 is an RFC 821 address or a local user name.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
249 <I>821-path</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
250 is an RFC 821 address.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
251 <I>822-mailbox</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
252 is an RFC 822 address with optional name.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
253 <I>Substitute</I> <I>header</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
254 is the name of an SMTP header such as "Sender" or the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
255 name of one of two SMTP envlope values, "HELO," or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
256 "Mail_Host" for the resolved host name from the <I>821-path</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
257 in the message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
258 <I>Hex</I> <I>ctype</I> <I>cksum</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
259 starts with the string <I>Hex</I> followed a checksum type, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
260 a string of four hexadecimal numbers obtained from a DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
261 log file or the <B><A HREF="dccproc.html">dccproc(8)</A></B> command using <B>-CQ</B>. The check-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
262 sum type is <I>body</I>, <I>Fuz1</I>, or <I>Fuz2</I> or one of the preceding
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
263 checksum types such as <I>env</I><B>_</B><I>From</I>.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
264 <I>IP-address</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
265 is a host name, IPv4 or IPv6 address, or a block of IP
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
266 addresses in the standard xxx/mm from with mm limited for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
267 server whitelists to 16 for IPv4 or 112 for IPv6. There
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
268 can be at most 64 CIDR blocks in a client <I>whiteclnt</I> file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
269 A host name is converted to IP addresses with DNS,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
270 <I>/etc/hosts</I> or other mechanisms and one checksum for each
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
271 addresses added to the whitelist.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
272
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
273 <I>option</I> <I>setting</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
274 can only be in a DCC client <I>whiteclnt</I> file used by <B><A HREF="dccifd.html">dccifd(8)</A></B>,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
275 <B><A HREF="dccm.html">dccm(8)</A></B> or <B><A HREF="dccproc.html">dccproc(8)</A></B>. Settings in per-user whiteclnt files
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
276 override settings in the global file. <I>Setting</I> can be any of the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
277 following:
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
278 <I>option</I> <I>log-all</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
279 to log all mail messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
280 <I>option</I> <I>log-normal</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
281 to log only messages that meet the logging thresholds.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
282 <I>option</I> <I>log-subdirectory-day</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
283 <I>option</I> <I>log-subdirectory-hour</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
284 <I>option</I> <I>log-subdirectory-minute</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
285 creates log files containing mail messages in subdirecto-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
286 ries of the form <I>JJJ</I>, <I>JJJ/HH</I>, or <I>JJJ/HH/MM</I> where <I>JJJ</I> is the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
287 current julian day, <I>HH</I> is the current hour, and <I>MM</I> is the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
288 current minute. See also the <B>-l</B> <I>logdir</I> option for <B><A HREF="dccm.html">dccm(8)</A></B>,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
289 <B><A HREF="dccifd.html">dccifd(8)</A></B>, and <B><A HREF="dccproc.html">dccproc(8)</A></B>.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
290 <I>option</I> <I>dcc-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
291 <I>option</I> <I>dcc-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
292 Control DCC filtering. See the discussion of <B>-W</B> for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
293 <B><A HREF="dccm.html">dccm(8)</A></B> and <B><A HREF="dccifd.html">dccifd(8)</A></B>.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
294 <I>option</I> <I>greylist-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
295 <I>option</I> <I>greylist-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
296 to control greylisting. Greylisting for other recipients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
297 in the same SMTP transaction can still cause greylist tem-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
298 porary rejections. <I>greylist-off</I> in the main whiteclnt
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
299 file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
300 <I>option</I> <I>greylist-log-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
301 <I>option</I> <I>greylist-log-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
302 to control logging of greylisted mail messages.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
303 <I>option</I> <I>DCC-rep-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
304 <I>option</I> <I>DCC-rep-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
305 to honor or ignore DCC Reputations computed by the DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
306 server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
307 <I>option</I> <I>DNSBL1-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
308 <I>option</I> <I>DNSBL1-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
309 <I>option</I> <I>DNSBL2-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
310 <I>option</I> <I>DNSBL2-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
311 <I>option</I> <I>DNSBL3-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
312 <I>option</I> <I>DNSBL3-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
313 honor or ignore results of DNS blacklist checks configured
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
314 with <B>-B</B> for <B><A HREF="dccm.html">dccm(8)</A></B>, <B><A HREF="dccifd.html">dccifd(8)</A></B>, and <B><A HREF="dccproc.html">dccproc(8)</A></B>.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
315 <I>option</I> <I>MTA-first</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
316 <I>option</I> <I>MTA-last</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
317 consider MTA determinations of spam or not-spam first so
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
318 they can be overridden by <I>whiteclnt</I> files, or last so that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
319 they can override <I>whiteclnt</I> <I>files.</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
320 <I>option</I> <I>forced-discard-ok</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
