notdcc: dccm.html.in comparison

comparison dccm.html.in @ 0:c7f6b056b673

First import of vendor version

author	Peter Gervai <grin@grin.hu>
date	Tue, 10 Mar 2009 13:49:58 +0100
parents
children

comparison

equal deleted inserted replaced

--1:000000000000
+:c7f6b056b673
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<HTML>
+<HEAD>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+<TITLE>dccm.0.8</TITLE>
+<META http-equiv="Content-Style-Type" content="text/css">
+<STYLE type="text/css">
+	BODY {background-color:white; color:black}
+	ADDRESS {font-size:smaller}
+IMG.logo {width:6em; vertical-align:middle}
+</STYLE>
+</HEAD>
+<BODY>
+<PRE>
+<!-- Manpage converted by man2html 3.0.1 -->
+<B><A HREF="dccm.html">dccm(8)</A></B>               Distributed Checksum Clearinghouse               <B><A HREF="dccm.html">dccm(8)</A></B>
+</PRE>
+<H2><A NAME="NAME">NAME</A></H2><PRE>
+<B>dccm</B> -- Distributed Checksum Clearinghouse Milter Interface
+</PRE>
+<H2><A NAME="SYNOPSIS">SYNOPSIS</A></H2><PRE>
+<B>dccm</B> [<B>-VdbxANQ</B>] [<B>-G</B> <I>on</I> | <I>off</I> | <I>noIP</I> | <I>IPmask/xx</I>] [<B>-h</B> <I>homedir</I>] [<B>-I</B> <I>user</I>]
+[<B>-p</B> <I>protocol:filename</I> | <I>protocol:port@host</I>] [<B>-m</B> <I>map</I>]
+[<B>-w</B> <I>whiteclnt</I>] [<B>-U</B> <I>userdirs</I>] [<B>-a</B> <I>IGNORE</I> | <I>REJECT</I> | <I>DISCARD</I>]
+[<B>-t</B> <I>type,</I>[<I>log-thold,</I>]<I>rej-thold</I>] [<B>-g</B> [<I>not-</I>]<I>type</I>] [<B>-S</B> <I>header</I>]
+[<B>-l</B> <I>logdir</I>] [<B>-R</B> <I>rundir</I>] [<B>-r</B> <I>rejection-msg</I>] [<B>-j</B> <I>maxjobs</I>]
+[<B>-B</B> <I>dnsbl-option</I>] [<B>-L</B> <I>ltype,facility.level</I>]
+</PRE>
+<H2><A NAME="DESCRIPTION">DESCRIPTION</A></H2><PRE>
+<B>dccm</B> is a daemon built with the sendmail milter interface intended to
+connect <B>sendmail(8)</B> to DCC servers.  When built with the milter filter
+machinery and configured to talk to <B>dccm</B> in the <I>sendmail.cf</I> file, send-
+mail passes all email to <B>dccm</B> which in turn reports related checksums to
+the nearest DCC server.  <B>dccm</B> then adds an <I>X-DCC</I> SMTP header line to the
+message.  Sendmail is told to reject the message if it is unsolicited
+bulk mail.
+<B>Dccm</B> sends reports of checksums related to mail received by DCC clients
+and queries about the total number of reports of particular checksums.  A
+DCC server receives <I>no</I> mail, address, headers, or other information, but
+only cryptographically secure checksums of such information.  A DCC
+server cannot determine the text or other information that corresponds to
+the checksums it receives.  Its only acts as a clearinghouse of counts
+for checksums computed by clients.  For complete privacy as far as the
+DCC is concerned, the checksums of purely internal mail or other mail
+that is known to not be unsolicited bulk can be listed in a whitelist to
+not be reported to the DCC server.
+Since the checksums of messages that are whitelisted locally by the <B>-w</B>
+<I>whiteclnt</I> file are not reported to the DCC server, <B>dccm</B> knows nothing
+about the total recipient counts for their checksums and so cannot add
+<I>X-DCC</I> header lines to such messages.  Sendmail does not tell <B>dccm</B> about
+messages that are not received by sendmail via SMTP, including messages
+submitted locally and received via UUCP, and so they also do not receive
+<I>X-DCC</I> header lines.
+Enable the daemon and put its parameters in the <I>dcc</I><B>_</B><I>conf</I> file and start
+the daemon with the <I>@libexecdir@/start-dccm</I> or <I>var/dcc/libexec/rcDCC</I>
+script.
+The list of servers that <B>dccm</B> contacts is in the memory mapped file <I>map</I>
+shared by local DCC clients.  The file is  maintained with <B><A HREF="cdcc.html">cdcc(8)</A></B>.
+<A NAME="OPTIONS"><B>OPTIONS</B></A>
+The following options are available:
+<A NAME="OPTION-V"><B>-V</B></A>   displays the version of <B>dccm</B>.
