notdcc: dccifd.0 comparison

comparison dccifd.0 @ 0:c7f6b056b673

First import of vendor version

author	Peter Gervai <grin@grin.hu>
date	Tue, 10 Mar 2009 13:49:58 +0100
parents
children

comparison

equal deleted inserted replaced

--1:000000000000
+:c7f6b056b673
+dccifd(8)             Distributed Checksum Clearinghouse             dccifd(8)
+NNAAMMEE
+ddcccciiffdd -- Distributed Checksum Clearinghouse Interface Daemon
+SSYYNNOOPPSSIISS
+ddcccciiffdd [--VVddbbxxAANNQQ] [--GG _o_n | _o_f_f | _n_o_I_P | _I_P_m_a_s_k_/_x_x] [--hh _h_o_m_e_d_i_r] [--II _u_s_e_r]
+[--pp _/_s_o_c_k | _h_o_s_t_,_p_o_r_t_,_r_h_o_s_t_/_b_i_t_s] [--oo _/_s_o_c_k | _h_o_s_t_,_p_o_r_t]
+[--DD _l_o_c_a_l_-_d_o_m_a_i_n] [--mm _m_a_p] [--ww _w_h_i_t_e_c_l_n_t] [--UU _u_s_e_r_d_i_r_s]
+[--aa _I_G_N_O_R_E | _R_E_J_E_C_T | _D_I_S_C_A_R_D] [--tt _t_y_p_e_,[_l_o_g_-_t_h_o_l_d_,]_r_e_j_-_t_h_o_l_d]
+[--gg [_n_o_t_-]_t_y_p_e] [--SS _h_e_a_d_e_r] [--ll _l_o_g_d_i_r] [--RR _r_u_n_d_i_r]
+[--rr _r_e_j_e_c_t_i_o_n_-_m_s_g] [--TT _t_m_p_d_i_r] [--jj _m_a_x_j_o_b_s]
+[--BB _d_n_s_b_l_-_o_p_t_i_o_n] [--LL _l_t_y_p_e_,_f_a_c_i_l_i_t_y_._l_e_v_e_l]
+DDEESSCCRRIIPPTTIIOONN
+ddcccciiffdd is a daemon intended to connect spam filters such as SpamAssasin
+and mail transfer agents (MTAs) other than sendmail to DCC servers.  The
+MTA or filter ddcccciiffdd which in turn reports related checksums to the near-
+est DCC server and adds an _X_-_D_C_C SMTP header line to the message.  The
+MTA is told to reject the message if it is unsolicited bulk.
+DDcccciiffdd is similar to the DCC sendmail milter interface, dccm(8) and the
+DCC Procmail interface, dccproc(8).  DDcccciiffdd is more efficient than
+dccproc(8) but not restricted to use with sendmail like dccm(8).  All
+three send reports of checksums related to mail received by DCC clients
+and queries about the total number of reports of particular checksums.
+MTA programs use a simple ASCII protocol a subset of SMTP to send a mail
+message including its SMTP envelope to the daemon.  DDcccciiffdd responds with
+an indication of whether the message is unsolicited bulk and an optional
+copy of the message with an _X_-_D_C_C header added.  The ASCII protocol is
+described below and in the _i_n_c_l_u_d_e_/_d_c_c_i_f_._h file in the DCC source.  There
+is a sample C interface routine in the _d_c_c_l_i_b_/_d_c_c_i_f_._c file in the DCC
+source and the _d_c_c_l_i_b_._a library generated from the source.  A _P_e_r_l ver-
+sion of the interface routine is in _d_c_c_i_f_d_/_d_c_c_i_f_._p_l.  Test or demonstra-
+tion programs in the style of dccproc(8) that use those interface rou-
+tines are in _d_c_c_i_f_d_/_d_c_c_i_f_-_t_e_s_t.
+A subset of ESMTP can be used instead of the ASCII protocol to connect
+ddcccciiffdd to postfix as a "Before-Queue Content Filter."  See the --oo flag.
+Since the checksums of messages that are whitelisted locally by the --ww
+_w_h_i_t_e_c_l_n_t file are not reported to the DCC server, ddcccciiffdd knows nothing
+about the total recipient counts for their checksums and so cannot add
+_X_-_D_C_C header lines to such messages.
+Enable the daemon and put its parameters in the _d_c_c___c_o_n_f file and start
+the daemon with the _s_t_a_r_t_-_d_c_c_i_f_d script.
+The list of servers that ddcccciiffdd contacts is in the memory mapped file _m_a_p
+shared by local DCC clients.  The file is  maintained with cdcc(8).
+OOPPTTIIOONNSS
+The following options are available:
+--VV   displays the version of ddcccciiffdd.
+--dd   enables debugging output from the DCC client software.  Additional
+--dd options increase the number of messages.  A single --dd
+aborted SMTP transactions including those from some "dictionary
+attacks."
+--bb   causes the daemon to not detach itself from the controlling tty and
+put itself into the background.
+--xx   causes the daemon to try "extra hard" to contact a DCC server.