321 <I>option</I> <I>no-forced-discard</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
322 control whether <B><A HREF="dccm.html">dccm(8)</A></B> and <B><A HREF="dccifd.html">dccifd(8)</A></B> are allowed to dis-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
323 card a message for one mailbox for which it is spam when it
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
324 is not spam and must be delivered to another mailbox. This
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
325 can happen if a mail message is addressed to two or more
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
326 mailboxes with differing whitelists. Discarding can be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
327 undesirable because false positives are not communicated to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
328 mail senders. To avoid discarding, <B><A HREF="dccm.html">dccm(8)</A></B> and <B><A HREF="dccifd.html">dccifd(8)</A></B>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
329 running in proxy mode temporarily reject SMTP envelope <I>Rcpt</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
330 <I>To</I> values that involve differing <I>whiteclnt</I> files.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
331 <I>option</I> <I>threshold</I> <I>type,rej-thold</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
332 has the same effects as <B>-c</B> <I>type,rej-thold</I> for <B><A HREF="dccproc.html">dccproc(8)</A></B> or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
333 <B>-t</B> <I>type,rej-thold</I> for <B><A HREF="dccm.html">dccm(8)</A></B> and <B><A HREF="dccifd.html">dccifd(8)</A></B>. It is useful
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
334 only in per-user whiteclnt files to override the global DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
335 checksum thresholds.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
336 <I>option</I> <I>spam-trap-accept</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
337 <I>option</I> <I>spam-trap-reject</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
338 say that mail should be reported to the DCC server as
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
339 extremely bulk or with target counts of <I>MANY</I>. Greylisting,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
340 DNS blacklist (DNSBL), and other checks are turned off.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
341 <I>Spam-trap-accept</I> tells the MTA to accept the message while
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
342 <I>spam-trap-reject</I> tells the MTA to reject the message. Use
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
343 <I>Spam-trap-accept</I> for spam traps that should not be dis-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
344 closed. <I>Spam-trap-reject</I> can be used on <I>catch-all</I> mail-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
345 boxes that might receive legitimate mail by typographical
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
346 errors and that senders should be told about.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
347
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
348 In the absence of explicit settings, the default in the main
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
349 whiteclnt file is equivalent to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
350 <I>option</I> <I>log-normal</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
351 <I>option</I> <I>dcc-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
352 <I>option</I> <I>greylist-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
353 <I>option</I> <I>greylist-log-on</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
354 <I>option</I> <I>DCC-rep-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
355 <I>option</I> <I>DNSBL1-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
356 <I>option</I> <I>DNSBL2-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
357 <I>option</I> <I>DNSBL3-off</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
358 <I>MTA-last</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
359 <I>option</I> <I>no-forced-discard</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
360 The defaults for individual recipient <I>whiteclnt</I> files are the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
361 same except as change by explicit settings in the main file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
362
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
363 Checksums of the IP address of the SMTP client sending a mail message are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
364 practically unforgeable, because it is impractical for an SMTP client to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
365 "spoof" its address or pretend to use some other IP address. That would
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
366 make the IP address of the sender useful for whitelisting, except that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
367 the IP address of the SMTP client is often not available to users of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
368 <B><A HREF="dccproc.html">dccproc(8)</A></B>. In addition, legitimate mail relays make whitelist entries
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
369 for IP addresses of little use. For example, the IP address from which a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
370 message arrived might be that of a local relay instead of the home
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
371 address of a whitelisted mailing list.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
372
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
373 Envelope and header <I>From</I> values can be forged, so whitelist entries for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
374 their checksums are not entirely reliable.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
375
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
376 Checksums of <I>env</I><B>_</B><I>To</I> values are never sent to DCC servers. They are valid
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
377 in only <I>whiteclnt</I> files and used only by <B><A HREF="dccm.html">dccm(8)</A></B>, <B><A HREF="dccifd.html">dccifd(8)</A></B>, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
378 <B><A HREF="dccproc.html">dccproc(8)</A></B> when the envelope <I>Rcpt</I> <I>To</I> value is known.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
379
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
380 <A NAME="Greylists"><B>Greylists</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
381 The DCC server, <B><A HREF="dccd.html">dccd(8)</A></B>, can be used to maintain a greylist database for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
382 some DCC clients including <B><A HREF="dccm.html">dccm(8)</A></B> and <B><A HREF="dccifd.html">dccifd(8)</A></B>. Greylisting involves
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
383 temporarily refusing mail from unfamiliar SMTP clients and is unrelated
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
384 to filtering with a Distributed Checksum Clearinghouse.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
385 See http://projects.puremagic.com/greylisting/
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
386
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
387 <A NAME="Privacy"><B>Privacy</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