+<A NAME="OPTION-d"><B>-d</B></A>   enables debugging output from the DCC client software.  Additional
+<B>-d</B> options increase the number of messages.  A single <B>-d</B>
+aborted SMTP transactions including those from some "dictionary
+attacks."
+<A NAME="OPTION-b"><B>-b</B></A>   causes the daemon to not detach itself from the controlling tty and
+put itself into the background.
+<A NAME="OPTION-x"><B>-x</B></A>   causes the daemon to try "extra hard" to contact a DCC server.
+Since it is usually more important to deliver mail than to report
+its checksums, <B>dccm</B> normally does not delay too long while trying to
+contact a DCC server.  It will not try again for several seconds
+after a failure.  With <B>-x</B>, it will always try to contact the DCC
+server and it will tell the MTA to answer the DATA command with a
+4yz temporary failure.
+<A NAME="OPTION-A"><B>-A</B></A>   adds to existing X-DCC headers in the message instead of replacing
+existing headers of the brand of the current server.
+<A NAME="OPTION-N"><B>-N</B></A>   neither adds, deletes, nor replaces existing X-DCC headers in the
+message.  Each message is logged, rejected, and otherwise handled
+the same.
+<A NAME="OPTION-Q"><B>-Q</B></A>   only queries the DCC server about the checksums of messages instead
+of reporting and querying.  This is useful when <B>dccm</B> is used to fil-
+ter mail that has already been reported to a DCC server by another
+DCC client.  No single mail message should be reported to a DCC
+server more than once per recipient, because each report will
+increase the apparent "bulkness" of the message.
+It is better to use <I>MXDCC</I> lines in the global <I>whiteclnt</I> file for
+your MX mail servers that use DCC than <B>-Q</B>.
+<A NAME="OPTION-G"><B>-G</B></A> <I>on</I> | <I>off</I> | <I>noIP</I> | <I>IPmask/xx</I>
+controls <I>greylisting</I>.  At least one working greylist server must be
+listed in the <I>map</I> file in the DCC home directory.  If more than one
+is named, they must "flood" or change checksums and they must use
+the same <B>-G</B> parameters.  See <B><A HREF="dccd.html">dccd(8)</A></B>.  Usually all dccm or dccifd
+DCC client processes use the same <B>-G</B> parameters.
+<I>IPmask/xx</I> and <I>noIP</I> remove part or all of the IP address from the
+greylist triple.  The CIDR block size, <I>xx</I>, must be between 1 and
+128.  96 is added to block sizes smaller than 33 to make them appro-
+priate for the IPv6 addresses used by the DCC.  <I>IPmask/96</I> differs
+from <I>noIP</I> for IPv4 addresses, because the former retains the IPv4 to
+IPv6 mapping prefix.
+<A NAME="OPTION-h"><B>-h</B></A> <I>homedir</I>
+overrides the default DCC home directory, <I>@prefix@</I>.
+<A NAME="OPTION-I"><B>-I</B></A> <I>user</I>
+specifies the UID and GID of the process.
+<A NAME="OPTION-p"><B>-p</B></A> <I>protocol:filename</I> | <I>protocol:port@host</I>
+specifies the protocol and address by which sendmail will contact
+<B>dccm</B>.  The default is a UNIX domain socket in the "run" directory,
+<I>@dcc_rundir@/dccm</I>.  (See also <B>-R)</B> This protocol and address must
+match the value in <I>sendmail.cf</I>.  This mechanism can be used to con-
+nect <B>dccm</B> on one computer to sendmail on another computer when a
+port and host name or IP address are used.
+<A NAME="OPTION-m"><B>-m</B></A> <I>map</I>
+specifies a name or path of the memory mapped parameter file instead
+of the default <I>map</I> file in the DCC home directory.  It should be
+created with the <B><A HREF="cdcc.html">cdcc(8)</A></B> command.
+<A NAME="OPTION-w"><B>-w</B></A> <I>whiteclnt</I>
+specifies an optional file containing filtering parameters as well
+as SMTP client IP addresses, SMTP envelope values, and header values
+of mail that is spam or is not spam and does not need a <I>X-DCC</I>
+header, and whose checksums should not be reported to the DCC
+server.
+If the pathname <I>whiteclnt</I> is not absolute, it is relative to the DCC
+home directory.
+The format of the <B>dccm</B> whiteclnt file is the same as the <I>whitelist</I>
+files used by <B><A HREF="dbclean.html">dbclean(8)</A></B> and the <I>whiteclnt</I> file used by <B><A HREF="dccproc.html">dccproc(8)</A></B>.
+See <B><A HREF="dcc.html">dcc(8)</A></B> for a description of DCC white and blacklists.  Because
+the contents of the <I>whiteclnt</I> file are used frequently, a companion
+file is automatically created and maintained.  It has the same path-
+name but with an added suffix of <I>.dccw</I> and contains a memory mapped
+hash table of the main file.
