Mercurial > notdcc

comparison dccm.0 @ 0:c7f6b056b673

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
First import of vendor version
author Peter Gervai <grin@grin.hu>
date Tue, 10 Mar 2009 13:49:58 +0100
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:c7f6b056b673
1 dccm(8) Distributed Checksum Clearinghouse dccm(8)
2
3 NNAAMMEE
4 ddccccmm -- Distributed Checksum Clearinghouse Milter Interface
5
6 SSYYNNOOPPSSIISS
7 ddccccmm [--VVddbbxxAANNQQ] [--GG _o_n | _o_f_f | _n_o_I_P | _I_P_m_a_s_k_/_x_x] [--hh _h_o_m_e_d_i_r] [--II _u_s_e_r]
8 [--pp _p_r_o_t_o_c_o_l_:_f_i_l_e_n_a_m_e | _p_r_o_t_o_c_o_l_:_p_o_r_t_@_h_o_s_t] [--mm _m_a_p]
9 [--ww _w_h_i_t_e_c_l_n_t] [--UU _u_s_e_r_d_i_r_s] [--aa _I_G_N_O_R_E | _R_E_J_E_C_T | _D_I_S_C_A_R_D]
10 [--tt _t_y_p_e_,[_l_o_g_-_t_h_o_l_d_,]_r_e_j_-_t_h_o_l_d] [--gg [_n_o_t_-]_t_y_p_e] [--SS _h_e_a_d_e_r]
11 [--ll _l_o_g_d_i_r] [--RR _r_u_n_d_i_r] [--rr _r_e_j_e_c_t_i_o_n_-_m_s_g] [--jj _m_a_x_j_o_b_s]
12 [--BB _d_n_s_b_l_-_o_p_t_i_o_n] [--LL _l_t_y_p_e_,_f_a_c_i_l_i_t_y_._l_e_v_e_l]
13
14 DDEESSCCRRIIPPTTIIOONN
15 ddccccmm is a daemon built with the sendmail milter interface intended to
16 connect sendmail(8) to DCC servers. When built with the milter filter
17 machinery and configured to talk to ddccccmm in the _s_e_n_d_m_a_i_l_._c_f file, send-
18 mail passes all email to ddccccmm which in turn reports related checksums to
19 the nearest DCC server. ddccccmm then adds an _X_-_D_C_C SMTP header line to the
20 message. Sendmail is told to reject the message if it is unsolicited
21 bulk mail.
22
23 DDccccmm sends reports of checksums related to mail received by DCC clients
24 and queries about the total number of reports of particular checksums. A
25 DCC server receives _n_o mail, address, headers, or other information, but
26 only cryptographically secure checksums of such information. A DCC
27 server cannot determine the text or other information that corresponds to
28 the checksums it receives. Its only acts as a clearinghouse of counts
29 for checksums computed by clients. For complete privacy as far as the
30 DCC is concerned, the checksums of purely internal mail or other mail
31 that is known to not be unsolicited bulk can be listed in a whitelist to
32 not be reported to the DCC server.
33
34 Since the checksums of messages that are whitelisted locally by the --ww
35 _w_h_i_t_e_c_l_n_t file are not reported to the DCC server, ddccccmm knows nothing
36 about the total recipient counts for their checksums and so cannot add
37 _X_-_D_C_C header lines to such messages. Sendmail does not tell ddccccmm about
38 messages that are not received by sendmail via SMTP, including messages
39 submitted locally and received via UUCP, and so they also do not receive
40 _X_-_D_C_C header lines.
41
42 Enable the daemon and put its parameters in the _d_c_c___c_o_n_f file and start
43 the daemon with the _/_v_a_r_/_d_c_c_/_l_i_b_e_x_e_c_/_s_t_a_r_t_-_d_c_c_m or _v_a_r_/_d_c_c_/_l_i_b_e_x_e_c_/_r_c_D_C_C
44 script.
45
46 The list of servers that ddccccmm contacts is in the memory mapped file _m_a_p
47 shared by local DCC clients. The file is maintained with cdcc(8).
48
49 OOPPTTIIOONNSS
50 The following options are available:
51
52 --VV displays the version of ddccccmm.
53
54 --dd enables debugging output from the DCC client software. Additional
55 --dd options increase the number of messages. A single --dd
56 aborted SMTP transactions including those from some "dictionary
57 attacks."
58
59 --bb causes the daemon to not detach itself from the controlling tty and
60 put itself into the background.
61
62 --xx causes the daemon to try "extra hard" to contact a DCC server.
63 Since it is usually more important to deliver mail than to report
64 its checksums, ddccccmm normally does not delay too long while trying to
65 contact a DCC server. It will not try again for several seconds
66 after a failure. With --xx, it will always try to contact the DCC
67 server and it will tell the MTA to answer the DATA command with a
68 4yz temporary failure.
69
70 --AA adds to existing X-DCC headers in the message instead of replacing
71 existing headers of the brand of the current server.