+Since it is usually more important to deliver mail than to report
+its checksums, ddcccciiffdd normally does not delay too long while trying
+to contact a DCC server.  It will not try again for several seconds
+after a failure.  With --xx, it will always try to contact the DCC
+server and it will tell the MTA to answer the DATA command with a
+4yz temporary failure.
+--AA   adds to existing X-DCC headers in the message instead of replacing
+existing headers of the brand of the current server.
+--NN   neither adds, deletes, nor replaces existing X-DCC headers in the
+message.  Each message is logged, rejected, and otherwise handled
+the same.
+--QQ   only queries the DCC server about the checksums of messages instead
+of reporting and querying.  This is useful when ddcccciiffdd is used to
+filter mail that has already been reported to a DCC server by
+another DCC client.  No single mail message should be reported to a
+DCC server more than once per recipient, because each report will
+increase the apparent "bulkness" of the message.
+It is better to use _M_X_D_C_C lines in the global _w_h_i_t_e_c_l_n_t file for
+your MX mail servers that use DCC than --QQ.
+--GG _o_n | _o_f_f | _n_o_I_P | _I_P_m_a_s_k_/_x_x
+controls _g_r_e_y_l_i_s_t_i_n_g.  At least one working greylist server must be
+listed in the _m_a_p file in the DCC home directory.  If more than one
+is named, they must "flood" or change checksums and they must use
+the same --GG parameters.  See dccd(8).  Usually all dccm or dccifd
+DCC client processes use the same --GG parameters.
+_I_P_m_a_s_k_/_x_x and _n_o_I_P remove part or all of the IP address from the
+greylist triple.  The CIDR block size, _x_x, must be between 1 and
+128.  96 is added to block sizes smaller than 33 to make them appro-
+priate for the IPv6 addresses used by the DCC.  _I_P_m_a_s_k_/_9_6 differs
+from _n_o_I_P for IPv4 addresses, because the former retains the IPv4 to
+IPv6 mapping prefix.
+--hh _h_o_m_e_d_i_r
+overrides the default DCC home directory, _/_v_a_r_/_d_c_c.
+--II _u_s_e_r
+specifies the UID and GID of the process.
+--pp _/_s_o_c_k_/_n_a_m_e | _h_o_s_t_,_p_o_r_t_,_r_h_o_s_t_/_b_i_t_s
+overrides the default address at which programs contact ddcccciiffdd.  The
+default is a UNIX domain socket named dccifd in the DCC home direc-
+tory.
+The second form specifies a local host name or IP address, a local
+TCP port number, and the host names or IP addresses of computers
+that can use ddcccciiffdd.  127.0.0.1 or _l_o_c_a_l_h_o_s_t are common choices for
+_h_o_s_t.  The string _@ specifies IN_ADDRANY or all local IP addresses.
+127.0.0.0/8 is a common choice for _r_h_o_s_t_/_b_i_t_s.
+--oo _/_s_o_c_k | _h_o_s_t_,_p_o_r_t
+enables SMTP proxy mode instead of the ASCII protocol and specifies
+the output connection when ddcccciiffdd acts as an SMTP proxy.  It is the
+address of the SMTP server for which ddcccciiffdd acts as SMTP client.
+When _/_s_o_c_k is _/_d_e_v_/_n_u_l_l, ddcccciiffdd acts as if there were downstream
+SMTP server that always answers "250 ok".  The string _@ specifies
+the same IP address as the incoming TCP connection.
+The input to ddcccciiffdd in SMTP proxy mode is specified with ----pp.  For
+example, --pp _1_2_7_._0_._0_._1_,_1_0_0_2_5_,_1_2_7_._0_._0_._1_/_3_2 --oo _1_2_7_._0_._0_._1_,_1_0_0_2_6 could be
+used to connect ddcccciiffdd with Postfix as described in the documenta-
+tion in version 2.2.1 Postfix documentation.
+See below concerning the subset of ESMTP used in this mode.
+--mm _m_a_p
+specifies a name or path of the memory mapped parameter file instead
+of the default _m_a_p file in the DCC home directory.  It should be
+created with the cdcc(8) command.
+--ww _w_h_i_t_e_c_l_n_t
+specifies an optional file containing filtering parameters as well
+as SMTP client IP addresses, SMTP envelope values, and header values
+of mail that is spam or is not spam and does not need a _X_-_D_C_C
+header, and whose checksums should not be reported to the DCC
+server.
+If the pathname _w_h_i_t_e_c_l_n_t is not absolute, it is relative to the DCC
+home directory.
+The format of the ddcccciiffdd whiteclnt file is the same as the _w_h_i_t_e_l_i_s_t
+files used by dbclean(8) and the _w_h_i_t_e_c_l_n_t file used by dccproc(8).
+See dcc(8) for a description of DCC white and blacklists.  Because
+the contents of the _w_h_i_t_e_c_l_n_t file are used frequently, a companion
+file is automatically created and maintained.  It has the same path-
+name but with an added suffix of _._d_c_c_w and contains a memory mapped
+hash table of the main file.