+A whitelist entry ("OK") or two or more semi-whitelistings ("OK2")
+for one of the message's checksums prevents all of the message's
+checksums from being reported to the DCC server and the addition of
+a <I>X-DCC</I> header line by <B>dccm</B> A whitelist entry for a checksum also
+prevents rejecting or discarding the message based on DCC recipient
+counts as specified by <B>-a</B> and <B>-t</B>.  Otherwise, one or more checksums
+with blacklisting entries ("MANY") cause all of the message's check-
+sums to be reported to the server with an addressee count of "MANY".
+If the message has a single recipient, an <I>env</I><B>_</B><I>To</I> <I>whiteclnt</I> entry of
+"OK" for the checksum of its recipient address acts like any other
+<I>whiteclnt</I> entry of "OK."  When the SMTP message has more than one
+recipient, the effects can be complicated.  When a message has sev-
+eral recipients with some but not all listed in the <I>whiteclnt</I> file,
+<B>dccm</B> tries comply with the wishes of the users who want filtering as
+well as those who don't by silently not delivering the message to
+those who want filtering (i.e. are not whitelisted) and delivering
+the message to don't want filtering.
+<A NAME="OPTION-U"><B>-U</B></A> <I>userdirs</I>
+enables per-user <I>whiteclnt</I> files and log directories.  Each target
+of a message can have a directory of log files named
+<I>usedirs/${dcc</I><B>_</B><I>userdir}/log</I> where <I>${dcc</I><B>_</B><I>userdir}</I> is the <I>sendmail.cf</I>
+macro described below.  If <I>${dcc</I><B>_</B><I>userdir}</I> is not set,
+<I>userdirs/${rcpt</I><B>_</B><I>mailer}/${rcpt</I><B>_</B><I>addr}/log</I> is used.  The most likely
+value of <I>mailer</I> is <I>local</I>.  Appropriate values for both
+<I>${rcpt</I><B>_</B><I>mailer}</I> and <I>${rcpt</I><B>_</B><I>addr}</I> can be seen by examining <I>env</I><B>_</B><I>To</I>
+lines in <B>-l</B> <I>logdir</I> files.  If it is not absolute, <I>userdirs</I> is rela-
+tive to the DCC home directory.  The directory containing the log
+files must be named <I>log</I> and it must be writable by the <B>dccm</B> process.
+Each log directory must exist or logging for the corresponding is
+silently disabled.  The files created in the log directory are owned
+by the UID of the <B>dccm</B> process, but they have <I>group</I> and <I>other</I> read
+and write permissions copied from the corresponding <I>log</I> directory.
+To ensure the privacy of mail, it may be good to make the directo-
+ries readable only by <I>owner</I> and <I>group</I>, and to use a cron script that
+changes the owner of each file to match the grandparent <I>addr</I> direc-
+tory.
+There can also be a per -user whitelist file named
+<I>userdirs/${dcc</I><B>_</B><I>userdir}/whiteclnt</I> or if <I>${dcc</I><B>_</B><I>userdir}</I> is not set,
+<I>userdirs/${rcpt</I><B>_</B><I>mailer}/${rcpt</I><B>_</B><I>addr}</I> per-user whitelist files.  Any
+checksum that is not white- or blacklisted by an individual
+addressee's <I>whiteclnt</I> file  is checked in the main <B>-w -whiteclnt</B>
+file.  A missing per-addressee <I>whiteclnt</I> file is the same as an
+empty file.  Relative paths for files included in per-addressee
+files are resolved in the DCC home directory.  The <I>whiteclnt</I> files
+and the <I>addr</I> directories containing them must be writable by the
+<B>dccm</B> process.
+<I>Option</I> lines in per-user whiteclnt files can be used to modify many
+aspects of <B>dccm</B> filtering, as described in the main dcc man page.
+For example, an <I>option</I> <I>dcc-off</I> line turns off DCC filtering for
+individual mailboxes.
+<A NAME="OPTION-a"><B>-a</B></A> <I>IGNORE</I> | <I>REJECT</I> | <I>DISCARD</I>
+specifies the action taken when DCC server counts or <B>-t</B> thresholds
+say that a message is unsolicited and bulk.  <I>IGNORE</I> causes the mes-
+sage to be unaffected except for adding the <I>X-DCC</I> header line to the
+message.  This turns off DCC filtering.
+Spam can also be <I>REJECT</I>ed or accepted and silently <I>DISCARD</I>ed without
+being delivered to local mailboxes.  The default is <I>REJECT</I>.
+Mail forwarded via IP addresses marked <I>MX</I> or <I>MXDCC</I> in the main
+<I>whiteclnt</I> file is treated as if <B>-a</B> <I>DISCARD</I> were specified.  This
+prevents "bouncing" spam.