72
73 --NN neither adds, deletes, nor replaces existing X-DCC headers in the
74 message. Each message is logged, rejected, and otherwise handled
75 the same.
76
77 --QQ only queries the DCC server about the checksums of messages instead
78 of reporting and querying. This is useful when ddccccmm is used to fil-
79 ter mail that has already been reported to a DCC server by another
80 DCC client. No single mail message should be reported to a DCC
81 server more than once per recipient, because each report will
82 increase the apparent "bulkness" of the message.
83
84 It is better to use _M_X_D_C_C lines in the global _w_h_i_t_e_c_l_n_t file for
85 your MX mail servers that use DCC than --QQ.
86
87 --GG _o_n | _o_f_f | _n_o_I_P | _I_P_m_a_s_k_/_x_x
88 controls _g_r_e_y_l_i_s_t_i_n_g. At least one working greylist server must be
89 listed in the _m_a_p file in the DCC home directory. If more than one
90 is named, they must "flood" or change checksums and they must use
91 the same --GG parameters. See dccd(8). Usually all dccm or dccifd
92 DCC client processes use the same --GG parameters.
93
94 _I_P_m_a_s_k_/_x_x and _n_o_I_P remove part or all of the IP address from the
95 greylist triple. The CIDR block size, _x_x, must be between 1 and
96 128. 96 is added to block sizes smaller than 33 to make them appro-
97 priate for the IPv6 addresses used by the DCC. _I_P_m_a_s_k_/_9_6 differs
98 from _n_o_I_P for IPv4 addresses, because the former retains the IPv4 to
99 IPv6 mapping prefix.
100
101 --hh _h_o_m_e_d_i_r
102 overrides the default DCC home directory, _/_v_a_r_/_d_c_c.
103
104 --II _u_s_e_r
105 specifies the UID and GID of the process.
106
107 --pp _p_r_o_t_o_c_o_l_:_f_i_l_e_n_a_m_e | _p_r_o_t_o_c_o_l_:_p_o_r_t_@_h_o_s_t
108 specifies the protocol and address by which sendmail will contact
109 ddccccmm. The default is a UNIX domain socket in the "run" directory,
110 _/_v_a_r_/_r_u_n_/_d_c_c_/_d_c_c_m. (See also --RR)) This protocol and address must
111 match the value in _s_e_n_d_m_a_i_l_._c_f. This mechanism can be used to con-
112 nect ddccccmm on one computer to sendmail on another computer when a
113 port and host name or IP address are used.
114
115 --mm _m_a_p
116 specifies a name or path of the memory mapped parameter file instead
117 of the default _m_a_p file in the DCC home directory. It should be
118 created with the cdcc(8) command.
119
120 --ww _w_h_i_t_e_c_l_n_t
121 specifies an optional file containing filtering parameters as well
122 as SMTP client IP addresses, SMTP envelope values, and header values
123 of mail that is spam or is not spam and does not need a _X_-_D_C_C
124 header, and whose checksums should not be reported to the DCC
125 server.
126
127 If the pathname _w_h_i_t_e_c_l_n_t is not absolute, it is relative to the DCC
128 home directory.
129
130 The format of the ddccccmm whiteclnt file is the same as the _w_h_i_t_e_l_i_s_t
131 files used by dbclean(8) and the _w_h_i_t_e_c_l_n_t file used by dccproc(8).
132 See dcc(8) for a description of DCC white and blacklists. Because
133 the contents of the _w_h_i_t_e_c_l_n_t file are used frequently, a companion
134 file is automatically created and maintained. It has the same path-
135 name but with an added suffix of _._d_c_c_w and contains a memory mapped
136 hash table of the main file.
137
138 A whitelist entry ("OK") or two or more semi-whitelistings ("OK2")
139 for one of the message's checksums prevents all of the message's
140 checksums from being reported to the DCC server and the addition of
141 a _X_-_D_C_C header line by ddccccmm A whitelist entry for a checksum also
142 prevents rejecting or discarding the message based on DCC recipient
143 counts as specified by --aa and --tt. Otherwise, one or more checksums
144 with blacklisting entries ("MANY") cause all of the message's check-
145 sums to be reported to the server with an addressee count of "MANY".
146
147 If the message has a single recipient, an _e_n_v___T_o _w_h_i_t_e_c_l_n_t entry of
148 "OK" for the checksum of its recipient address acts like any other
149 _w_h_i_t_e_c_l_n_t entry of "OK." When the SMTP message has more than one
150 recipient, the effects can be complicated. When a message has sev-
151 eral recipients with some but not all listed in the _w_h_i_t_e_c_l_n_t file,
152 ddccccmm tries comply with the wishes of the users who want filtering as
153 well as those who don't by silently not delivering the message to
154 those who want filtering (i.e. are not whitelisted) and delivering
155 the message to don't want filtering.