+A whitelist entry ("OK") or two or more semi-whitelistings ("OK2")
+for one of the message's checksums prevents all of the message's
+checksums from being reported to the DCC server and the addition of
+a _X_-_D_C_C header line by ddcccciiffdd A whitelist entry for a checksum also
+prevents rejecting or discarding the message based on DCC recipient
+counts as specified by --aa and --tt.  Otherwise, one or more checksums
+with blacklisting entries ("MANY") cause all of the message's check-
+sums to be reported to the server with an addressee count of "MANY".
+If the message has a single recipient, an _e_n_v___T_o _w_h_i_t_e_c_l_n_t entry of
+"OK" for the checksum of its recipient address acts like any other
+_w_h_i_t_e_c_l_n_t entry of "OK."  When the SMTP message has more than one
+recipient, the effects can be complicated.  When a message has sev-
+eral recipients with some but not all listed in the _w_h_i_t_e_c_l_n_t file,
+ddcccciiffdd tries comply with the wishes of the users who want filtering
+as well as those who don't by silently not delivering the message to
+those who want filtering (i.e. are not whitelisted) and delivering
+the message to don't want filtering.
+--UU _u_s_e_r_d_i_r_s
+enables per-user _w_h_i_t_e_c_l_n_t files and log directories.  Each target
+of a message can have a directory of log files named
+_u_s_e_r_d_i_r_s_/_a_d_d_r_/_l_o_g where _a_d_d_r is the local user or mailbox name com-
+puted by the MTA.  The name of each user's log directory must be
+_l_o_g.  If it is not absolute, _u_s_e_r_d_i_r_s is relative to the DCC home
+directory.  The directory containing the log files must be named _l_o_g
+and it must be writable by the ddcccciiffdd process.  Each log directory
+must exist or logging for the corresponding is silently disabled.
+The files created in the log directory are owned by the UID of the
+ddcccciiffdd process, but they have _g_r_o_u_p and _o_t_h_e_r read and write permis-
+sions copied from the corresponding _l_o_g directory.  To ensure the
+privacy of mail, it may be good to make the directories readable
+only by _o_w_n_e_r and _g_r_o_u_p, and to use a cron script that changes the
+owner of each file to match the grandparent _a_d_d_r directory.
+There can also be a per -user whitelist file named
+_u_s_e_r_d_i_r_s_/_a_d_d_r_/_w_h_i_t_e_c_l_n_t for each address _a_d_d_r_. Any checksum that is
+not white- or blacklisted by an individual addressee's _w_h_i_t_e_c_l_n_t
+file  is checked in the main --ww --wwhhiitteeccllnntt file.  A missing per-
+addressee _w_h_i_t_e_c_l_n_t file is the same as an empty file.  Relative
+paths for files included in per-addressee files are resolved in the
+DCC home directory.  The _w_h_i_t_e_c_l_n_t files and the _a_d_d_r directories
+containing them must be writable by the ddcccciiffdd process.
+_O_p_t_i_o_n lines in per-user whiteclnt files can be used to modify many
+aspects of ddcccciiffdd filtering, as described in the main dcc man page.
+For example, an _o_p_t_i_o_n _d_c_c_-_o_f_f line turns off DCC filtering for
+individual mailboxes.
+--aa _I_G_N_O_R_E | _R_E_J_E_C_T | _D_I_S_C_A_R_D
+specifies the action taken when ddcccciiffdd is in proxy mode with --oo and
+DCC server counts or --tt thresholds say that a message is unsolicited
+and bulk.  _I_G_N_O_R_E causes the message to be unaffected except for
+adding the _X_-_D_C_C header line to the message.  This turns off DCC
+filtering.
+Spam can also be _R_E_J_E_C_Ted or (when in proxy mode with --oo) accepted
+and silently _D_I_S_C_A_R_Ded without being delivered to local mailboxes.
+The default is _R_E_J_E_C_T.
+Mail forwarded via IP addresses marked _M_X or _M_X_D_C_C in the main
+_w_h_i_t_e_c_l_n_t file is treated as if --aa _D_I_S_C_A_R_D were specified.  This
+prevents "bouncing" spam.
+The effects of the --ww _w_h_i_t_e_c_l_n_t are not affected by --aa.
+--tt _t_y_p_e_,[_l_o_g_-_t_h_o_l_d_,]_r_e_j_-_t_h_o_l_d
+sets logging and "spam" thresholds for checksum _t_y_p_e.  The checksum
+types are _I_P, _e_n_v___F_r_o_m, _F_r_o_m, _M_e_s_s_a_g_e_-_I_D, _s_u_b_s_t_i_t_u_t_e, _R_e_c_e_i_v_e_d,
+_B_o_d_y, _F_u_z_1, _F_u_z_2, _r_e_p_-_t_o_t_a_l, and _r_e_p.  The first six, _I_P through
+_s_u_b_s_t_i_t_u_t_e, have no effect except when a local DCC server configured
+with --KK is used.  The _s_u_b_s_t_i_t_u_t_e thresholds apply to the first sub-
+stitute heading encountered in the mail message.  The string _A_L_L
+sets thresholds for all types, but is unlikely to be useful except
+for setting logging thresholds.  The string _C_M_N specifies the com-
+monly used checksums _B_o_d_y, _F_u_z_1, and _F_u_z_2.  _R_e_j_-_t_h_o_l_d and _l_o_g_-_t_h_o_l_d
+must be numbers, the string _N_E_V_E_R, or the string _M_A_N_Y indicating
+millions of targets.  Counts from the DCC server as large as the
+threshold for any single type are taken as sufficient evidence that
+the message should be logged or rejected.