+Determinations that mail is or is not spam from sendmail via
+<I>${dcc</I><B>_</B><I>isspam}</I> or <I>${dcc</I><B>_</B><I>notspam}</I> macros override <B>-a</B>.  The effects of
+the <B>-w</B> <I>whiteclnt</I> are not affected by <B>-a</B>.
+<A NAME="OPTION-t"><B>-t</B></A> <I>type,</I>[<I>log-thold,</I>]<I>rej-thold</I>
+sets logging and "spam" thresholds for checksum <I>type</I>.  The checksum
+types are <I>IP</I>, <I>env</I><B>_</B><I>From</I>, <I>From</I>, <I>Message-ID</I>, <I>substitute</I>, <I>Received</I>,
+<I>Body</I>, <I>Fuz1</I>, <I>Fuz2</I>, <I>rep-total</I>, and <I>rep</I>.  The first six, <I>IP</I> through
+<I>substitute</I>, have no effect except when a local DCC server configured
+with <B>-K</B> is used.  The <I>substitute</I> thresholds apply to the first sub-
+stitute heading encountered in the mail message.  The string <I>ALL</I>
+sets thresholds for all types, but is unlikely to be useful except
+for setting logging thresholds.  The string <I>CMN</I> specifies the com-
+monly used checksums <I>Body</I>, <I>Fuz1</I>, and <I>Fuz2</I>.  <I>Rej-thold</I> and <I>log-thold</I>
+must be numbers, the string <I>NEVER</I>, or the string <I>MANY</I> indicating
+millions of targets.  Counts from the DCC server as large as the
+threshold for any single type are taken as sufficient evidence that
+the message should be logged or rejected.
+<I>Log-thold</I> is the threshold at which messages are logged.  It can be
+handy to log messages at a lower threshold to find solicited bulk
+mail sources such as mailing lists.  If no logging threshold is set,
+only rejected mail and messages with complicated combinations of
+white and blacklisting are logged.  Messages that reach at least one
+of their rejection thresholds are logged regardless of logging
+thresholds.
+<I>Rej-thold</I> is the threshold at which messages are considered "bulk,"
+and so should be rejected or discarded if not whitelisted.
+DCC Reputation thresholds in the commercial version of the DCC are
+controlled by thresholds on checksum types <I>rep</I> and <I>rep-total</I>.  Mes-
+sages from an IP address that the DCC database says has sent more
+than <B>-t</B> <I>rep-total,log-thold</I> messages are logged.  A DCC Reputation
+is computed for messages received from IP addresses that have sent
+more than <B>-t</B> <I>rep-total,log-thold</I> messages.  The DCC Reputation of an
+IP address is the percentage of its messages that have been detected
+as bulk or having at least 10 recipients.  The defaults are equiva-
+lent to <B>-t</B> <I>rep,never</I> and <B>-t</B> <I>rep-total,never,20</I>.
+Bad DCC Reputations do not reject mail unless enabled by an <I>option</I>
+<I>DCC-rep-on</I> line in a <I>whiteclnt</I> file.
+The checksums of locally whitelisted messages are not checked with
+the DCC server and so only the number of targets of the current copy
+of a whitelisted message are compared against the thresholds.
+The default is <I>ALL,NEVER</I>, so that nothing is discarded, rejected, or
+logged.  A common choice is <I>CMN,25,50</I> to reject or discard mail with
+common bodies except as overridden by the whitelist of the DCC
+server, the sendmail <I>${dcc</I><B>_</B><I>isspam}</I> and <I>${dcc</I><B>_</B><I>notspam}</I> macros, and
+<B>-g</B>, and <B>-w</B>.
+<A NAME="OPTION-g"><B>-g</B></A> [<I>not-</I>]<I>type</I>
+indicates that whitelisted, <I>OK</I> or <I>OK2</I>, counts from the DCC server
+for a type of checksum are to be believed.  They should be ignored
+if prefixed with <I>not-</I>.  <I>Type</I> is one of the same set of strings as
+for <B>-t</B>.  Only <I>IP</I>, <I>env</I><B>_</B><I>From</I>, and <I>From</I> are likely choices.  By default
+all three are honored, and hence the need for <I>not-</I>.
+<A NAME="OPTION-S"><B>-S</B></A> <I>hdr</I>
+adds to the list of substitute or locally chosen headers that are
+checked with the <B>-w</B> <I>whiteclnt</I> file and sent to the DCC server.  The
+checksum of the last header of type <I>hdr</I> found in the message is
+checked.  <I>Hdr</I> can be <I>HELO</I> to specify the SMTP envelope HELO value.
+<I>Hdr</I> can also be <I>mail</I><B>_</B><I>host</I> to specify the sendmail "resolved" host
+name from the Mail_from value in the SMTP envelope.  As many as six
+different substitute headers can be specified, but only the checksum
+of the first of the six will be sent to the DCC server.