388 Because sending mail is a less private act than receiving it, and because
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
389 sending bulk mail is usually not private at all and cannot be very pri-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
390 vate, the DCC tries first to protect the privacy of mail recipients, and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
391 second the privacy of senders of mail that is not bulk.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
392
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
393 DCC clients necessarily disclose some information about mail they have
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
394 received. The DCC database contains checksums of mail bodies, header
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
395 lines, and source addresses. While it contains significantly less infor-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
396 mation than is available by "snooping" on Internet links, it is important
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
397 that the DCC database be treated as containing sensitive information and
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
398 to not put the most private information in the DCC database. Given the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
399 contents of a message, one might determine whether that message has been
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
400 received by a system that subscribes to the DCC. Guesses about the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
401 sender and addressee of a message can also be validated if the checksums
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
402 of the message have been sent to a DCC server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
403
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
404 Because the DCC is distributed, organizations can operate their own DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
405 servers, and configure them to share or "flood" only the checksums of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
406 bulk mail that is not in local whitelists.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
407
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
408 DCC clients should not report the checksums of messages known to be pri-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
409 vate to a DCC server. For example, checksums of messages local to a sys-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
410 tem or that are otherwise known a priori to not be unsolicited bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
411 should not be sent to a remote DCC server. This can accomplished by
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
412 adding entries for the sender to the client's local whitelist file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
413 Client whitelist files can also include entries for email recipients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
414 whose mail should not be reported to a DCC server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
415
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
416 <A NAME="Security"><B>Security</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
417 Whenever considering security, one must first consider the risks. The
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
418 worst DCC security problems are unauthorized commands to a DCC service,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
419 denial of the DCC service, and corruption of DCC data. The worst that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
420 can be done with remote commands to a DCC server is to turn it off or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
421 otherwise cause it to stop responding. The DCC is designed to fail
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
422 gracefully, so that a denial of service attack would at worst allow
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
423 delivery of mail that would otherwise be rejected. Corruption of DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
424 data might at worst cause mail that is already somewhat "bulk" by virtue
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
425 of being received by two or more people to appear have higher recipient
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
426 numbers. Since DCC users <I>must</I> whitelist all sources of legitimate bulk
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
427 mail, this is also not a concern. Such security risks should be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
428 addressed, but only with defenses that don't cost more than the possible
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
429 damage from an attack.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
430
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
431 The DCC must contend with senders of unsolicited bulk mail who resort to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
432 unlawful actions to express their displeasure at having their advertising
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
433 blocked. Because the DCC protocol is based on UDP, an unhappy advertiser
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
434 could try to flood a DCC server with packets supposedly from subscribers
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
435 or non-subscribers. DCC servers defend against that attack by rate-lim-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
436 iting requests from anonymous users.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
437
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
438 Also because of the use of UDP, clients must be protected against forged
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
439 answers to their queries. Otherwise an unsolicited bulk mail advertiser
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
440 could send a stream of "not spam" answers to an SMTP client while simul-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
441 taneously sending mail that would otherwise be rejected. This is not a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
442 problem for authenticated clients of the DCC because they share a secret
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
443 with the DCC. Unauthenticated, anonymous DCC clients do not share any
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
444 secrets with the DCC, except for unique and unpredictable bits in each
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
445 query or report sent to the DCC. Therefore, DCC servers cryptographi-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
446 cally sign answers to unauthenticated clients with bits from the corre-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
447 sponding queries. This protects against attackers that do not have
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
448 access to the stream of packets from the DCC client.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
449
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
450 The passwords or shared secrets used in the DCC client and server pro-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
451 grams are "cleartext" for several reasons. In any shared secret authen-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
452 tication system, at least one party must know the secret or keep the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