156
157 --UU _u_s_e_r_d_i_r_s
158 enables per-user _w_h_i_t_e_c_l_n_t files and log directories. Each target
159 of a message can have a directory of log files named
160 _u_s_e_d_i_r_s_/_$_{_d_c_c___u_s_e_r_d_i_r_}_/_l_o_g where _$_{_d_c_c___u_s_e_r_d_i_r_} is the _s_e_n_d_m_a_i_l_._c_f
161 macro described below. If _$_{_d_c_c___u_s_e_r_d_i_r_} is not set,
162 _u_s_e_r_d_i_r_s_/_$_{_r_c_p_t___m_a_i_l_e_r_}_/_$_{_r_c_p_t___a_d_d_r_}_/_l_o_g is used. The most likely
163 value of _m_a_i_l_e_r is _l_o_c_a_l. Appropriate values for both
164 _$_{_r_c_p_t___m_a_i_l_e_r_} and _$_{_r_c_p_t___a_d_d_r_} can be seen by examining _e_n_v___T_o
165 lines in --ll _l_o_g_d_i_r files. If it is not absolute, _u_s_e_r_d_i_r_s is rela-
166 tive to the DCC home directory. The directory containing the log
167 files must be named _l_o_g and it must be writable by the ddccccmm process.
168 Each log directory must exist or logging for the corresponding is
169 silently disabled. The files created in the log directory are owned
170 by the UID of the ddccccmm process, but they have _g_r_o_u_p and _o_t_h_e_r read
171 and write permissions copied from the corresponding _l_o_g directory.
172 To ensure the privacy of mail, it may be good to make the directo-
173 ries readable only by _o_w_n_e_r and _g_r_o_u_p, and to use a cron script that
174 changes the owner of each file to match the grandparent _a_d_d_r direc-
175 tory.
176
177 There can also be a per -user whitelist file named
178 _u_s_e_r_d_i_r_s_/_$_{_d_c_c___u_s_e_r_d_i_r_}_/_w_h_i_t_e_c_l_n_t or if _$_{_d_c_c___u_s_e_r_d_i_r_} is not set,
179 _u_s_e_r_d_i_r_s_/_$_{_r_c_p_t___m_a_i_l_e_r_}_/_$_{_r_c_p_t___a_d_d_r_} per-user whitelist files. Any
180 checksum that is not white- or blacklisted by an individual
181 addressee's _w_h_i_t_e_c_l_n_t file is checked in the main --ww --wwhhiitteeccllnntt
182 file. A missing per-addressee _w_h_i_t_e_c_l_n_t file is the same as an
183 empty file. Relative paths for files included in per-addressee
184 files are resolved in the DCC home directory. The _w_h_i_t_e_c_l_n_t files
185 and the _a_d_d_r directories containing them must be writable by the
186 ddccccmm process.
187
188 _O_p_t_i_o_n lines in per-user whiteclnt files can be used to modify many
189 aspects of ddccccmm filtering, as described in the main dcc man page.
190 For example, an _o_p_t_i_o_n _d_c_c_-_o_f_f line turns off DCC filtering for
191 individual mailboxes.
192
193 --aa _I_G_N_O_R_E | _R_E_J_E_C_T | _D_I_S_C_A_R_D
194 specifies the action taken when DCC server counts or --tt thresholds
195 say that a message is unsolicited and bulk. _I_G_N_O_R_E causes the mes-
196 sage to be unaffected except for adding the _X_-_D_C_C header line to the
197 message. This turns off DCC filtering.
198
199 Spam can also be _R_E_J_E_C_Ted or accepted and silently _D_I_S_C_A_R_Ded without
200 being delivered to local mailboxes. The default is _R_E_J_E_C_T.
201
202 Mail forwarded via IP addresses marked _M_X or _M_X_D_C_C in the main
203 _w_h_i_t_e_c_l_n_t file is treated as if --aa _D_I_S_C_A_R_D were specified. This
204 prevents "bouncing" spam.
205
206 Determinations that mail is or is not spam from sendmail via
207 _$_{_d_c_c___i_s_s_p_a_m_} or _$_{_d_c_c___n_o_t_s_p_a_m_} macros override --aa. The effects of
208 the --ww _w_h_i_t_e_c_l_n_t are not affected by --aa.
209
210 --tt _t_y_p_e_,[_l_o_g_-_t_h_o_l_d_,]_r_e_j_-_t_h_o_l_d
211 sets logging and "spam" thresholds for checksum _t_y_p_e. The checksum
212 types are _I_P, _e_n_v___F_r_o_m, _F_r_o_m, _M_e_s_s_a_g_e_-_I_D, _s_u_b_s_t_i_t_u_t_e, _R_e_c_e_i_v_e_d,
213 _B_o_d_y, _F_u_z_1, _F_u_z_2, _r_e_p_-_t_o_t_a_l, and _r_e_p. The first six, _I_P through
214 _s_u_b_s_t_i_t_u_t_e, have no effect except when a local DCC server configured
215 with --KK is used. The _s_u_b_s_t_i_t_u_t_e thresholds apply to the first sub-
216 stitute heading encountered in the mail message. The string _A_L_L
217 sets thresholds for all types, but is unlikely to be useful except
218 for setting logging thresholds. The string _C_M_N specifies the com-
219 monly used checksums _B_o_d_y, _F_u_z_1, and _F_u_z_2. _R_e_j_-_t_h_o_l_d and _l_o_g_-_t_h_o_l_d
220 must be numbers, the string _N_E_V_E_R, or the string _M_A_N_Y indicating
221 millions of targets. Counts from the DCC server as large as the
222 threshold for any single type are taken as sufficient evidence that
223 the message should be logged or rejected.