+<A NAME="OPTION-l"><B>-l</B></A> <I>logdir</I>
+specifies a directory in which files containing copies of messages
+processed by <B>dccm</B> are kept.  They can be copied to per-user directo-
+ries specified with <B>-U</B>.  Information about other recipients of a
+message is deleted from the per-user copies.
+See the FILES section below concerning the contents of the files.
+See also the <I>option</I> <I>log-subdirectory-{day,hour,minute}</I> lines in
+<I>whiteclnt</I> files described in <B><A HREF="dcc.html">dcc(8)</A></B>.
+The directory is relative to the DCC home directory if it is not
+absolute
+<A NAME="OPTION-R"><B>-R</B></A> <I>rundir</I>
+specifies the "run" directory where the UNIX domain socket and file
+containing the daemon's process ID are stored.  The default value is
+@dcc_rundir@ .
+<A NAME="OPTION-r"><B>-r</B></A> <I>rejection-msg</I>
+specifies the rejection message in <B>-o</B> proxy mode for unsolicited
+bulk mail or for mail temporarily blocked by <I>greylisting</I> when <B>-G</B> is
+specified.  The first <B>-r</B> <I>rejection-msg</I> replaces the default bulk
+mail rejection message, "5.7.1 550 mail %ID from %CIP rejected by
+DCC".  The second replaces "4.2.1 452 mail %ID from %CIP temporary
+greylist embargoed".  The third <B>-r</B> <I>rejection-msg</I> replaces the
+default SMTP rejection message "5.7.1 550 %ID bad reputation; see
+http://commercial-dcc.rhyolite.com/cgi-bin/reps.cgi?tgt=%CIP" for
+mail with bad DCC Reputations.  If <I>rejection-msg</I> is the zero-length
+string, the <B>-r</B> setting is counted but the corresponding message is
+not changed.
+<I>Rejection-msg</I> can contain specific information about the mail mes-
+sage.  The following strings starting with % are replaced with the
+corresponding values:
+%ID       message ID such as the unique part of log file name or
+sendmail queue ID
+%CIP      SMTP client IP address
+%BTYPE    type of DNS blacklist hit, such as "SMTP client",
+"mail_host", or "URL NS"
+%BTGT     IP address or name declared bad by DNS blacklist
+%BPROBE   domain name found in DNS blacklist such as
+4.3.2.10.example.com
+%BRESULT  value of the %BPROBE domain name found in DNS black-
+list
+A common alternate for the bulk mail rejection message is "4.7.1 451
+Access denied by DCC" to tell the sending mail system to continue
+trying.  Use a 4yz response with caution, because it is likely to
+delay for days a delivery failure message for false positives.  If
+the rejection message does not start with an RFC 1893 status code
+and RFC 2821 reply code, 5.7.1 and 550 or 4.2.1 and 452 are used.
+See also <B>-B</B> <I>set:rej-msg=rejection-msg</I> to set the status message for
+mail rejected by DNS blacklists.
+<A NAME="OPTION-j"><B>-j</B></A> <I>maxjobs</I>
+limits the number of simultaneous requests that will be processed.
+The default value is the maximum number that seems to be possible
+given system limits on open files, select() bit masks, and so forth.
+Start <B>dccm</B> with <B>-d</B> and see the starting message in the system log to
+see the limit.
+<A NAME="OPTION-B"><B>-B</B></A> <I>dnsbl-option</I>
+enables DNS blacklist checks of the SMTP client IP address, SMTP
+envelope Mail_From sender domain name, and of host names in URLs in
+the message body.  Body URL blacklisting has too many false posi-
+tives to use on abuse mailboxes.  It is less effective than
+greylisting with <B><A HREF="dccm.html">dccm(8)</A></B> or <B><A HREF="dccifd.html">dccifd(8)</A></B> but can be useful in situa-
+tions where greylisting cannot be used.
+<I>Dnsbl-option</I> is either one of the <B>-B</B> <I>set:option</I> forms or
+<B>-B</B> <I>domain</I>[<I>,IPaddr</I>[<I>/xx</I>[<I>,bltype</I>]]]
+<I>Domain</I> is a DNS blacklist domain such as example.com that will be
+searched.  <I>IPaddr</I>[<I>/xxx</I>] is the string "any" an IP address in the DNS
+blacklist that indicates that the mail message should be rejected,
+or a CIDR block covering results from the DNS blacklist.
+"127.0.0.2" is assumed if <I>IPaddr</I> is absent.  IPv6 addresses can be
+specified with the usual colon (:) notation.  Names can be used
+instead of numeric addresses.  The type of DNS blacklist is speci-
+fied by <I>bltype</I> as <I>name</I>, <I>IPv4</I>, or <I>IPv6</I>.  Given an envelope sender
+domain name or a domain name in a URL of spam.domain.org and a
+blacklist of type <I>name</I>, spam.domain.org.example.com will be tried.