453 secret in cleartext. You could encrypt the secrets in a file, but
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
454 because they are used by programs, you would need a cleartext copy of the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
455 key to decrypt the file somewhere in the system, making such a scheme
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
456 more expensive but no more secure than a file of cleartext passwords.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
457 Asymmetric systems such as that used in UNIX allow one party to not know
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
458 the secrets, but they must be and are designed to be computationally
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
459 expensive when used in applications like the DCC that involve thousands
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
460 or more authentication checks per second. Moreover, because of "dictio-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
461 nary attacks," asymmetric systems are now little more secure than keeping
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
462 passwords in cleartext. An adversary can compare the hash values of com-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
463 binations of common words with /etc/passwd hash values to look for bad
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
464 passwords. Worse, by the nature of a client/server protocol like that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
465 used in the DCC, clients must have the cleartext password. Since it is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
466 among the more numerous and much less secure clients that adversaries
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
467 would seek files of DCC passwords, it would be a waste to complicate the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
468 DCC server with an asymmetric system.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
469
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
470 The DCC protocol is vulnerable to dictionary attacks to recover pass-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
471 words. An adversary could capture some DCC packets, and then check to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
472 see if any of the 100,000 to 1,000,000 passwords in so called "cracker
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
473 dictionaries" applied to a packet generated the same signature. This is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
474 a concern only if DCC passwords are poorly chosen, such as any combina-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
475 tion of words in an English dictionary. There are ways to prevent this
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
476 vulnerability regardless of how badly passwords are chosen, but they are
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
477 computationally expensive and require additional network round trips.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
478 Since DCC passwords are created and typed into files once and do not need
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
479 to be remembered by people, it is cheaper and quite easy to simply choose
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
480 good passwords that are not in dictionaries.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
481
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
482 <A NAME="Reliability"><B>Reliability</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
483 It is better to fail to filter unsolicited bulk mail than to fail to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
484 deliver legitimate mail, so DCC clients fail in the direction of assuming
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
485 that mail is legitimate or even whitelisted.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
486
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
487 A DCC client sends a report or other request and waits for an answer. If
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
488 no answer arrives within a reasonable time, the client retransmits.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
489 There are many things that might result in the client not receiving an
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
490 answer, but the most important is packet loss. If the client's request
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
491 does not reach the server, it is easy and harmless for the client to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
492 retransmit. If the client's request reached the server but the server's
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
493 response was lost, a retransmission to the same server would be misunder-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
494 stood as a new report of another copy of the same message unless it is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
495 detected as a retransmission by the server. The DCC protocol includes
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
496 transactions identifiers for this purpose. If the client retransmitted
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
497 to a second server, the retransmission would be misunderstood by the sec-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
498 ond server as a new report of the same message.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
499
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
500 Each request from a client includes a timestamp to aid the client in mea-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
501 suring the round trip time to the server and to let the client pick the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
502 closest server. Clients monitor the speed of all of the servers they
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
503 know including those they are not currently using, and use the quickest.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
504
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
505 <A NAME="Client-and-Server-IDs"><B>Client and Server-IDs</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
506 Servers and clients use numbers or IDs to identify themselves. ID 1 is
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
507 reserved for anonymous, unauthenticated clients. All other IDs are asso-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
508 ciated with a pair of passwords in the <I>ids</I> file, the current and next or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
509 previous and current passwords. Clients included their client IDs in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
510 their messages. When they are not using the anonymous ID, they sign
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
511 their messages to servers with the first password associated with their
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
512 client-ID. Servers treat messages with signatures that match neither of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
513 the passwords for the client-ID in their own <I>ids</I> file as if the client
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
514 had used the anonymous ID.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
515
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