224
225 _L_o_g_-_t_h_o_l_d is the threshold at which messages are logged. It can be
226 handy to log messages at a lower threshold to find solicited bulk
227 mail sources such as mailing lists. If no logging threshold is set,
228 only rejected mail and messages with complicated combinations of
229 white and blacklisting are logged. Messages that reach at least one
230 of their rejection thresholds are logged regardless of logging
231 thresholds.
232
233 _R_e_j_-_t_h_o_l_d is the threshold at which messages are considered "bulk,"
234 and so should be rejected or discarded if not whitelisted.
235
236 DCC Reputation thresholds in the commercial version of the DCC are
237 controlled by thresholds on checksum types _r_e_p and _r_e_p_-_t_o_t_a_l. Mes-
238 sages from an IP address that the DCC database says has sent more
239 than --tt _r_e_p_-_t_o_t_a_l_,_l_o_g_-_t_h_o_l_d messages are logged. A DCC Reputation
240 is computed for messages received from IP addresses that have sent
241 more than --tt _r_e_p_-_t_o_t_a_l_,_l_o_g_-_t_h_o_l_d messages. The DCC Reputation of an
242 IP address is the percentage of its messages that have been detected
243 as bulk or having at least 10 recipients. The defaults are equiva-
244 lent to --tt _r_e_p_,_n_e_v_e_r and --tt _r_e_p_-_t_o_t_a_l_,_n_e_v_e_r_,_2_0.
245
246 Bad DCC Reputations do not reject mail unless enabled by an _o_p_t_i_o_n
247 _D_C_C_-_r_e_p_-_o_n line in a _w_h_i_t_e_c_l_n_t file.
248
249 The checksums of locally whitelisted messages are not checked with
250 the DCC server and so only the number of targets of the current copy
251 of a whitelisted message are compared against the thresholds.
252
253 The default is _A_L_L_,_N_E_V_E_R, so that nothing is discarded, rejected, or
254 logged. A common choice is _C_M_N_,_2_5_,_5_0 to reject or discard mail with
255 common bodies except as overridden by the whitelist of the DCC
256 server, the sendmail _$_{_d_c_c___i_s_s_p_a_m_} and _$_{_d_c_c___n_o_t_s_p_a_m_} macros, and
257 --gg, and --ww.
258
259 --gg [_n_o_t_-]_t_y_p_e
260 indicates that whitelisted, _O_K or _O_K_2, counts from the DCC server
261 for a type of checksum are to be believed. They should be ignored
262 if prefixed with _n_o_t_-. _T_y_p_e is one of the same set of strings as
263 for --tt. Only _I_P, _e_n_v___F_r_o_m, and _F_r_o_m are likely choices. By default
264 all three are honored, and hence the need for _n_o_t_-.
265
266 --SS _h_d_r
267 adds to the list of substitute or locally chosen headers that are
268 checked with the --ww _w_h_i_t_e_c_l_n_t file and sent to the DCC server. The
269 checksum of the last header of type _h_d_r found in the message is
270 checked. _H_d_r can be _H_E_L_O to specify the SMTP envelope HELO value.
271 _H_d_r can also be _m_a_i_l___h_o_s_t to specify the sendmail "resolved" host
272 name from the Mail_from value in the SMTP envelope. As many as six
273 different substitute headers can be specified, but only the checksum
274 of the first of the six will be sent to the DCC server.
275
276 --ll _l_o_g_d_i_r
277 specifies a directory in which files containing copies of messages
278 processed by ddccccmm are kept. They can be copied to per-user directo-
279 ries specified with --UU. Information about other recipients of a
280 message is deleted from the per-user copies.
281
282 See the FILES section below concerning the contents of the files.
283 See also the _o_p_t_i_o_n _l_o_g_-_s_u_b_d_i_r_e_c_t_o_r_y_-_{_d_a_y_,_h_o_u_r_,_m_i_n_u_t_e_} lines in
284 _w_h_i_t_e_c_l_n_t files described in dcc(8).
285
286 The directory is relative to the DCC home directory if it is not
287 absolute
288
289 --RR _r_u_n_d_i_r
290 specifies the "run" directory where the UNIX domain socket and file
291 containing the daemon's process ID are stored. The default value is
292 /var/run/dcc .