+_L_o_g_-_t_h_o_l_d is the threshold at which messages are logged.  It can be
+handy to log messages at a lower threshold to find solicited bulk
+mail sources such as mailing lists.  If no logging threshold is set,
+only rejected mail and messages with complicated combinations of
+white and blacklisting are logged.  Messages that reach at least one
+of their rejection thresholds are logged regardless of logging
+thresholds.
+_R_e_j_-_t_h_o_l_d is the threshold at which messages are considered "bulk,"
+and so should be rejected or discarded if not whitelisted.
+DCC Reputation thresholds in the commercial version of the DCC are
+controlled by thresholds on checksum types _r_e_p and _r_e_p_-_t_o_t_a_l.  Mes-
+sages from an IP address that the DCC database says has sent more
+than --tt _r_e_p_-_t_o_t_a_l_,_l_o_g_-_t_h_o_l_d messages are logged.  A DCC Reputation
+is computed for messages received from IP addresses that have sent
+more than --tt _r_e_p_-_t_o_t_a_l_,_l_o_g_-_t_h_o_l_d messages.  The DCC Reputation of an
+IP address is the percentage of its messages that have been detected
+as bulk or having at least 10 recipients.  The defaults are equiva-
+lent to --tt _r_e_p_,_n_e_v_e_r and --tt _r_e_p_-_t_o_t_a_l_,_n_e_v_e_r_,_2_0.
+Bad DCC Reputations do not reject mail unless enabled by an _o_p_t_i_o_n
+_D_C_C_-_r_e_p_-_o_n line in a _w_h_i_t_e_c_l_n_t file.
+The checksums of locally whitelisted messages are not checked with
+the DCC server and so only the number of targets of the current copy
+of a whitelisted message are compared against the thresholds.
+The default is _A_L_L_,_N_E_V_E_R, so that nothing is discarded, rejected, or
+logged.  A common choice is _C_M_N_,_2_5_,_5_0 to reject or discard mail with
+common bodies except as overridden by the whitelist of the DCC
+server, the sendmail _$_{_d_c_c___i_s_s_p_a_m_} and _$_{_d_c_c___n_o_t_s_p_a_m_} macros, and
+--gg, and --ww.
+--gg [_n_o_t_-]_t_y_p_e
+indicates that whitelisted, _O_K or _O_K_2, counts from the DCC server
+for a type of checksum are to be believed.  They should be ignored
+if prefixed with _n_o_t_-.  _T_y_p_e is one of the same set of strings as
+for --tt.  Only _I_P, _e_n_v___F_r_o_m, and _F_r_o_m are likely choices.  By default
+all three are honored, and hence the need for _n_o_t_-.
+--SS _h_d_r
+adds to the list of substitute or locally chosen headers that are
+checked with the --ww _w_h_i_t_e_c_l_n_t file and sent to the DCC server.  The
+checksum of the last header of type _h_d_r found in the message is
+checked.  _H_d_r can be _H_E_L_O to specify the SMTP envelope HELO value.
+_H_d_r can also be _m_a_i_l___h_o_s_t to specify the host name from the
+Mail_from value in the SMTP envelope.  As many as six different sub-
+stitute headers can be specified, but only the checksum of the first
+of the six will be sent to the DCC server.
+--ll _l_o_g_d_i_r
+specifies a directory in which files containing copies of messages
+processed by ddcccciiffdd are kept.  They can be copied to per-user direc-
+tories specified with --UU.  Information about other recipients of a
+message is deleted from the per-user copies.
+See the FILES section below concerning the contents of the files.
+See also the _o_p_t_i_o_n _l_o_g_-_s_u_b_d_i_r_e_c_t_o_r_y_-_{_d_a_y_,_h_o_u_r_,_m_i_n_u_t_e_} lines in
+_w_h_i_t_e_c_l_n_t files described in dcc(8).
+The directory is relative to the DCC home directory if it is not
+absolute
+--RR _r_u_n_d_i_r
+specifies the "run" directory where the file containing the daemon's
+process ID is stored.  The default value is _/_v_a_r_/_r_u_n_/_d_c_c.
+--TT _t_m_p_d_i_r
+changes the default directory for temporary files from the default.
+The default is the directory specified with --ll or the system default
+if --ll is not used.  The system default is often _/_t_m_p.
+--DD _l_o_c_a_l_-_d_o_m_a_i_n
+specifies a host or domain name by which the system is known.  There
+can be several --DD settings.
