notdcc: dccifd.8.in comparison

comparison dccifd.8.in @ 0:c7f6b056b673

First import of vendor version

author	Peter Gervai <grin@grin.hu>
date	Tue, 10 Mar 2009 13:49:58 +0100
parents
children

comparison

equal deleted inserted replaced

--1:000000000000
+:c7f6b056b673
+.\" Copyright (c) 2008 by Rhyolite Software, LLC
+.\"
+.\" This agreement is not applicable to any entity which sells anti-spam
+.\" solutions to others or provides an anti-spam solution as part of a
+.\" security solution sold to other entities, or to a private network
+.\" which employs the DCC or uses data provided by operation of the DCC
+.\" but does not provide corresponding data to other users.
+.\"
+.\" Permission to use, copy, modify, and distribute this software without
+.\" changes for any purpose with or without fee is hereby granted, provided
+.\" that the above copyright notice and this permission notice appear in all
+.\" copies and any distributed versions or copies are either unchanged
+.\" or not called anything similar to "DCC" or "Distributed Checksum
+.\" Clearinghouse".
+.\"
+.\" Parties not eligible to receive a license under this agreement can
+.\" obtain a commercial license to use DCC by contacting Rhyolite Software
+.\" at sales@rhyolite.com.
+.\"
+.\" A commercial license would be for Distributed Checksum and Reputation
+.\" Clearinghouse software.  That software includes additional features.  This
+.\" free license for Distributed ChecksumClearinghouse Software does not in any
+.\" way grant permision to use Distributed Checksum and Reputation Clearinghouse
+.\" software
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND RHYOLITE SOFTWARE, LLC DISCLAIMS ALL
+.\" WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL RHYOLITE SOFTWARE, LLC
+.\" BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
+.\" OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+.\" WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+.\" ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+.\"
+.\" Rhyolite Software DCC 1.3.103-1.102 $Revision$
+.\"
+.Dd February 26, 2009
+.ds volume-ds-DCC Distributed Checksum Clearinghouse
+.Dt dccifd 8 DCC
+.Os " "
+.Sh NAME
+.Nm dccifd
+.Nd Distributed Checksum Clearinghouse Interface Daemon
+.Sh SYNOPSIS
+.Bk -words
+.Nm
+.Op Fl VdbxANQ
+.Op Fl G Ar on | off | noIP | IPmask/xx
+.Op Fl h Ar homedir
+.Op Fl I Ar user
+.Op Fl p Ar /sock | host,port,rhost/bits
+.Op Fl o Ar /sock | host,port
+.br
+.Op Fl D Ar local-domain
+.Op Fl m Ar map
+.Op Fl w Ar whiteclnt
+.Op Fl U Ar userdirs
+.br
+.Op Fl a Ar IGNORE | REJECT | DISCARD
+.Oo
+.Fl t Xo
+.Sm off
+.Ar type,
+.Op Ar log-thold,
+.Ar rej-thold
+.Sm on
+.Xc
+.Oc
+.br
+.Oo
+.Fl g Xo
+.Sm off
+.Op Ar not-
+.Ar type
+.Sm on
+.Xc
+.Oc
+.Op Fl S Ar header
+.Op Fl l Ar logdir
+.Op Fl R Ar rundir
+.Op Fl r Ar rejection-msg
+.Op Fl T Ar tmpdir
+.Op Fl j Ar maxjobs
+.br
+.Op Fl B Ar dnsbl-option
+.Op Fl L Ar ltype,facility.level
+.Ek
+.Sh DESCRIPTION
+.Pp
+.Nm
+is a daemon intended to connect spam filters such as SpamAssasin
+and mail transfer agents (MTAs) other than sendmail to DCC servers.
+The MTA or filter
+.Nm
+which in turn reports related checksums to the nearest DCC server
+and adds an
+.Em X-DCC
+SMTP header line to the message.
+The MTA is told to reject the message if it is unsolicited bulk.
+.Pp
+.Nm Dccifd
+is similar to the DCC sendmail milter interface,
+.Xr dccm 8
+and the DCC Procmail interface,
+.Xr dccproc 8 .
+.Nm Dccifd
+is more efficient than
+.Xr dccproc 8
+but not restricted to use with sendmail like
+.Xr dccm 8 .
+All three send reports of checksums related to mail received by DCC clients
+and queries about the total number of reports of particular checksums.
+.Pp
+MTA programs use a simple ASCII protocol a subset of SMTP to send
+a mail message including its SMTP envelope to the daemon.
+.Nm Dccifd
+responds with an indication of whether the message is unsolicited bulk
+and an optional copy of the message with an
+.Em X-DCC
+header added.
+The ASCII protocol is described below and in the
+.Pa include/dccif.h
+file in the DCC source.
+There is a sample C interface routine in the
+.Pa dcclib/dccif.c
+file in the DCC source and the
+.Pa dcclib.a
+library generated from the source.
+A
+.Em Perl
+version of the interface routine is in
+.Pa dccifd/dccif.pl .
+Test or demonstration programs in the style of
+.Xr dccproc 8
+that use those interface routines are in
+.Pa dccifd/dccif-test .