293
294 --rr _r_e_j_e_c_t_i_o_n_-_m_s_g
295 specifies the rejection message in --oo proxy mode for unsolicited
296 bulk mail or for mail temporarily blocked by _g_r_e_y_l_i_s_t_i_n_g when --GG is
297 specified. The first --rr _r_e_j_e_c_t_i_o_n_-_m_s_g replaces the default bulk
298 mail rejection message, "5.7.1 550 mail %ID from %CIP rejected by
299 DCC". The second replaces "4.2.1 452 mail %ID from %CIP temporary
300 greylist embargoed". The third --rr _r_e_j_e_c_t_i_o_n_-_m_s_g replaces the
301 default SMTP rejection message "5.7.1 550 %ID bad reputation; see
302 http://commercial-dcc.rhyolite.com/cgi-bin/reps.cgi?tgt=%CIP" for
303 mail with bad DCC Reputations. If _r_e_j_e_c_t_i_o_n_-_m_s_g is the zero-length
304 string, the --rr setting is counted but the corresponding message is
305 not changed.
306
307 _R_e_j_e_c_t_i_o_n_-_m_s_g can contain specific information about the mail mes-
308 sage. The following strings starting with % are replaced with the
309 corresponding values:
310 %ID message ID such as the unique part of log file name or
311 sendmail queue ID
312 %CIP SMTP client IP address
313 %BTYPE type of DNS blacklist hit, such as "SMTP client",
314 "mail_host", or "URL NS"
315 %BTGT IP address or name declared bad by DNS blacklist
316 %BPROBE domain name found in DNS blacklist such as
317 4.3.2.10.example.com
318 %BRESULT value of the %BPROBE domain name found in DNS black-
319 list
320
321 A common alternate for the bulk mail rejection message is "4.7.1 451
322 Access denied by DCC" to tell the sending mail system to continue
323 trying. Use a 4yz response with caution, because it is likely to
324 delay for days a delivery failure message for false positives. If
325 the rejection message does not start with an RFC 1893 status code
326 and RFC 2821 reply code, 5.7.1 and 550 or 4.2.1 and 452 are used.
327
328 See also --BB _s_e_t_:_r_e_j_-_m_s_g_=_r_e_j_e_c_t_i_o_n_-_m_s_g to set the status message for
329 mail rejected by DNS blacklists.
330
331 --jj _m_a_x_j_o_b_s
332 limits the number of simultaneous requests that will be processed.
333 The default value is the maximum number that seems to be possible
334 given system limits on open files, select() bit masks, and so forth.
335 Start ddccccmm with --dd and see the starting message in the system log to
336 see the limit.
337
338 --BB _d_n_s_b_l_-_o_p_t_i_o_n
339 enables DNS blacklist checks of the SMTP client IP address, SMTP
340 envelope Mail_From sender domain name, and of host names in URLs in
341 the message body. Body URL blacklisting has too many false posi-
342 tives to use on abuse mailboxes. It is less effective than
343 greylisting with dccm(8) or dccifd(8) but can be useful in situa-
344 tions where greylisting cannot be used.
345
346 _D_n_s_b_l_-_o_p_t_i_o_n is either one of the --BB _s_e_t_:_o_p_t_i_o_n forms or
347 --BB _d_o_m_a_i_n[_,_I_P_a_d_d_r[_/_x_x[_,_b_l_t_y_p_e]]]
348 _D_o_m_a_i_n is a DNS blacklist domain such as example.com that will be
349 searched. _I_P_a_d_d_r[_/_x_x_x] is the string "any" an IP address in the DNS
350 blacklist that indicates that the mail message should be rejected,
351 or a CIDR block covering results from the DNS blacklist.
352 "127.0.0.2" is assumed if _I_P_a_d_d_r is absent. IPv6 addresses can be
353 specified with the usual colon (:) notation. Names can be used
354 instead of numeric addresses. The type of DNS blacklist is speci-
355 fied by _b_l_t_y_p_e as _n_a_m_e, _I_P_v_4, or _I_P_v_6. Given an envelope sender
356 domain name or a domain name in a URL of spam.domain.org and a
357 blacklist of type _n_a_m_e, spam.domain.org.example.com will be tried.
358 Blacklist types of _I_P_v_4 and _I_P_v_6 require that the domain name in a
359 URL sender address be resolved into an IPv4 or IPv6 address. The
360 address is then written as a reversed string of decimal octets to
361 check the DNS blacklist, as in 2.0.0.127.example.com,
362
363 More than one blacklist can be specified and blacklists can be
364 grouped. All searching within a group is stopped at the first posi-
365 tive result.
366
367 Positive results are ignored after being logged unless an
368 _o_p_t_i_o_n _D_N_S_B_L_-_o_n line appears in the global or per-user _w_h_i_t_e_c_l_n_t
369 file.
370
371 --BB _s_e_t_:_n_o_-_c_l_i_e_n_t
372 says that SMTP client IP addresses and reverse DNS domain names
373 should not be checked in the following blacklists.
374 --BB _s_e_t_:_c_l_i_e_n_t restores the default for the following black-
375 lists.
376
377 --BB _s_e_t_:_n_o_-_m_a_i_l___h_o_s_t
378 says that SMTP envelope Mail_From sender domain names should
379 not be checked in the following blacklists. --BB _s_e_t_:_m_a_i_l___h_o_s_t
380 restores the default.