+To find the per-user log directory and whitelist for each mail
+recipient, ddcccciiffdd must know each recipient's user name.  The ASCII
+protocol used between and the MTA includes an optional user name
+with each SMTP recipient address.  When the user name is absent when
+the ASCII protocol is used or when the subset of ESMTP enabled with
+--oo is used, and when the SMTP recipient address includes an _a_t _s_i_g_n
+(@) each mail address is checked against the list of _l_o_c_a_l_-_d_o_m_a_i_ns.
+The part of the recipient address remaining after longest matching
+_l_o_c_a_l_-_d_o_m_a_i_n (if any) is taken as the user name.  The match is
+anchored at the right or the end of the recipient address.  It must
+start at a period (.) or _a_t _s_i_g_n (@) in the domain name part of the
+address.
+If _l_o_c_a_l_-_d_o_m_a_i_n starts with an asterisk (*) indicating a wildcard,
+preceding sub-domain names are discarded to compute the user name.
+Otherwise, the computed user name will include any unmatched sub-
+domain names.
+The default value of _l_o_c_a_l_-_d_o_m_a_i_n when there are no --DD settings is
+the host name of the system.
+--rr _r_e_j_e_c_t_i_o_n_-_m_s_g
+specifies the rejection message in --oo proxy mode for unsolicited
+bulk mail or for mail temporarily blocked by _g_r_e_y_l_i_s_t_i_n_g when --GG is
+specified.  The first --rr _r_e_j_e_c_t_i_o_n_-_m_s_g replaces the default bulk
+mail rejection message, "5.7.1 550 mail %ID from %CIP rejected by
+DCC".  The second replaces "4.2.1 452 mail %ID from %CIP temporary
+greylist embargoed".  The third --rr _r_e_j_e_c_t_i_o_n_-_m_s_g replaces the
+default SMTP rejection message "5.7.1 550 %ID bad reputation; see
+http://commercial-dcc.rhyolite.com/cgi-bin/reps.cgi?tgt=%CIP" for
+mail with bad DCC Reputations.  If _r_e_j_e_c_t_i_o_n_-_m_s_g is the zero-length
+string, the --rr setting is counted but the corresponding message is
+not changed.
+_R_e_j_e_c_t_i_o_n_-_m_s_g can contain specific information about the mail mes-
+sage.  The following strings starting with % are replaced with the
+corresponding values:
+%ID       message ID such as the unique part of log file name or
+sendmail queue ID
+%CIP      SMTP client IP address
+%BTYPE    type of DNS blacklist hit, such as "SMTP client",
+"mail_host", or "URL NS"
+%BTGT     IP address or name declared bad by DNS blacklist
+%BPROBE   domain name found in DNS blacklist such as
+4.3.2.10.example.com
+%BRESULT  value of the %BPROBE domain name found in DNS black-
+list
+A common alternate for the bulk mail rejection message is "4.7.1 451
+Access denied by DCC" to tell the sending mail system to continue
+trying.  Use a 4yz response with caution, because it is likely to
+delay for days a delivery failure message for false positives.  If
+the rejection message does not start with an RFC 1893 status code
+and RFC 2821 reply code, 5.7.1 and 550 or 4.2.1 and 452 are used.
+See also --BB _s_e_t_:_r_e_j_-_m_s_g_=_r_e_j_e_c_t_i_o_n_-_m_s_g to set the status message for
+mail rejected by DNS blacklists.
+--jj _m_a_x_j_o_b_s
+limits the number of simultaneous requests that will be processed.
+The default value is the maximum number that seems to be possible
+given system limits on open files, select() bit masks, and so forth.
+Start ddcccciiffdd with --dd and see the starting message in the system log
+to see the limit.
+--BB _d_n_s_b_l_-_o_p_t_i_o_n
+enables DNS blacklist checks of the SMTP client IP address, SMTP
+envelope Mail_From sender domain name, and of host names in URLs in
+the message body.  Body URL blacklisting has too many false posi-
+tives to use on abuse mailboxes.  It is less effective than
+greylisting with dccm(8) or dccifd(8) but can be useful in situa-
+tions where greylisting cannot be used.
+_D_n_s_b_l_-_o_p_t_i_o_n is either one of the --BB _s_e_t_:_o_p_t_i_o_n forms or
+--BB _d_o_m_a_i_n[_,_I_P_a_d_d_r[_/_x_x[_,_b_l_t_y_p_e]]]
+_D_o_m_a_i_n is a DNS blacklist domain such as example.com that will be
+searched.  _I_P_a_d_d_r[_/_x_x_x] is the string "any" an IP address in the DNS
+blacklist that indicates that the mail message should be rejected,
+or a CIDR block covering results from the DNS blacklist.
+"127.0.0.2" is assumed if _I_P_a_d_d_r is absent.  IPv6 addresses can be
+specified with the usual colon (:) notation.  Names can be used
+instead of numeric addresses.  The type of DNS blacklist is speci-
+fied by _b_l_t_y_p_e as _n_a_m_e, _I_P_v_4, or _I_P_v_6.  Given an envelope sender
+domain name or a domain name in a URL of spam.domain.org and a
+blacklist of type _n_a_m_e, spam.domain.org.example.com will be tried.