+Blacklist types of <I>IPv4</I> and <I>IPv6</I> require that the domain name in a
+URL sender address be resolved into an IPv4 or IPv6 address.  The
+address is then written as a reversed string of decimal octets to
+check the DNS blacklist, as in 2.0.0.127.example.com,
+More than one blacklist can be specified and blacklists can be
+grouped.  All searching within a group is stopped at the first posi-
+tive result.
+Positive results are ignored after being logged unless an
+<I>option</I> <I>DNSBL-on</I> line appears in the global or per-user <I>whiteclnt</I>
+file.
+<B>-B</B> <I>set:no-client</I>
+says that SMTP client IP addresses and reverse DNS domain names
+should not be checked in the following blacklists.
+<B>-B</B> <I>set:client</I> restores the default for the following black-
+lists.
+<B>-B</B> <I>set:no-mail</I><B>_</B><I>host</I>
+says that SMTP envelope Mail_From sender domain names should
+not be checked in the following blacklists.  <B>-B</B> <I>set:mail</I><B>_</B><I>host</I>
+restores the default.
+<B>-B</B> <I>set:no-URL</I>
+says that URLs in the message body should not be checked in the
+in the following blacklists.  <B>-B</B> <I>set:URL</I> restores the default.
+<B>-B</B> <I>set:no-MX</I>
+says MX servers of sender Mail_From domain names and host names
+in URLs should not be checked in the following blacklists.
+<B>-B</B> <I>set:MX</I> restores the default.
+<B>-B</B> <I>set:no-NS</I>
+says DNS servers of sender Mail_From domain names and host
+names in URLs should not be checked in the following black-
+lists.  <B>-B</B> <I>set:NS</I> restores the default.
+<B>-B</B> <I>set:defaults</I>
+is equivalent to all of <B>-B</B> <I>set:no-temp-fail</I> <B>-B</B> <I>set:client</I>
+<B>-B</B> <I>set:mail</I><B>_</B><I>host</I> <B>-B</B> <I>set:URL</I> <B>-B</B> <I>set:MX</I> and <B>-B</B> <I>set:NS</I>
+<B>-B</B> <I>set:group=X</I>
+adds later DNS blacklists specified with
+<B>-B</B> <I>domain</I>[<I>,IPaddr</I>[<I>/xx</I>[<I>,bltype</I>]]]
+to group 1, 2, or 3.
+<B>-B</B> <I>set:debug=X</I>
+sets the DNS blacklist logging level
+<B>-B</B> <I>set:msg-secs=S</I>
+limits <B>dccm</B> to <I>S</I> seconds total for checking all DNS blacklists.
+The default is 25.
+<B>-B</B> <I>set:URL-secs=S</I>
+limits <B>dccm</B> to at most <I>S</I> seconds resolving and checking any
+single URL.  The default is 11.  Some spam contains dozens of
+URLs and that some "spamvertised" URLs contain host names that
+need minutes to resolve.  Busy mail systems cannot afford to
+spend minutes checking each incoming mail message.
+<B>-B</B> <I>set:rej-msg=rejection-msg</I>
+sets the SMTP rejection message for the following blacklists.
+<I>Rejection-msg</I> must be in the same format as for <B>-r</B>.  If
+<I>rejection-msg</I> is null, the default is restored.  The default
+DNS blacklist rejection message is the first message set with
+<B>-r</B>.
+<B>-B</B> <I>set:temp-fail</I>
+causes <B>dccm</B> to the MTA to answer the SMTP DATA command with
+452 4.2.1 mail %ID from %CIP temporary delayed for DNSBL
+if any DNS answer required for a DNSBL in the current group
+times out, including resolving names in URLs.
+<B>-B</B> <I>set:no-temp-fail</I>
+restores the default of assuming a negative answer for DNS
+responses that take too long.
+<B>-B</B> <I>set:maxjobs=X</I>
+sets maximum number of helper processes to <I>X</I>.  In order to use
+typical single-threaded DNS resolver libraries, <B>dccm</B> uses
+fleets of helper processes.  It is rarely a good idea to change
+the default, which is the same as the maximum number of simul-
+taneous jobs set with <B>-j</B>.
+<B>-B</B> <I>set:progpath=@libexecdir@/dns-helper</I>
+changes the path to the helper program.