+.Pp
+A subset of ESMTP can be used instead of the ASCII protocol
+to connect
+.Nm
+to postfix as a "Before-Queue Content Filter."
+See the
+.Fl o
+flag.
+.Pp
+Since the checksums of messages that are whitelisted locally
+by the
+.Fl w Ar whiteclnt
+file are not reported to the DCC server,
+.Nm
+knows nothing about the total recipient counts for their checksums and
+so cannot add
+.Em X-DCC
+header lines to such messages.
+.Pp
+Enable the daemon and put its parameters in the
+.Pa dcc_conf
+file and start the daemon with the
+.Pa start-dccifd
+script.
+.Pp
+The list of servers that
+.Nm
+contacts is in the memory mapped file
+.Pa map
+shared by local DCC clients.
+The file is  maintained with
+.Xr cdcc 8 .
+.Ss OPTIONS
+The following options are available:
+.Bl -tag -width 3n
+.It Fl V
+displays the version of
+.Nm .
+.It Fl d
+enables debugging output from the DCC client software.
+Additional
+.Fl d
+options increase the number of messages.
+A single
+.Fl d
+aborted SMTP transactions including those from some "dictionary attacks."
+.It Fl b
+causes the daemon to not detach itself from the controlling tty
+and put itself into the background.
+.It Fl x
+causes the daemon to try "extra hard" to contact a DCC server.
+Since it is usually more important to deliver mail than to report its
+checksums,
+.Nm
+normally does not delay too long while trying to contact a DCC server.
+It will not try again for several seconds after a failure.
+With
+.Fl x ,
+it will always try to contact the DCC server
+and it will tell the MTA to answer the DATA command with a 4yz
+temporary failure.
+.It Fl A
+adds to existing X-DCC headers in the message
+instead of replacing existing headers
+of the brand of the current server.
+.It Fl N
+neither adds, deletes, nor replaces existing X-DCC headers in the message.
+Each message is logged, rejected, and otherwise handled the same.
+.It Fl Q
+only queries the DCC server about the checksums of messages
+instead of reporting and querying.
+This is useful when
+.Nm
+is used to filter mail that has already been reported to a DCC
+server by another DCC client.
+No single mail message should be reported to a DCC
+server more than once per recipient,
+because each report will increase the apparent "bulkness" of the message.
+.Pp
+It is better to use
+.Em MXDCC
+lines in the global
+.Pa whiteclnt
+file for your MX mail servers that use DCC than
+.Fl Q .
+.It Fl G Ar on | off | noIP | IPmask/xx
+controls
+.Em greylisting .
+At least one working greylist server must be listed in the
+.Pa map
+file in the DCC home directory.
+If more than one is named,
+they must "flood" or change checksums and they must use the
+same
+.Fl G
+parameters.
+See
+.Xr dccd 8 .
+Usually all dccm or dccifd DCC client processes use the same
+.Fl G
+parameters.
+.Pp
+.Ar IPmask/xx
+and
+.Ar noIP
+remove part or all of the IP address from the greylist triple.
+The CIDR block size,
+.Ar xx ,
+must be between 1 and 128.
+96 is added to block sizes smaller than 33 to make them appropriate for
+the IPv6 addresses used by the DCC.
+.Ar IPmask/96
+differs from
+.Ar noIP
+for IPv4 addresses,
+because the former retains the IPv4 to IPv6 mapping prefix.
+.It Fl h Ar homedir
+overrides the default DCC home directory,
+.Pa @prefix@ .
+.It Fl I Ar user
+specifies the UID and GID of the process.
+.It Fl p Ar /sock/name | host,port,rhost/bits
+overrides the default address at which programs contact
+.Nm dccifd .
+The default is a UNIX domain socket named dccifd in the DCC home directory.
+.Pp
+The second form specifies a local host name or IP address,
+a local TCP port number,
+and the host names or IP addresses of computers that can use
+.Nm dccifd .
+127.0.0.1 or
+.Em localhost
+are common choices for
+.Ar host .
+The string
+.Ar @
+specifies IN_ADDRANY or all local IP addresses.
+127.0.0.0/8 is a common choice for
+.Ar rhost/bits .
+.It Fl o Ar /sock | host,port
+enables SMTP proxy mode instead of the ASCII protocol
+and specifies the output connection when
+.Nm
+acts as an SMTP proxy.
+It is the address of the SMTP server
+for which
+.Nm
+acts as SMTP client.
+When
+.Ar /sock
+is
+.Pa /dev/null ,
+.Nm
+acts as if there were downstream SMTP server that always answers "250\ ok".
+The string
+.Ar @
+specifies the same IP address as the incoming TCP connection.
+.Pp
+The input to
+.Nm
+in SMTP proxy mode is specified with
+.Fl -p .
+For example,
+.Fl p Ar 127.0.0.1,10025,127.0.0.1/32 Fl o Ar 127.0.0.1,10026
+could be used to connect
+.Nm
+with Postfix as described in the documentation in version 2.2.1 Postfix
+documentation.
+.Pp
+See below concerning the subset of ESMTP used in this mode.
+.It Fl m Ar map
+specifies a name or path of the memory mapped parameter file instead
+of the default
+.Pa map
+file in the DCC home directory.