+Blacklist types of _I_P_v_4 and _I_P_v_6 require that the domain name in a
+URL sender address be resolved into an IPv4 or IPv6 address.  The
+address is then written as a reversed string of decimal octets to
+check the DNS blacklist, as in 2.0.0.127.example.com,
+More than one blacklist can be specified and blacklists can be
+grouped.  All searching within a group is stopped at the first posi-
+tive result.
+Positive results are ignored after being logged unless an
+_o_p_t_i_o_n _D_N_S_B_L_-_o_n line appears in the global or per-user _w_h_i_t_e_c_l_n_t
+file.
+--BB _s_e_t_:_n_o_-_c_l_i_e_n_t
+says that SMTP client IP addresses and reverse DNS domain names
+should not be checked in the following blacklists.
+--BB _s_e_t_:_c_l_i_e_n_t restores the default for the following black-
+lists.
+--BB _s_e_t_:_n_o_-_m_a_i_l___h_o_s_t
+says that SMTP envelope Mail_From sender domain names should
+not be checked in the following blacklists.  --BB _s_e_t_:_m_a_i_l___h_o_s_t
+restores the default.
+--BB _s_e_t_:_n_o_-_U_R_L
+says that URLs in the message body should not be checked in the
+in the following blacklists.  --BB _s_e_t_:_U_R_L restores the default.
+--BB _s_e_t_:_n_o_-_M_X
+says MX servers of sender Mail_From domain names and host names
+in URLs should not be checked in the following blacklists.
+--BB _s_e_t_:_M_X restores the default.
+--BB _s_e_t_:_n_o_-_N_S
+says DNS servers of sender Mail_From domain names and host
+names in URLs should not be checked in the following black-
+lists.  --BB _s_e_t_:_N_S restores the default.
+--BB _s_e_t_:_d_e_f_a_u_l_t_s
+is equivalent to all of --BB _s_e_t_:_n_o_-_t_e_m_p_-_f_a_i_l --BB _s_e_t_:_c_l_i_e_n_t
+--BB _s_e_t_:_m_a_i_l___h_o_s_t --BB _s_e_t_:_U_R_L --BB _s_e_t_:_M_X and --BB _s_e_t_:_N_S
+--BB _s_e_t_:_g_r_o_u_p_=_X
+adds later DNS blacklists specified with
+--BB _d_o_m_a_i_n[_,_I_P_a_d_d_r[_/_x_x[_,_b_l_t_y_p_e]]]
+to group 1, 2, or 3.
+--BB _s_e_t_:_d_e_b_u_g_=_X
+sets the DNS blacklist logging level
+--BB _s_e_t_:_m_s_g_-_s_e_c_s_=_S
+limits ddcccciiffdd to _S seconds total for checking all DNS black-
+lists.  The default is 25.
+--BB _s_e_t_:_U_R_L_-_s_e_c_s_=_S
+limits ddcccciiffdd to at most _S seconds resolving and checking any
+single URL.  The default is 11.  Some spam contains dozens of
+URLs and that some "spamvertised" URLs contain host names that
+need minutes to resolve.  Busy mail systems cannot afford to
+spend minutes checking each incoming mail message.
+--BB _s_e_t_:_r_e_j_-_m_s_g_=_r_e_j_e_c_t_i_o_n_-_m_s_g
+sets the SMTP rejection message for the following blacklists.
+_R_e_j_e_c_t_i_o_n_-_m_s_g must be in the same format as for --rr.  If
+_r_e_j_e_c_t_i_o_n_-_m_s_g is null, the default is restored.  The default
+DNS blacklist rejection message is the first message set with
+--rr.
+--BB _s_e_t_:_t_e_m_p_-_f_a_i_l
+causes ddcccciiffdd to the MTA to answer the SMTP DATA command with
+452 4.2.1 mail %ID from %CIP temporary delayed for DNSBL
+if any DNS answer required for a DNSBL in the current group
+times out, including resolving names in URLs.
+--BB _s_e_t_:_n_o_-_t_e_m_p_-_f_a_i_l
+restores the default of assuming a negative answer for DNS
+responses that take too long.
+--BB _s_e_t_:_m_a_x_j_o_b_s_=_X
+sets maximum number of helper processes to _X.  In order to use
+typical single-threaded DNS resolver libraries, ddcccciiffdd uses
+fleets of helper processes.  It is rarely a good idea to change
+the default, which is the same as the maximum number of simul-
+taneous jobs set with --jj.
+--BB _s_e_t_:_p_r_o_g_p_a_t_h_=_/_v_a_r_/_d_c_c_/_l_i_b_e_x_e_c_/_d_n_s_-_h_e_l_p_e_r
+changes the path to the helper program.