+<A NAME="OPTION-L"><B>-L</B></A> <I>ltype,facility.level</I>
+specifies how messages should be logged.  <I>Ltype</I> must be <I>error</I>, <I>info</I>,
+or <I>off</I> to indicate which of the two types of messages are being con-
+trolled or to turn off all <B>syslog(3)</B> messages from <B>dccm</B>.  <I>Level</I> must
+be a <B>syslog(3)</B> level among <I>EMERG</I>, <I>ALERT</I>, <I>CRIT</I>, <I>ERR</I>, <I>WARNING</I>, <I>NOTICE</I>,
+<I>INFO</I>, and <I>DEBUG</I>.  <I>Facility</I> must be among <I>AUTH</I>, <I>AUTHPRIV</I>, <I>CRON</I>,
+<I>DAEMON</I>, <I>FTP</I>, <I>KERN</I>, <I>LPR</I>, <I>MAIL</I>, <I>NEWS</I>, <I>USER</I>, <I>UUCP</I>, and <I>LOCAL0</I> through
+<I>LOCAL7</I>.  The default is equivalent to
+<B>-L</B> <I>info,MAIL.NOTICE</I> <B>-L</B> <I>error,MAIL.ERR</I>
+<B>dccm</B> normally sends counts of mail rejected and so forth the to system
+log at midnight.  The SIGUSR1 signal sends an immediate report to the
+system log.  They will be repeated every 24 hours instead of at midnight.
+</PRE>
+<H2><A NAME="SENDMAIL-MACROS">SENDMAIL MACROS</A></H2><PRE>
+Sendmail can affect <B>dccm</B> with the values of some <I>sendmail.cf</I> macros.
+These macro names must be added to the Milter.macros option statements in
+<I>sendmail.cf</I> as in the example "Feature" file dcc.m4.
+<I>${dcc</I><B>_</B><I>isspam}</I>  causes a mail message to be reported to the DCC server as
+having been addressed to "MANY" recipients.  The
+<I>${dcc</I><B>_</B><I>isspam}</I> macro is ignored if the <I>${dcc</I><B>_</B><I>notspam}</I> macro
+is set to a non-null string
+If the value of the <I>${dcc</I><B>_</B><I>isspam}</I> is null, <B>dccm</B> uses SMTP
+rejection messages controlled by <B>-a</B> and <B>-r</B>.  If the value
+of the <I>${dcc</I><B>_</B><I>isspam}</I> macro starts with "DISCARD", the mail
+message is silently discarded as with <B>-a</B> <I>DISCARD.</I> If value
+of the macro not null and does not start with "DISCARD",
+it is used as the SMTP error message given to the SMTP
+client trying to send the rejected message.  The message
+starts with an optional SMTP error type and number fol-
+lowed by text.
+The <B>-a</B> option does not effect messages marked spam with
+<I>${dcc</I><B>_</B><I>isspam}</I>.  When the <I>${dcc</I><B>_</B><I>isspam}</I> macro is set, the
+message is rejected or discarded despite local or DCC
+database whitelist entries.  The local whitelist does con-
+trol whether the message's checksums will be reported to
+the DCC server and an <I>X-DCC</I> SMTP header line will be
+added.
+<I>${dcc</I><B>_</B><I>notspam}</I>
+causes a message not be considered unsolicited bulk
+despite evidence to the contrary.  It also prevents <B>dccm</B>
+from reporting the checksums of the message to the DCC
+server and from adding an <I>X-DCC</I> header line.
+When the macro is set by the <I>sendmail.cf</I> rules,
+<I>${dcc</I><B>_</B><I>notspam}</I> macros overrides DCC threshlds that say the
+message should be rejected as well as the effects of the
+<I>${dcc</I><B>_</B><I>isspam}</I> macro.
+<I>${dcc</I><B>_</B><I>mail</I><B>_</B><I>host}</I>
+specifies the name of the SMTP client that is sending the
+message.  This macro is usually the same as the <I>mail</I><B>_</B><I>host</I>
+macro.  They can differ when a sendmail "smart relay" is
+involved.  The <I>${dcc</I><B>_</B><I>mail</I><B>_</B><I>host}</I> macro does not work if
+<I>FEATURE(delay</I><B>_</B><I>checks)</I> is used.
+<I>${dcc</I><B>_</B><I>userdir}</I>
+is the per-user whitelist and log directory for a recipi-
+ent.  If the macro is not set in sendmail.cf,
+$&amp;{rcpt_mailer}/$&amp;{rcpt_addr} is assumed, but with the
+recipient address converted to lower case.  Whatever value
+is used, the directory name after the last slash (/) char-
+acter is converted to lower case.  Any value containing
+the string "/../" is ignored.
+This macro also does not work if <I>FEATURE(delay</I><B>_</B><I>checks)</I> is
+used.
+The following two lines in a sendmail mc file have the
+same effect as not defining the ${dcc_userdir} macro, pro-
+vided <I>FEATURE(dcc)</I> is also used and the sendmail
+<I>cf/feature</I> directory has a symbolic link to the
+<I>misc/dcc.m4</I> file.
+SLocal_check_rcpt
+R$*     $: $1 $(macro {dcc_userdir} $@ $&amp;{rcpt_mailer}/$&amp;{rcpt_addr} $))
+</PRE>
+<H2><A NAME="FILES">FILES</A></H2><PRE>
+<A NAME="FILE-@prefix@">@prefix@</A>   is the DCC home directory in which other files are found.