+It should be created with the
+.Xr cdcc 8
+command.
+.It Fl w Ar whiteclnt
+specifies an optional file containing filtering parameters
+as well as SMTP client IP addresses,
+SMTP envelope values, and header values
+of mail that is spam or is not spam and does not need a
+.Em X-DCC
+header,
+and whose checksums should not be reported to the DCC server.
+.Pp
+If the pathname
+.Ar whiteclnt
+is not absolute, it is relative to the DCC home directory.
+.Pp
+The format of the
+.Nm
+whiteclnt file is the same as the
+.Pa whitelist
+files used by
+.Xr dbclean 8
+and the
+.Pa whiteclnt
+file used by
+.Xr dccproc 8 .
+See
+.Xr dcc 8
+for a description of DCC white and blacklists.
+Because the contents of the
+.Ar whiteclnt
+file are used frequently, a companion file is automatically
+created and maintained.
+It has the same pathname but with an added suffix of
+.Ar .dccw
+and contains a memory mapped hash table of the main file.
+.Pp
+A whitelist entry ("OK") or two or more semi-whitelistings ("OK2")
+for one of the message's checksums prevents all of
+the message's checksums from being reported to the DCC server
+and the addition of a
+.Em X-DCC
+header line by
+.Nm
+A whitelist entry for a checksum
+also prevents rejecting or discarding the message based on DCC recipient
+counts as specified by
+.Fl a
+and
+.Fl t .
+Otherwise, one or more checksums with blacklisting entries ("MANY") cause
+all of the message's
+checksums to be reported to the server with an addressee count of "MANY".
+.Pp
+If the message has a single recipient, an
+.Ar env_To
+.Ar whiteclnt
+entry of "OK" for the checksum of its recipient address acts like any other
+.Ar whiteclnt
+entry of "OK."
+When the SMTP message has more than one recipient,
+the effects can be complicated.
+When a message has several recipients with some but not all listed in the
+.Ar whiteclnt
+file,
+.Nm
+tries comply with the wishes of the users who want filtering as
+well as those who don't by silently not delivering the message to
+those who want filtering (i.e. are not whitelisted) and delivering
+the message to don't want filtering.
+.It Fl U Ar userdirs
+enables per-user
+.Pa whiteclnt
+files and log directories.
+Each target of a message can have a directory of log files named
+.Ar userdirs/addr/log
+where
+.Ar addr
+is the local user or mailbox name computed by the MTA.
+The name of each user's log directory must be
+.Ar log .
+If it is not absolute,
+.Ar userdirs
+is relative to the DCC home directory.
+The directory containing the log files must be named
+.Ar log
+and it must be writable by the
+.Nm
+process.
+Each log directory must exist or logging for the corresponding
+is silently disabled.
+The files created in the log directory are owned by the UID of the
+.Nm
+process,
+but they have
+.Em group
+and
+.Em other
+read and write permissions copied from the corresponding
+.Ar log
+directory.
+To ensure the privacy of mail,
+it may be good to make the directories readable only by
+.Em owner
+and
+.Em group ,
+and to use a
+.Xr cron
+script that changes the owner of each file to match the grandparent
+.Ar addr
+directory.
+.Pp
+There can also be a per -user whitelist file named
+.Ar userdirs/addr/whiteclnt
+for each address
+.Ar addr.
+Any checksum that is not white- or blacklisted by an individual
+addressee's
+.Pa whiteclnt
+file  is checked in the main
+.Fl w whiteclnt
+file.
+A missing per-addressee
+.Ar whiteclnt
+file is the same as an empty file.
+Relative paths for files included in per-addressee files
+are resolved in the DCC home directory.
+The
+.Ar whiteclnt
+files and the
+.Ar addr
+directories containing them must be writable by the
+.Nm
+process.
+.Pp
+.Ar Option
+lines in per-user whiteclnt files can be used to modify many aspects of
+.Nm
+filtering,
+as described in the main
+.Xr dcc
+man page.
+For example, an
+.Ar option dcc-off
+line turns off DCC filtering for individual mailboxes.
+.It Fl a Ar IGNORE | REJECT | DISCARD
+specifies the action taken when
+.Nm
+is in proxy mode with
+.Fl o
+and
+DCC server counts or
+.Fl t
+thresholds say that a message is unsolicited and bulk.
+.Ar IGNORE
+causes the message to be unaffected except for adding the
+.Em X-DCC
+header line to the message.
+This turns off DCC filtering.
+.Pp
+Spam can also be
+.Ar REJECT Ns ed
+or (when in proxy mode with
+.Fl o )
+accepted and silently
+.Ar DISCARD Ns ed
+without being delivered to local mailboxes.
+The default is
+.Ar REJECT .
+.Pp
+Mail forwarded via IP addresses marked
+.Em MX
+or
+.Em MXDCC
+in the main
+.Pa whiteclnt
+file is treated
+as if
+.Fl a Ar DISCARD
+were specified.
+This prevents "bouncing" spam.
+.Pp
+The effects of the
+.Fl w Ar whiteclnt
+are not affected by
+.Fl a .
+.It Fl t Xo
+.Sm off
+.Ar type,
+.Op Ar log-thold,
+.Ar rej-thold
+.Sm on
+.Xc
+sets logging and "spam" thresholds for checksum
+.Ar type .