+--LL _l_t_y_p_e_,_f_a_c_i_l_i_t_y_._l_e_v_e_l
+specifies how messages should be logged.  _L_t_y_p_e must be _e_r_r_o_r, _i_n_f_o,
+or _o_f_f to indicate which of the two types of messages are being con-
+trolled or to turn off all syslog(3) messages from ddcccciiffdd.  _L_e_v_e_l
+must be a syslog(3) level among _E_M_E_R_G, _A_L_E_R_T, _C_R_I_T, _E_R_R, _W_A_R_N_I_N_G,
+_N_O_T_I_C_E, _I_N_F_O, and _D_E_B_U_G.  _F_a_c_i_l_i_t_y must be among _A_U_T_H, _A_U_T_H_P_R_I_V,
+_C_R_O_N, _D_A_E_M_O_N, _F_T_P, _K_E_R_N, _L_P_R, _M_A_I_L, _N_E_W_S, _U_S_E_R, _U_U_C_P, and _L_O_C_A_L_0
+through _L_O_C_A_L_7.  The default is equivalent to
+--LL _i_n_f_o_,_M_A_I_L_._N_O_T_I_C_E --LL _e_r_r_o_r_,_M_A_I_L_._E_R_R
+ddcccciiffdd normally sends counts of mail rejected and so forth to the system
+log at midnight.  The SIGUSR1 signal sends an immediate report to the
+system log.  The reports will be repeated every 24 hours at the same
+minute as the signal instead of at midnight.
+PPrroottooccooll
+DDcccciiffdd uses a simple ASCII protocol to receive mail messages to be
+checked and to return results.  For each message, the MTA must open a
+connection to the interface daemon, send options, envelope recipients,
+and the message, receive the results, and close the connection.
+Instead of the ASCII protocol, a subset of ESMTP is enabled by --oo.  Only
+the familiar HELO, EHLO, Mail, Rcpt, DATA, RSET, and QUIT commands and
+the Postfix extensions XFORWARD and XCLIENT are honored.  Since SMTP has
+no provisions for user names, the protocol enabled by --oo depends on a
+list of local domain names specified with --DD to find per-user log direc-
+tories and whitelist files.  If neither XFORWARD nor XCLIENT are used,
+ddcccciiffdd uses the IP address of the MTA and the value of the HELO command.
+In the ASCII protocol, each of the following lines are sent in order to
+ddcccciiffdd.  Each ends with a newline ('\n') character.
+options     zero or more blank-separated strings among:
+_s_p_a_m        the message is already known to be spam
+_b_o_d_y        return all of the headers with the added
+_X_-_D_C_C header line and the body
+_h_e_a_d_e_r      return the _X_-_D_C_C header
+_q_u_e_r_y       ask the DCC server about the message without
+reporting it, as if ddcccciiffdd were running with
+--QQ.
+_g_r_e_y_-_q_u_e_r_y  only query the greylist server for this mes-
+sage.  --GG _o_n must be in use.
+_n_o_-_r_e_j_e_c_t   suppress the overall, one character line 'R'
+result.  This can be useful when using ddcccciiffdd
+only for greylisting.
+_l_o_g         ensure that this message is logged as if
+ddcccciiffdd were running with --tt --aallll,,00,,
+client      IP address of the SMTP client in a "dotted" or "coloned"
+ASCII string and reverse-DNS host name.  If the host name
+is present, it must follow a carriage return character
+('\r') after the IP address.  The client IP address must be
+present and non-null if the host name is present.  The
+string "0.0.0.0\n" is understood the same as the null
+string, meaning that both the IP address and host name are
+absent.  If the client IP address is absent, then the IP
+address and host name are taken from the first non-local
+Received header if it has the standard "name (name [IP
+address])..." format.  Non-standard Received headers com-
+monly added by qmail as well as Received headers specifying
+IP addresses marked _M_X or _M_X_D_C_C in the global --ww _w_h_i_t_e_c_l_n_t
+file are skipped.
+HELO        SMTP HELO value or nothing, followed by a newline ('\n')
+character.  If the HELO value is null and the IP address of
+the SMTP client are not supplied, they will be taken from
+the same Received: header that supplies the IP address.
+sender      or SMTP _M_a_i_l _F_r_o_m command value for the env_from checksum.
+If the sender is null, the contents of the first Return-
+Path: or UNIX style From_ header is used.
+recipients  or SMTP _R_c_p_t _T_o recipient mailboxes followed by correspond-
+ing local user names, one (mailbox,user) pair to a line.
+Each optional local user name is separated from the corre-
+sponding mailbox recipient address by a carriage return
+('\r').  A local user name can be null if it is not known,
+but each recipient mailbox must be non-null.  If there are
+no lines of (mailbox,user) pairs and if the _s_p_a_m option is
+not included, then the _q_u_e_r_y is assumed.  Mailboxes without
+user names will lack per-user log files and will not invoke
+a per-user whitelist.
+The last recipient-user name pair is followed by an empty line and the
+headers and body of the message.  The end of the body of the mail message
+is signaled by the MTA half-closing the connection.  See shutdown(2).