381
382 --BB _s_e_t_:_n_o_-_U_R_L
383 says that URLs in the message body should not be checked in the
384 in the following blacklists. --BB _s_e_t_:_U_R_L restores the default.
385
386 --BB _s_e_t_:_n_o_-_M_X
387 says MX servers of sender Mail_From domain names and host names
388 in URLs should not be checked in the following blacklists.
389 --BB _s_e_t_:_M_X restores the default.
390
391 --BB _s_e_t_:_n_o_-_N_S
392 says DNS servers of sender Mail_From domain names and host
393 names in URLs should not be checked in the following black-
394 lists. --BB _s_e_t_:_N_S restores the default.
395
396 --BB _s_e_t_:_d_e_f_a_u_l_t_s
397 is equivalent to all of --BB _s_e_t_:_n_o_-_t_e_m_p_-_f_a_i_l --BB _s_e_t_:_c_l_i_e_n_t
398 --BB _s_e_t_:_m_a_i_l___h_o_s_t --BB _s_e_t_:_U_R_L --BB _s_e_t_:_M_X and --BB _s_e_t_:_N_S
399
400 --BB _s_e_t_:_g_r_o_u_p_=_X
401 adds later DNS blacklists specified with
402 --BB _d_o_m_a_i_n[_,_I_P_a_d_d_r[_/_x_x[_,_b_l_t_y_p_e]]]
403 to group 1, 2, or 3.
404
405 --BB _s_e_t_:_d_e_b_u_g_=_X
406 sets the DNS blacklist logging level
407
408 --BB _s_e_t_:_m_s_g_-_s_e_c_s_=_S
409 limits ddccccmm to _S seconds total for checking all DNS blacklists.
410 The default is 25.
411
412 --BB _s_e_t_:_U_R_L_-_s_e_c_s_=_S
413 limits ddccccmm to at most _S seconds resolving and checking any
414 single URL. The default is 11. Some spam contains dozens of
415 URLs and that some "spamvertised" URLs contain host names that
416 need minutes to resolve. Busy mail systems cannot afford to
417 spend minutes checking each incoming mail message.
418
419 --BB _s_e_t_:_r_e_j_-_m_s_g_=_r_e_j_e_c_t_i_o_n_-_m_s_g
420 sets the SMTP rejection message for the following blacklists.
421 _R_e_j_e_c_t_i_o_n_-_m_s_g must be in the same format as for --rr. If
422 _r_e_j_e_c_t_i_o_n_-_m_s_g is null, the default is restored. The default
423 DNS blacklist rejection message is the first message set with
424 --rr.
425
426 --BB _s_e_t_:_t_e_m_p_-_f_a_i_l
427 causes ddccccmm to the MTA to answer the SMTP DATA command with
428 452 4.2.1 mail %ID from %CIP temporary delayed for DNSBL
429 if any DNS answer required for a DNSBL in the current group
430 times out, including resolving names in URLs.
431
432 --BB _s_e_t_:_n_o_-_t_e_m_p_-_f_a_i_l
433 restores the default of assuming a negative answer for DNS
434 responses that take too long.
435
436 --BB _s_e_t_:_m_a_x_j_o_b_s_=_X
437 sets maximum number of helper processes to _X. In order to use
438 typical single-threaded DNS resolver libraries, ddccccmm uses
439 fleets of helper processes. It is rarely a good idea to change
440 the default, which is the same as the maximum number of simul-
441 taneous jobs set with --jj.
442
443 --BB _s_e_t_:_p_r_o_g_p_a_t_h_=_/_v_a_r_/_d_c_c_/_l_i_b_e_x_e_c_/_d_n_s_-_h_e_l_p_e_r
444 changes the path to the helper program.
445
446 --LL _l_t_y_p_e_,_f_a_c_i_l_i_t_y_._l_e_v_e_l
447 specifies how messages should be logged. _L_t_y_p_e must be _e_r_r_o_r, _i_n_f_o,
448 or _o_f_f to indicate which of the two types of messages are being con-
449 trolled or to turn off all syslog(3) messages from ddccccmm. _L_e_v_e_l must
450 be a syslog(3) level among _E_M_E_R_G, _A_L_E_R_T, _C_R_I_T, _E_R_R, _W_A_R_N_I_N_G, _N_O_T_I_C_E,
451 _I_N_F_O, and _D_E_B_U_G. _F_a_c_i_l_i_t_y must be among _A_U_T_H, _A_U_T_H_P_R_I_V, _C_R_O_N,
452 _D_A_E_M_O_N, _F_T_P, _K_E_R_N, _L_P_R, _M_A_I_L, _N_E_W_S, _U_S_E_R, _U_U_C_P, and _L_O_C_A_L_0 through
453 _L_O_C_A_L_7. The default is equivalent to
454 --LL _i_n_f_o_,_M_A_I_L_._N_O_T_I_C_E --LL _e_r_r_o_r_,_M_A_I_L_._E_R_R
455
456 ddccccmm normally sends counts of mail rejected and so forth the to system
457 log at midnight. The SIGUSR1 signal sends an immediate report to the
458 system log. They will be repeated every 24 hours instead of at midnight.