+The checksum types are
+.Ar IP ,
+.Ar env_From ,
+.Ar From ,
+.Ar Message-ID ,
+.Ar substitute ,
+.Ar Received ,
+.Ar Body ,
+.Ar Fuz1 ,
+.Ar Fuz2 ,
+.Ar rep-total ,
+and
+.Ar rep .
+The first six,
+.Ar IP
+through
+.Ar substitute ,
+have no effect except when a local DCC server configured with
+.Fl K
+is used.
+The
+.Ar substitute
+thresholds apply to the first substitute heading encountered in the mail
+message.
+The string
+.Ar ALL
+sets thresholds for all types, but is unlikely to be useful except for
+setting logging thresholds.
+The string
+.Ar CMN
+specifies the commonly used checksums
+.Ar Body ,
+.Ar Fuz1 ,
+and
+.Ar Fuz2 .
+.Ar Rej-thold
+and
+.Ar log-thold
+must be numbers, the string
+.Ar NEVER ,
+or the string
+.Ar MANY
+indicating millions of targets.
+Counts from the DCC server as large as the threshold for any single type
+are taken as sufficient evidence
+that the message should be logged or rejected.
+.Pp
+.Ar Log-thold
+is the threshold at which messages are logged.
+It can be handy to log messages at a lower threshold to find
+solicited bulk mail sources such as mailing lists.
+If no logging threshold is set,
+only rejected mail and messages with complicated combinations of white
+and blacklisting are logged.
+Messages that reach at least one of their rejection thresholds are
+logged regardless of logging thresholds.
+.Pp
+.Ar Rej-thold
+is the threshold at which messages are considered "bulk,"
+and so should be rejected or discarded if not whitelisted.
+.Pp
+DCC Reputation thresholds in the commercial version
+of the DCC are controlled by thresholds on checksum types
+.Ar rep
+and
+.Ar rep-total .
+Messages from an IP address that the DCC database says has sent
+more than
+.Fl t Ar rep-total,log-thold
+messages are logged.
+A DCC Reputation is computed for messages received
+from IP addresses that
+have sent more than
+.Fl t Ar rep-total,log-thold
+messages.
+The DCC Reputation of an IP address is the percentage of its messages
+that have been detected as bulk
+or having at least 10 recipients.
+The defaults are equivalent to
+.Fl t Ar rep,never
+and
+.Fl t Ar rep-total,never,20 .
+.Pp
+Bad DCC Reputations do not reject mail unless enabled by an
+.Ar option DCC-rep-on
+line in a
+.Pa whiteclnt
+file.
+.Pp
+The checksums of locally whitelisted messages are not checked with
+the DCC server and so only the number of targets of the current copy of
+a whitelisted message are compared against the thresholds.
+.Pp
+The default is
+.Ar ALL,NEVER ,
+so that nothing is discarded, rejected, or logged.
+A common choice is
+.Ar CMN,25,50
+to reject or discard
+mail with common bodies except as overridden by
+the whitelist of the DCC server, the sendmail
+.Em ${dcc_isspam}
+and
+.Em ${dcc_notspam}
+macros, and
+.Fl g ,
+and
+.Fl w .
+.It Fl g Xo
+.Sm off
+.Op Ar not-
+.Ar type
+.Sm on
+.Xc
+indicates that whitelisted,
+.Ar OK
+or
+.Ar OK2 ,
+counts from the DCC server for a type of checksum are to be believed.
+They should be ignored if prefixed with
+.Ar not- .
+.Ar Type
+is one of the same set of strings as for
+.Fl t .
+Only
+.Ar IP ,
+.Ar env_From ,
+and
+.Ar From
+are likely choices.
+By default all three are honored,
+and hence the need for
+.Ar not- .
+.It Fl S Ar hdr
+adds to the list of substitute or locally chosen headers that
+are checked with the
+.Fl w Ar whiteclnt
+file and sent to the DCC server.
+The checksum of the last header of type
+.Ar hdr
+found in the message is checked.
+.Ar Hdr
+can be
+.Em HELO
+to specify the SMTP envelope HELO value.
+.Ar Hdr
+can also be
+.Em mail_host
+to specify the host name from
+the Mail_from value in the SMTP envelope.
+As many as six different substitute headers can be specified, but only
+the checksum of the first of the six will be sent to the DCC server.
+.It Fl l Ar logdir
+specifies a directory in which files containing copies of messages processed by
+.Nm
+are kept.
+They can be copied to per-user directories specified with
+.Fl U .
+Information about other recipients of a message is deleted from
+the per-user copies.
+.Pp
+See the FILES section below concerning the contents of the files.
+See also the
+.Ar option log-subdirectory-{day,hour,minute}
+lines in
+.Pa whiteclnt
+files described in
+.Xr dcc 8 .
+.Pp
+The directory is relative to the DCC home directory if it is not absolute
+.It Fl R Ar rundir
+specifies the "run" directory where the file
+containing the daemon's process ID is stored.
+The default value is
+.Pa @dcc_rundir@ .
+.It Fl T Ar tmpdir
+changes the default directory for temporary files from the default.