+DDcccciiffdd responds with three things.  First is a one character line of the
+overall result advising the MTA:
+A    accept the message for all recipients and answer the SMTP DATA
+command with a 2yz result.
+G    answer with a 4yz result to embargo the message for greylisting.
+R    reject the message and answer the DATA command with a 5yz result.
+S    accept the message for some recipients and so answer the DATA com-
+mand with a 2yz result.
+T    temporary failure by the DCC system and so answer with a 4yz
+result.
+Second is a line of characters indicating the disposition of the message
+for each corresponding recipient:
+A    deliver the message
+G    discard the message during a greylist embargo
+R    discard the message as spam
+The SMTP protocol allows only a single result for the DATA command for
+all recipients that were not rejected before body of the message was
+offered with the DATA command.  To accept the message for some recipients
+and reject it for others, the MTA must tell the SMTP client it is accept-
+ing the message for all recipients and then discard it for those that
+would reject it.
+Finally, if the _b_o_d_y or _h_e_a_d_e_r strings are in the first line of _o_p_t_i_o_n_s
+sent by the MTA to the daemon, then the _X_-_D_C_C header line or the entire
+body with the _X_-_D_C_C header line follows.
+FFIILLEESS
+/var/dcc    is the DCC home directory in which other files are found.
+/var/dcc/libexec/start-dccifd
+and
+/var/dcc/libexec/rcDCC
+are scripts used to start the daemon.
+dcc/dcc_conf
+contains parameters used by the scripts to start DCC daemons
+and cron jobs.
+logdir      is an optional directory specified with --ll and containing
+marked mail.  Each file in the directory contains one mes-
+sage, at least one of whose checksums reached its --tt thresh-
+olds or that is interesting for some other reason.  Each file
+starts with lines containing the date when the message was
+received, the IP address of the SMTP client, and SMTP enve-
+lope values.  Those lines are followed by the body of the
+SMTP message including its header as it was received.  Only
+approximately the first 32 KBytes of the body are recorded
+unless modified by _._/_c_o_n_f_i_g_u_r_e _-_-_w_i_t_h_-_m_a_x_-_l_o_g_-_s_i_z_e_=_x_x The
+checksums for the message follow the body.  They are followed
+by lines indicate that one of the checksums is white- or
+blacklisted by the --ww _w_h_i_t_e_c_l_n_t file.  Each log file ends
+with the _X_-_D_C_C header line added to the message and the dis-
+position of the message.
+map         is the memory mapped file of information concerning DCC
+servers in the DCC home directory.
+whiteclnt   contains the client whitelist in the format described in
+dcc(8).
+whiteclnt.dccw
+is a memory mapped hash table of the _w_h_i_t_e_c_l_n_t file.
+dccifd.pid  in the --RR _r_u_n_d_i_r directory contains daemon's process ID.
+EEXXAAMMPPLLEESS
+Dccifd can be used as Postfix Before-Queue Content filter.  In some tests
+these values for --pp and --oo in _d_c_c___c_o_n_f.
+DCCIFD_ENABLE=on
+DCCIFD_ARGS="-p 127.0.0.1,10025,127.0.0.1/32 -o 127.0.0.1,10026
+worked with these lines in /etc/postfix/master.cf
+smtp      inet  n       -       n       -       -       smtpd
+-o smtpd_proxy_filter=127.0.0.1:10025
+127.0.0.1:10026 inet n  -       n       -        -      smtpd
+-o smtpd_authorized_xforward_hosts=127.0.0.0/8
+-o smtpd_client_restrictions=
+-o smtpd_helo_restrictions=
+-o smtpd_sender_restrictions=
+-o smtpd_recipient_restrictions=permit_mynetworks,reject
+-o smtpd_data_restrictions=
+-o mynetworks=127.0.0.0/8
+-o receive_override_options=no_unknown_recipient_checks
+SSEEEE AALLSSOO
+cdcc(8), dbclean(8), dcc(8), dccd(8), dblist(8), dccm(8), dccproc(8),
+dccsight(8),
+HHIISSTTOORRYY
+Implementation of ddcccciiffdd Distributed Checksum Clearinghouses are based on
+an idea of Paul Vixie with code designed and written at Rhyolite Software
+starting in 2000.  was started at Rhyolite Software in 2002.  This docu-
+ment describes version 1.3.103.
+BBUUGGSS
+ddcccciiffdd uses --tt where dccproc(8) uses --cc.
+By default ddcccciiffdd look for its UNIX domain socket in the DCC home direc-
+tory, but dccm(8) looks in its --RR _r_u_n_d_i_r.
+Systems without setrlimit(2) and getrlimit(2) RLIMIT_NOFILE can have
+problems with the default limit on the number of simultaneous jobs, the
+value of --jj.  Every job requires four open files.  These problems are
+usually seen with errors messages that say something like
+dccifd[24448]: DCC: accept(): Result too large
+A fix is to use a smaller value for --jj or to allow ddcccciiffdd to open more
+files.
+February 26, 2009

Mercurial > notdcc

comparison dccifd.0 @ 0:c7f6b056b673