459
460 SSEENNDDMMAAIILL MMAACCRROOSS
461 Sendmail can affect ddccccmm with the values of some _s_e_n_d_m_a_i_l_._c_f macros.
462 These macro names must be added to the Milter.macros option statements in
463 _s_e_n_d_m_a_i_l_._c_f as in the example "Feature" file dcc.m4.
464
465 _$_{_d_c_c___i_s_s_p_a_m_} causes a mail message to be reported to the DCC server as
466 having been addressed to "MANY" recipients. The
467 _$_{_d_c_c___i_s_s_p_a_m_} macro is ignored if the _$_{_d_c_c___n_o_t_s_p_a_m_} macro
468 is set to a non-null string
469
470 If the value of the _$_{_d_c_c___i_s_s_p_a_m_} is null, ddccccmm uses SMTP
471 rejection messages controlled by --aa and --rr. If the value
472 of the _$_{_d_c_c___i_s_s_p_a_m_} macro starts with "DISCARD", the mail
473 message is silently discarded as with --aa _D_I_S_C_A_R_D_. If value
474 of the macro not null and does not start with "DISCARD",
475 it is used as the SMTP error message given to the SMTP
476 client trying to send the rejected message. The message
477 starts with an optional SMTP error type and number fol-
478 lowed by text.
479
480 The --aa option does not effect messages marked spam with
481 _$_{_d_c_c___i_s_s_p_a_m_}. When the _$_{_d_c_c___i_s_s_p_a_m_} macro is set, the
482 message is rejected or discarded despite local or DCC
483 database whitelist entries. The local whitelist does con-
484 trol whether the message's checksums will be reported to
485 the DCC server and an _X_-_D_C_C SMTP header line will be
486 added.
487
488 _$_{_d_c_c___n_o_t_s_p_a_m_}
489 causes a message not be considered unsolicited bulk
490 despite evidence to the contrary. It also prevents ddccccmm
491 from reporting the checksums of the message to the DCC
492 server and from adding an _X_-_D_C_C header line.
493
494 When the macro is set by the _s_e_n_d_m_a_i_l_._c_f rules,
495 _$_{_d_c_c___n_o_t_s_p_a_m_} macros overrides DCC threshlds that say the
496 message should be rejected as well as the effects of the
497 _$_{_d_c_c___i_s_s_p_a_m_} macro.
498
499 _$_{_d_c_c___m_a_i_l___h_o_s_t_}
500 specifies the name of the SMTP client that is sending the
501 message. This macro is usually the same as the _m_a_i_l___h_o_s_t
502 macro. They can differ when a sendmail "smart relay" is
503 involved. The _$_{_d_c_c___m_a_i_l___h_o_s_t_} macro does not work if
504 _F_E_A_T_U_R_E_(_d_e_l_a_y___c_h_e_c_k_s_) is used.
505
506 _$_{_d_c_c___u_s_e_r_d_i_r_}
507 is the per-user whitelist and log directory for a recipi-
508 ent. If the macro is not set in sendmail.cf,
509 $&{rcpt_mailer}/$&{rcpt_addr} is assumed, but with the
510 recipient address converted to lower case. Whatever value
511 is used, the directory name after the last slash (/) char-
512 acter is converted to lower case. Any value containing
513 the string "/../" is ignored.
514
515 This macro also does not work if _F_E_A_T_U_R_E_(_d_e_l_a_y___c_h_e_c_k_s_) is
516 used.
517
518 The following two lines in a sendmail mc file have the
519 same effect as not defining the ${dcc_userdir} macro, pro-
520 vided _F_E_A_T_U_R_E_(_d_c_c_) is also used and the sendmail
521 _c_f_/_f_e_a_t_u_r_e directory has a symbolic link to the
522 _m_i_s_c_/_d_c_c_._m_4 file.
523
524 SLocal_check_rcpt
525 R$* $: $1 $(macro {dcc_userdir} $@ $&{rcpt_mailer}/$&{rcpt_addr} $))
526
527 FFIILLEESS
528 /var/dcc is the DCC home directory in which other files are found.
529 /var/dcc/libexec/start-dccm
530 is a script used to ddccccmm.
531 dcc/dcc_conf
532 contains parameters used by the scripts to start DCC daemons
533 and cron jobs.
534 logdir is an optional directory specified with --ll and containing
535 marked mail. Each file in the directory contains one message,
536 at least one of whose checksums reached its --tt thresholds or
537 that is interesting for some other reason. Each file starts
538 with lines containing the date when the message was received,
539 the IP address of the SMTP client, and SMTP envelope values.