+The default is the directory specified with
+.Fl l
+or the system default if
+.Fl l
+is not used.
+The system default is often
+.Pa /tmp .
+.It Fl D Ar local-domain
+specifies a host or domain name by which the system is known.
+There can be several
+.Fl D
+settings.
+.Pp
+To find the per-user log directory and whitelist for each mail recipient,
+.Nm
+must know each recipient's user name.
+The ASCII protocol used between
+.nm
+and the MTA includes an optional user name with each
+SMTP recipient address.
+When the user name is absent when the ASCII protocol is used or when
+the subset of ESMTP enabled with
+.Fl o
+is used,
+and when the SMTP recipient address includes an
+.Em at sign
+(@)
+each mail address is checked against the
+list of
+.Ar local-domain Ns s.
+The part of the recipient address remaining after longest matching
+.Ar local-domain
+(if any) is taken as the user name.
+The match is anchored at the right or the end of the recipient address.
+It must start at a period (.) or
+.Em at sign
+(@) in the domain name part of the address.
+.Pp
+If
+.Ar local-domain
+starts with an asterisk (*) indicating a wildcard,
+preceding sub-domain names are discarded to compute the user name.
+Otherwise, the computed user name will include any unmatched sub-domain
+names.
+.Pp
+The default value of
+.Ar local-domain
+when there are no
+.Fl D
+settings is the host name of the system.
+.It Fl r Ar rejection-msg
+specifies the rejection message
+in
+.Fl o
+proxy mode
+for unsolicited bulk mail or for mail temporarily blocked by
+.Em greylisting
+when
+.Fl G
+is specified.
+The first
+.Fl r Ar rejection-msg
+replaces the default bulk mail rejection message,
+.Bk -words
+"5.7.1 550 mail %ID from %CIP rejected by DCC".
+.Ek
+." see rej_def in reply.c
+The second replaces
+.Bk -words
+"4.2.1 452 mail %ID from %CIP temporary greylist embargoed".
+.Ek
+." see grey_def in reply.c
+The third
+.Fl r Ar rejection-msg
+replaces the default SMTP rejection message
+.Bk -words
+"5.7.1 550 %ID bad reputation; see http://commercial-dcc.rhyolite.com/cgi-bin/reps.cgi?tgt=%CIP"
+.Ek
+for mail with bad DCC Reputations.
+If
+.Ar rejection-msg
+is the zero-length string,
+the
+.Fl r
+setting is counted but the corresponding message is not changed.
+.Pp
+.Ar Rejection-msg
+can contain specific information about the mail message.
+The following strings starting with % are replaced with the corresponding
+values:
+.Bl -tag -width "%BRESULT" -offset 4n -compact
+.It %ID
+message ID such as the unique part of log file name or sendmail queue ID
+.It %CIP
+SMTP client IP address
+.It %BTYPE
+type of DNS blacklist hit, such as "SMTP client", "mail_host", or "URL NS"
+.It %BTGT
+IP address or name declared bad by DNS blacklist
+.It %BPROBE
+domain name found in DNS blacklist such as 4.3.2.10.example.com
+.It %BRESULT
+value of the %BPROBE domain name found in DNS blacklist
+.El
+.Pp
+A common alternate for the bulk mail rejection message is
+.Bk -words
+"4.7.1 451 Access denied by DCC"
+.Ek
+to tell the sending mail system to continue trying.
+Use a 4yz response with caution, because it is likely to delay for days
+a delivery failure message for false positives.
+If the rejection message
+does not start with an RFC 1893 status code and RFC 2821 reply code,
+5.7.1 and 550 or 4.2.1 and 452 are used.
+.Pp
+See also
+.Fl B Ar set:rej-msg=rejection-msg
+to set the status message for mail rejected by DNS blacklists.
+.It Fl j Ar maxjobs
+limits the number of simultaneous requests that will be processed.
+The default value is the maximum number that seems to be possible given system
+limits on open files, select() bit masks, and so forth.
+Start
+.Nm
+with
+.Fl d
+and see the starting message in the system log to see the limit.
+.It Fl B Ar dnsbl-option
+enables DNS blacklist checks of the SMTP client IP address, SMTP envelope
+Mail_From sender domain name, and of host names in URLs in the message body.
+Body URL blacklisting has too many false positives to use on
+abuse mailboxes.
+It is less effective than greylisting with
+.Xr dccm 8
+or
+.Xr dccifd 8
+but can be useful in situations where
+greylisting cannot be used.
+.Pp
+.Ar Dnsbl-option
+is either one of the
+.Fl B Ar set:option
+forms or
+.Bd -literal -compact -offset 4n
+.Fl B Xo
+.Sm off
+.Ar domain Oo Ar ,IPaddr
+.Op Ar /xx Op Ar ,bltype Oc
+.Sm on
+.Xc
+.Ed
+.Ar Domain
+is a DNS blacklist domain such as example.com
+that will be searched.
+.Ar IPaddr Ns Op Ar /xxx
+is the string "any"
+an IP address in the DNS blacklist
+that indicates that the mail message
+should be rejected,
+or a CIDR block covering results from the DNS blacklist.
+"127.0.0.2" is assumed if
+.Ar IPaddr
+is absent.