516 Each server has a unique <I>server-ID</I> less than 32768. Servers use their
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
517 IDs to identify checksums that they <I>flood</I> to other servers. Each server
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
518 expects local clients sending administrative commands to use the server's
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
519 ID and sign administrative commands with the associated password.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
520
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
521 Server-IDs must be unique among all systems that share reports by "flood-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
522 ing." All servers must be told of the IDs all other servers whose
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
523 reports can be received in the local <I>@prefix@/flod</I> file described in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
524 <B><A HREF="dccd.html">dccd(8)</A></B>. However, server-IDs can be mapped during flooding between inde-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
525 pendent DCC organizations.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
526
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
527 <I>Passwd-IDs</I> are server-IDs that should not be assigned to servers. They
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
528 appear in the often publicly readable <I>@prefix@/flod</I> and specify passwords
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
529 in the private <I>@prefix@/ids</I> file for the inter-server flooding protocol
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
530
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
531 The client identified by a <I>client-ID</I> might be a single computer with a
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
532 single IP address, a single but multi-homed computer, or many computers.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
533 Client-IDs are not used to identify checksum reports, but the organiza-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
534 tion operating the client. A client-ID need only be unique among clients
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
535 using a single server. A single client can use different client-IDs for
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
536 different servers, each client-ID authenticated with a separate password.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
537
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
538 An obscure but important part of all of this is that the inter-server
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
539 flooding algorithm depends on server-IDs and timestamps attached to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
540 reports of checksums. The inter-server flooding mechanism requires coop-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
541 erating DCC servers to maintain reasonable clocks ticking in UTC.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
542 Clients include timestamps in their requests, but as long as their time-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
543 stamps are unlikely to be repeated, they need not be very accurate.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
544
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
545 <A NAME="Installation-Considerations"><B>Installation Considerations</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
546 DCC clients on a computer share information about which servers are cur-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
547 rently working and their speeds in a shared memory segment. This segment
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
548 also contains server host names, IP addresses, and the passwords needed
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
549 to authenticate known clients to servers. That generally requires that
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
550 <B><A HREF="dccm.html">dccm(8)</A></B>, <B><A HREF="dccproc.html">dccproc(8)</A></B>, <B><A HREF="dccifd.html">dccifd(8)</A></B>, and <B><A HREF="cdcc.html">cdcc(8)</A></B> execute with an UID that can
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
551 write to the DCC home directory and its files. The sendmail interface,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
552 dccm, is a daemon that can be started by an "rc" or other script already
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
553 running with the correct UID. The other two, dccproc and cdcc need to be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
554 set-UID because they are used by end users. They relinquish set-UID
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
555 privileges when not needed.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
556
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
557 Files that contain cleartext passwords including the shared file used by
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
558 clients must be readable only by "owner."
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
559
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
560 The data files required by a DCC can be in a single "home" directory,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
561 <I>@prefix@</I>. Distinct DCC servers can run on a single computer, provided
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
562 they use distinct UDP port numbers and home directories. It is possible
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
563 and convenient for the DCC clients using a server on the same computer to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
564 use the same home directory as the server.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
565
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
566 The DCC source distribution includes sample control files. They should
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
567 be modified appropriately and then copied to the DCC home directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
568 Files that contain cleartext passwords must not be publicly readable.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
569
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
570 The DCC source includes "feature" m4 files to configure sendmail to use
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
571 <B><A HREF="dccm.html">dccm(8)</A></B> to check a DCC server about incoming mail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
572
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
573 See also the <A HREF="INSTALL.html">INSTALL.html</A> file.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
574
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
575 <A NAME="Client-Installation"><B>Client Installation</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
576 Installing a DCC client starts with obtaining or compiling program bina-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
577 ries for the client server data control tool, <B><A HREF="cdcc.html">cdcc(8)</A></B>. Installing the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
578 sendmail DCC interface, <B><A HREF="dccm.html">dccm(8)</A></B>, or <B><A HREF="dccproc.html">dccproc(8)</A></B>, the general or
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
579 <B>procmail(1)</B> interface is the main part of the client installation. Con-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