540 Those lines are followed by the body of the SMTP message
541 including its header as it was received by sendmail and with-
542 out any new or changed header lines. Only approximately the
543 first 32 KBytes of the body are recorded unless modified by
544 _._/_c_o_n_f_i_g_u_r_e _-_-_w_i_t_h_-_m_a_x_-_l_o_g_-_s_i_z_e_=_x_x The checksums for the mes-
545 sage follow the body. They are followed by lines indicating
546 that the _$_{_d_c_c___i_s_s_p_a_m_} or _$_{_d_c_c___n_o_t_s_p_a_m_} _s_e_n_d_m_a_i_l_._c_f macros
547 were set or one of the checksums is white- or blacklisted by
548 the --ww _w_h_i_t_e_c_l_n_t file. Each file ends with the _X_-_D_C_C header
549 line added to the message and the disposition of the message
550 including SMTP status message if appropriate.
551 map is the memory mapped file of information concerning DCC
552 servers in the DCC home directory.
553 whiteclnt contains the client whitelist in the format described in
554 dcc(8).
555 whiteclnt.dccw
556 is a memory mapped hash table of the _w_h_i_t_e_c_l_n_t file.
557 dccm.pid in the --RR _r_u_n_d_i_r directory contains daemon's process ID. The
558 string ``dccm'' is replaced by the file name containing the
559 daemon to facilitate running multiple daemons, probably con-
560 nected to remote instances of sendmail using TCP/IP instead of
561 a UNIX domain socket. See also --RR.
562 /var/run/dcc/dccm
563 is the default UNIX domain socket used by the sendmail milter
564 interface. See also --RR.
565 sendmail.cf
566 is the sendmail(8) control file.
567 misc/dcc.m4
568 sendmail mc file that should have a symbolic link in the send-
569 mail cf/feature directory so that _F_E_A_T_U_R_E_(_d_c_c_) can be used in
570 a sendmail mc file.
571
572 EEXXAAMMPPLLEESS
573 DDccccmm should be started before sendmail with something like the script
574 _/_v_a_r_/_d_c_c_/_l_i_b_e_x_e_c_/_s_t_a_r_t_-_d_c_c_m_. It looks for common DCC parameters in the
575 _d_c_c___c_o_n_f file in the DCC home directory, _/_v_a_r_/_d_c_c_.
576
577 Those numbers should modified to fit local conditions. It might be wise
578 to replace the "100" numbers with much larger values or with "MANY" until
579 a few weeks of monitoring the log directory show that sources of mailing
580 lists are in the server's whitelist file (see dccd(8)) or the local
581 _w_h_i_t_e_c_l_n_t file.
582
583 It is usually necessary to regularly delete old log files with a script
584 like /var/dcc/libexec/cron-dccd.
585
586 On systems unlike modern FreeBSD and other UNIX-like systems which
587 include sendmail milter support, sendmail must be built with the milter
588 interface, such as by creating a _d_e_v_t_o_o_l_s_/_S_i_t_e_/_s_i_t_e_._c_o_n_f_i_g_._m_4 or similar
589 file containing something like the following lines:
590
591 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_MILTER=1')
592 APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER=1')
593
594 Appropriate lines invoking the milter interface must be added to
595 _s_e_n_d_m_a_i_l_._c_f_. That can be done by putting a symbolic link to the the
596 misc/dcc.m4 file in the DCC source to the sendmail cf/feature directory
597 and adding the line
598
599 FEATURE(dcc)
600
601 to the local .mc file.
602
603 Note that ddccccmm should not be used with the Postfix milter mechanism.
604 Instead use dccifd(8) as a before-queue filter as described in that man
605 page.
606
607 SSEEEE AALLSSOO
608 cdcc(8), dbclean(8), dcc(8), dccd(8), dblist(8), dccifd(8), dccproc(8),
609 dccsight(8), sendmail(8).
610
611 HHIISSTTOORRYY
612 Distributed Checksum Clearinghouses are based on an idea of Paul Vixie.
613 Implementation of ddccccmm was started at Rhyolite Software in 2000. This
614 document describes version 1.3.103.
615
616 BBUUGGSS
617 ddccccmm uses --tt where dccproc(8) uses --cc.
618
619 Systems without setrlimit(2) and getrlimit(2) RLIMIT_NOFILE can have
620 problems with the default limit on the number of simultaneous jobs, the
621 value of --jj. Every job requires four open files. These problems are
622 usually seen with errors messages that say something like
623 dccm[24448]: DCC: accept() returned invalid socket
624 A fix is to use a smaller value for --jj or to allow ddccccmm to open more
625 files. Sendmail version 8.13 and later can be told to poll() instead of
626 select with SM_CONF_POLL. Some older versions of sendmail knew about
627 FFR_USE_POLL. One of the following lines in your devtools/Site/site.con-
628 fig.m4 file can help:
629
630 APPENDDEF(`conf_libmilter_ENVDEF', `-DSM_CONF_POLL')
631 APPENDDEF(`conf_libmilter_ENVDEF', `-DFFR_USE_POLL')
632
633 On many systems with sendmail 8.11.3 and preceding, a bug in the sendmail
634 milter mechanism causes ddccccmm to die with a core file when given a signal.
635
636 February 26, 2009