+IPv6 addresses can be specified with the usual colon (:) notation.
+Names can be used instead of numeric addresses.
+The type of DNS blacklist
+is specified by
+.Ar bltype
+as
+.Ar name ,
+.Ar IPv4 ,
+or
+.Ar IPv6 .
+Given an envelope sender domain name or a domain name in a URL of
+spam.domain.org
+and a blacklist of type
+.Ar name ,
+spam.domain.org.example.com will be tried.
+Blacklist types of
+.Ar IPv4
+and
+.Ar IPv6
+require that the domain name in a URL sender address
+be resolved into an IPv4 or IPv6
+address.
+The address is then written as a reversed string of decimal
+octets to check the DNS blacklist, as in 2.0.0.127.example.com,
+.Pp
+More than one blacklist can be specified and blacklists can be grouped.
+All searching within a group is stopped at the first positive result.
+.Pp
+Positive results are ignored after being logged unless an
+.Ar option\ DNSBL-on
+line appears in the global or per-user
+.Pa whiteclnt
+file.
+.Pp
+.Bl -tag -width 3n
+.It Fl B Ar set:no-client
+says that SMTP client IP addresses and reverse DNS domain names should
+not be checked in the following blacklists.
+.br
+.Fl B Ar set:client
+restores the default for the following blacklists.
+.It Fl B Ar set:no-mail_host
+says that SMTP envelope Mail_From sender domain names should
+not be checked in the following blacklists.
+.Fl B Ar set:mail_host
+restores the default.
+.It Fl B Ar set:no-URL
+says that URLs in the message body should not be checked in the
+in the following blacklists.
+.Fl B Ar set:URL
+restores the default.
+.It Fl B Ar set:no-MX
+says MX servers of sender Mail_From domain names and host names in URLs
+should not be checked in the following blacklists.
+.br
+.Fl B Ar set:MX
+restores the default.
+.It Fl B Ar set:no-NS
+says DNS servers of sender Mail_From domain names and host names in URLs
+should not be checked in the following blacklists.
+.Fl B Ar set:NS
+restores the default.
+.It Fl B Ar set:defaults
+is equivalent to all of
+.Fl B Ar set:no-temp-fail
+.Fl B Ar set:client
+.br
+.Fl B Ar set:mail_host
+.Fl B Ar set:URL
+.Fl B Ar set:MX
+and
+.Fl B Ar set:NS
+.It Fl B Ar set:group=X
+adds later DNS blacklists specified with
+.Bd -literal -compact -offset 4n
+.Fl B Xo
+.Sm off
+.Ar domain Oo Ar ,IPaddr
+.Op Ar /xx Op Ar ,bltype Oc
+.Sm on
+.Xc
+.Ed
+to group 1, 2, or 3.
+.It Fl B Ar set:debug=X
+sets the DNS blacklist logging level
+.It Fl B Ar set:msg-secs=S
+limits
+.Nm
+to
+.Ar S
+seconds total for checking all DNS blacklists.
+The default is 25.
+.It Fl B Ar set:URL-secs=S
+limits
+.Nm
+to at most
+.Ar S
+seconds resolving and checking any single URL.
+The default is 11.
+Some spam contains dozens of URLs and that
+some "spamvertised" URLs contain host names that need minutes to
+resolve.
+Busy mail systems cannot afford to spend minutes checking each incoming
+mail message.
+.It Fl B Ar set:rej-msg=rejection-msg
+sets the SMTP rejection message for the following blacklists.
+.Ar Rejection-msg
+must be in the same format as for
+.Fl r .
+If
+.Ar rejection-msg
+is null, the default is restored.
+The default DNS blacklist rejection message is the first message set
+with
+.Fl r .
+.It Fl B Ar set:temp-fail
+causes
+.Nm
+to the MTA to answer the SMTP DATA command with
+.Bd -literal -offset 3n -compact
+452 4.2.1 mail %ID from %CIP temporary delayed for DNSBL
+.Ed
+if any DNS answer required for a DNSBL in the current group times out,
+including resolving names in URLs.
+.It Fl B Ar set:no-temp-fail
+restores the default of assuming a negative answer for DNS responses
+that take too long.
+.It Fl B Ar set:maxjobs=X
+sets maximum number of helper processes to
+.Ar X .
+In order to use typical single-threaded DNS resolver libraries,
+.Nm
+uses fleets of helper processes.
+It is rarely a good idea to change the default,
+which is the same as the maximum number of simultaneous jobs set with
+.Fl j .
+.It Fl B Ar set:progpath=@libexecdir@/dns-helper
+changes the path to the helper program.
+.El
+.It Fl L Ar ltype,facility.level
+specifies how messages should be logged.
+.Ar Ltype
+must be
+.Ar error ,
+.Ar info ,
+or
+.Ar off
+to indicate which of the two types of messages are being controlled or
+to turn off all
+.Xr syslog 3
+messages from
+.Nm .
+.Ar Level
+must be a
+.Xr syslog 3
+level among
+.Ar EMERG ,
+.Ar ALERT ,
+.Ar CRIT , ERR ,
+.Ar WARNING ,
+.Ar NOTICE ,
+.Ar INFO ,
+and
+.Ar DEBUG .