580 necting the DCC to sendmail with dccm is most powerful, but requires
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
581 administrative control of the system running sendmail.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
582
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
583 As noted above, cdcc and dccproc should be set-UID to a suitable UID.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
584 Root or 0 is thought to be safe for both, because they are careful to
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
585 release privileges except when they need them to read or write files in
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
586 the DCC home directory. A DCC home directory, <I>@prefix@</I> should be cre-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
587 ated. It must be owned and writable by the UID to which cdcc is set.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
588
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
589 After the DCC client programs have been obtained, contact the operator(s)
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
590 of the chosen DCC server(s) to obtain each server's hostname, port num-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
591 ber, and a <I>client-ID</I> and corresponding password. No client-IDs or pass-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
592 words are needed touse DCC servers that allow anonymous clients. Use the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
593 <I>load</I> or <I>add</I> commands of cdcc to create a <I>map</I> file in the DCC home direc-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
594 tory. It is usually necessary to create a client whitelist file of the
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
595 format described above. To accommodate users sharing a computer but not
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
596 ideas about what is solicited bulk mail, the client whitelist file can be
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
597 any valid path name and need not be in the DCC home directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
598
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
599 If dccm is chosen, arrange to start it with suitable arguments before
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
600 sendmail is started. See the <I>homedir/dcc</I><B>_</B><I>conf</I> file and the <I>misc/rcDCC</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
601 script in the DCC source. The procmail DCCM interface, <B><A HREF="dccproc.html">dccproc(8)</A></B>, can
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
602 be run manually or by a <B>procmailrc(5)</B> rule.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
603
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
604 <A NAME="Server-Installation"><B>Server Installation</B></A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
605 The DCC server, <B><A HREF="dccd.html">dccd(8)</A></B>, also requires that the DCC home directory exist.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
606 It does not use the client shared or memory mapped file of server
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
607 addresses, but it requires other files. One is the <I>@prefix@/ids</I> file of
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
608 client-IDs, server-IDs, and corresponding passwords. Another is a <I>flod</I>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
609 file of peers that send and receive floods of reports of checksums with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
610 large counts. Both files are described in <B><A HREF="dccd.html">dccd(8)</A></B>.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
611
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
612 The server daemon should be started when the system is rebooted, probably
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
613 before sendmail. See the <I>misc/rcDCC</I> and <I>misc/start-dccd</I> files in the DCC
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
614 source.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
615
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
616 The database should be cleaned regularly with <B><A HREF="dbclean.html">dbclean(8)</A></B> such as by run-
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
617 ning the crontab job that is in the misc directory.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
618
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
619
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
620 </PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
621 <H2><A NAME="SEE-ALSO">SEE ALSO</A></H2><PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
622 <B><A HREF="cdcc.html">cdcc(8)</A></B>, <B><A HREF="dbclean.html">dbclean(8)</A></B>, <B><A HREF="dcc.html">dcc(8)</A></B>, <B><A HREF="dccd.html">dccd(8)</A></B>, <B><A HREF="dccifd.html">dccifd(8)</A></B>, <B><A HREF="dccm.html">dccm(8)</A></B>, <B><A HREF="dccproc.html">dccproc(8)</A></B>,
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
623 <B><A HREF="dblist.html">dblist(8)</A></B>, <B><A HREF="dccsight.html">dccsight(8)</A></B>, <B>sendmail(8)</B>.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
624
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
625
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
626 </PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
627 <H2><A NAME="HISTORY">HISTORY</A></H2><PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
628 Distributed Checksum Clearinghouses are based on an idea of Paul Vixie
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
629 with code designed and written at Rhyolite Software starting in 2000.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
630 This document describes version 1.3.103.
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
631
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
632 February 26, 2009
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
633 </PRE>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
634 <HR>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
635 <ADDRESS>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
636 Man(1) output converted with
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
637 <a href="http://www.oac.uci.edu/indiv/ehood/man2html.html">man2html</a>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
638 modified for the DCC $Date 2001/04/29 03:22:18 $
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
639 <BR>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
640 <A HREF="http://www.dcc-servers.net/dcc/">
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
641 <IMG SRC="http://logos.dcc-servers.net/border.png"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
642 class=logo ALT="DCC logo">
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
643 </A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
644 <A HREF="http://validator.w3.org/check?uri=referer">
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
645 <IMG class=logo ALT="Valid HTML 4.01 Strict"
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
646 SRC="http://www.w3.org/Icons/valid-html401">
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
647 </A>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
648 </ADDRESS>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
649 </BODY>
c7f6b056b673 First import of vendor version
Peter Gervai <grin@grin.hu>
parents:
diff changeset
650 </HTML>