+.Ar Facility
+must be among
+.Ar AUTH ,
+.Ar AUTHPRIV ,
+.Ar CRON ,
+.Ar DAEMON ,
+.Ar FTP ,
+.Ar KERN ,
+.Ar LPR ,
+.Ar MAIL ,
+.Ar NEWS ,
+.Ar USER ,
+.Ar UUCP ,
+and
+.Ar LOCAL0
+through
+.Ar LOCAL7 .
+The default is equivalent to
+.Dl Fl L Ar info,MAIL.NOTICE  Fl L Ar error,MAIL.ERR
+.El
+.Pp
+.Nm
+normally sends counts of mail rejected and so forth to the system log at
+midnight.
+The SIGUSR1 signal sends an immediate report to the system log.
+The reports will be repeated every 24 hours at the same minute as the signal
+instead of at midnight.
+.Ss Protocol
+.Nm Dccifd
+uses a simple ASCII protocol to receive mail messages to be checked and
+to return results.
+For each message, the MTA must open a connection to the interface daemon,
+send options, envelope recipients, and the message, receive the results,
+and close the connection.
+.Pp
+Instead of the ASCII protocol, a subset of ESMTP is enabled by
+.Fl o .
+Only the familiar HELO, EHLO, Mail, Rcpt, DATA, RSET, and QUIT
+commands and the Postfix extensions XFORWARD and XCLIENT are honored.
+Since SMTP has no provisions for user names,
+the protocol enabled by
+.Fl o
+depends on a list of local domain names specified with
+.Fl D
+to find per-user log directories and whitelist files.
+If neither XFORWARD nor XCLIENT are used,
+.Nm
+uses the IP address of the MTA and the value of the HELO command.
+.Pp
+In the ASCII protocol, each of the following lines are sent in order to
+.Nm .
+Each ends with a newline ('\\n') character.
+.Bl -tag -offset 2n -width "recipients" -compact
+.It options
+zero or more blank-separated strings among:
+.Bl -tag -offset 2n -width grey-query -compact
+.It Ar spam
+the message is already known to be spam
+.It Ar body
+return all of the headers with the added
+.Em X-DCC
+header line and the body
+.It Ar header
+return the
+.Em X-DCC
+header
+.It Ar query
+ask the DCC server about the message without reporting it, as if
+.Nm
+were running with
+.Fl Q .
+.It Ar grey-query
+only query the greylist server for this message.
+.Fl G Ar on
+must be in use.
+.It Ar no-reject
+suppress the overall, one character line 'R' result.
+This can be useful when using
+.Nm
+only for greylisting.
+.It Ar log
+ensure that this message is logged as if
+.Nm
+were running with
+.Fl t all,0,
+.El
+.It client
+IP address of the SMTP client in a "dotted" or "coloned" ASCII string
+and reverse-DNS host name.
+If the host name is present,
+it must follow a carriage return character ('\\r') after the IP address.
+The client IP address must be present and non-null if the host name is present.
+The string "0.0.0.0\\n" is understood the same as the null string,
+meaning that both the IP address and host name are absent.
+If the client IP address is absent, then the IP address and host name
+are taken from the first non-local Received header if it has the standard
+"name (name [IP address])..." format.
+Non-standard Received headers commonly added by qmail as well as
+Received headers specifying IP addresses marked
+.Em MX
+or
+.Em MXDCC
+in the global
+.Fl w Ar whiteclnt
+file are skipped.
+.It HELO
+SMTP HELO value or nothing, followed by a newline ('\\n') character.
+If the HELO value is null and the IP address of the SMTP client are not
+supplied, they will be
+taken from the same Received: header that supplies the IP address.
+.It sender
+or SMTP
+.Em Mail From
+command value for the env_from checksum.
+If the sender is null,
+the contents of the first Return-Path: or UNIX style From_ header
+is used.
+.It recipients
+or SMTP
+.Em Rcpt To
+recipient mailboxes followed by corresponding local user names,
+one (mailbox,user) pair to a line.
+Each optional local user name is separated from the
+corresponding mailbox recipient address by a carriage return ('\\r').
+A local user name can be null if it is not known, but each recipient
+mailbox must be non-null.
+If there are no lines of (mailbox,user) pairs and if the
+.Ar spam
+option is not included, then the
+.Ar query
+is assumed.
+Mailboxes without user names will lack per-user log files
+and will not invoke a per-user whitelist.
+.El
+.Pp
+The last recipient-user name pair is followed by an empty line
+and the headers and body of the message.
+The end of the body of the mail message is signaled by the MTA
+half-closing the connection.
+See
+.Xr shutdown 2 .
+.Pp
+.Nm Dccifd
+responds with three things.
+First is a one character line of the overall result advising the MTA:
+.Bl -tag -offset 2n -width 3n -compact
+.It A
+accept the message for all recipients and answer the SMTP DATA command
+with a 2yz result.
+.It G
+answer with a 4yz result to embargo the message for greylisting.
+.It R
+reject the message and answer the DATA command with a 5yz result.
+.It S
+accept the message for some recipients
+and so answer the DATA command with a 2yz result.
+.It T
+temporary failure by the DCC system and so answer with a 4yz result.
+.El
+.Pp
+Second is a line of characters indicating the disposition of the
+message for each corresponding recipient:
+.Bl -tag -offset 2n -width 3n -compact
+.It A
+deliver the message
+.It G
+discard the message during a greylist embargo
+.It R
+discard the message as spam
+.El
+The SMTP protocol allows only a single
+result for the DATA command for all recipients that were not rejected
+before body of the message was offered with the DATA command.
+To accept the message for some recipients and reject it for others,
+the MTA must tell the SMTP client it is accepting the message for all
+recipients and then discard it for those that would reject it.
+.Pp
+Finally, if the
+.Em body
+or
+.Em header
+strings are in the first line of
+.Em options
+sent by the MTA to the daemon,
+then the
+.Em X-DCC
+header line
+or the entire body with the
+.Em X-DCC
+header line follows.
+.Sh FILES
+.Bl -tag -width dccifd.pid -compact
+.It Pa @prefix@
+is the DCC home directory in which other files are found.
+.It Pa @libexecdir@/start-dccifd
+and
+.It Pa @libexecdir@/rcDCC
+are scripts used to start the daemon.
+.It Pa dcc/dcc_conf
+contains parameters used by the scripts to start DCC daemons and cron jobs.
+.It Pa logdir
+is an optional directory specified with
+.Fl l
+and containing marked mail.
+Each file in the directory contains one message, at least one of whose
+checksums reached its
+.Fl t
+thresholds or that is interesting for some other reason.
+Each file starts with lines containing the date when the message
+was received, the IP address of the SMTP client, and SMTP envelope
+values.
+Those lines are followed by the body of the SMTP message including its header
+as it was received.
+Only approximately the first 32 KBytes of the body are recorded
+unless modified by
+.Em ./configure --with-max-log-size=xx
+The checksums for the message follow the body.
+They are followed by lines indicate that
+one of the checksums is white- or blacklisted by the
+.Fl w Ar whiteclnt
+file.
+Each log file ends with the
+.Em X-DCC
+header line added to the message and the disposition of
+the message.
+.It Pa map
+is the memory mapped file of information concerning DCC servers
+in the DCC home directory.
+.It Pa whiteclnt
+contains the client whitelist in
+the format described in
+.Xr dcc 8 .
+.It Pa whiteclnt.dccw
+is a memory mapped hash table of the
+.Pa whiteclnt
+file.
+.It Pa dccifd.pid
+in the
+.Fl R Ar rundir
+directory contains daemon's process ID.
+.El
+.Sh EXAMPLES
+Dccifd can be used as Postfix Before-Queue Content filter.
+In some tests these
+values for
+.Fl p
+and
+.Fl o
+in
+.Pa dcc_conf .
+.Bd -literal -offset 4n
+DCCIFD_ENABLE=on
+DCCIFD_ARGS="-p 127.0.0.1,10025,127.0.0.1/32 -o 127.0.0.1,10026
+.Ed
+.Pp
+worked with these lines in /etc/postfix/master.cf
+.Bd -literal -offset 4n
+smtp      inet  n       -       n       -       -       smtpd
+-o smtpd_proxy_filter=127.0.0.1:10025
+127.0.0.1:10026 inet n  -       n       -	 -      smtpd
+-o smtpd_authorized_xforward_hosts=127.0.0.0/8
+-o smtpd_client_restrictions=
+-o smtpd_helo_restrictions=
+-o smtpd_sender_restrictions=
+-o smtpd_recipient_restrictions=permit_mynetworks,reject
+-o smtpd_data_restrictions=
+-o mynetworks=127.0.0.0/8
+-o receive_override_options=no_unknown_recipient_checks
+.Ed
+.Sh SEE ALSO
+.Xr cdcc 8 ,
+.Xr dbclean 8 ,
+.Xr dcc 8 ,
+.Xr dccd 8 ,
+.Xr dblist 8 ,
+.Xr dccm 8 ,
+.Xr dccproc 8 ,
+.Xr dccsight 8 ,
+.Sh HISTORY
+Implementation of
+.Nm
+Distributed Checksum Clearinghouses are based on an idea of Paul Vixie
+with code designed and written at Rhyolite Software starting in 2000.
+was started at Rhyolite Software in 2002.
+This document describes version 1.3.103.
+.Sh BUGS
+.Nm
+uses
+.Fl t
+where
+.Xr dccproc 8
+uses
+.Fl c .
+.Pp
+By default
+.Nm
+look for its UNIX domain socket in the DCC home directory,
+but
+.Xr dccm 8
+looks in its
+.Fl R Ar rundir .
+.Pp
+Systems without
+.Xr setrlimit 2
+and
+.Xr getrlimit 2
+RLIMIT_NOFILE
+can have problems with the default limit on the number of simultaneous
+jobs, the value of
+.Fl j .
+Every job requires four open files.
+These problems are usually seen with errors messages that say something like
+.Dl dccifd[24448]: DCC: accept(): Result too large
+A fix is to use a smaller value for
+.Fl j
+or to allow
+.Nm
+to open more files.

Mercurial > notdcc

comparison dccifd.8.in @ 0:c7f6b056b673