+<A NAME="FILE-@libexecdir@/start">@libexecdir@/start</A>-dccm
+is a script used to <B>dccm</B>.
+<A NAME="FILE-dcc/dcc_conf">dcc/dcc_conf</A>
+contains parameters used by the scripts to start DCC daemons
+and cron jobs.
+<A NAME="FILE-logdir">logdir</A>     is an optional directory specified with <B>-l</B> and containing
+marked mail.  Each file in the directory contains one message,
+at least one of whose checksums reached its <B>-t</B> thresholds or
+that is interesting for some other reason.  Each file starts
+with lines containing the date when the message was received,
+the IP address of the SMTP client, and SMTP envelope values.
+Those lines are followed by the body of the SMTP message
+including its header as it was received by sendmail and with-
+out any new or changed header lines.  Only approximately the
+first 32 KBytes of the body are recorded unless modified by
+<I>./configure</I> <I>--with-max-log-size=xx</I> The checksums for the mes-
+sage follow the body.  They are followed by lines indicating
+that the <I>${dcc</I><B>_</B><I>isspam}</I> or <I>${dcc</I><B>_</B><I>notspam}</I> <I>sendmail.cf</I> macros
+were set or one of the checksums is white- or blacklisted by
+the <B>-w</B> <I>whiteclnt</I> file.  Each file ends with the <I>X-DCC</I> header
+line added to the message and the disposition of the message
+including SMTP status message if appropriate.
+<A NAME="FILE-map">map</A>        is the memory mapped file of information concerning DCC
+servers in the DCC home directory.
+<A NAME="FILE-whiteclnt">whiteclnt</A>  contains the client whitelist in the format described in
+<B><A HREF="dcc.html">dcc(8)</A></B>.
+<A NAME="FILE-whiteclnt.dccw">whiteclnt.dccw</A>
+is a memory mapped hash table of the <I>whiteclnt</I> file.
+<A NAME="FILE-dccm.pid">dccm.pid</A>   in the <B>-R</B> <I>rundir</I> directory contains daemon's process ID.  The
+string ``dccm'' is replaced by the file name containing the
+daemon to facilitate running multiple daemons, probably con-
+nected to remote instances of sendmail using TCP/IP instead of
+a UNIX domain socket.  See also <B>-R</B>.
+<A NAME="FILE-@dcc_rundir@/dccm">@dcc_rundir@/dccm</A>
+is the default UNIX domain socket used by the sendmail milter
+interface.  See also <B>-R</B>.
+<A NAME="FILE-sendmail.cf">sendmail.cf</A>
+is the <B>sendmail(8)</B> control file.
+<A NAME="FILE-misc/dcc.m4">misc/dcc.m4</A>
+sendmail mc file that should have a symbolic link in the send-
+mail cf/feature directory so that <I>FEATURE(dcc)</I> can be used in
+a sendmail mc file.
+</PRE>
+<H2><A NAME="EXAMPLES">EXAMPLES</A></H2><PRE>
+<B>Dccm</B> should be started before sendmail with something like the script
+<I>@libexecdir@/start-dccm.</I> It looks for common DCC parameters in the
+<I>dcc</I><B>_</B><I>conf</I> file in the DCC home directory, <I>@prefix@.</I>
+Those numbers should modified to fit local conditions.  It might be wise
+to replace the "100" numbers with much larger values or with "MANY" until
+a few weeks of monitoring the log directory show that sources of mailing
+lists are in the server's whitelist file (see <B><A HREF="dccd.html">dccd(8)</A></B>) or the local
+<I>whiteclnt</I> file.
+It is usually necessary to regularly delete old log files with a script
+like @libexecdir@/cron-dccd.
+On systems unlike modern FreeBSD and other UNIX-like systems which
+include sendmail milter support, sendmail must be built with the milter
+interface, such as by creating a <I>devtools/Site/site.config.m4</I> or similar
+file containing something like the following lines:
+APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_MILTER=1')
+APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER=1')
+Appropriate lines invoking the milter interface must be added to
+<I>sendmail.cf.</I> That can be done by putting a symbolic link to the the
+misc/dcc.m4 file in the DCC source to the sendmail cf/feature directory
+and adding the line
+FEATURE(dcc)
+to the local .mc file.
+Note that <B>dccm</B> should not be used with the Postfix milter mechanism.
+Instead use <B><A HREF="dccifd.html">dccifd(8)</A></B> as a before-queue filter as described in that man
+page.
+</PRE>
+<H2><A NAME="SEE-ALSO">SEE ALSO</A></H2><PRE>
+<B><A HREF="cdcc.html">cdcc(8)</A></B>, <B><A HREF="dbclean.html">dbclean(8)</A></B>, <B><A HREF="dcc.html">dcc(8)</A></B>, <B><A HREF="dccd.html">dccd(8)</A></B>, <B><A HREF="dblist.html">dblist(8)</A></B>, <B><A HREF="dccifd.html">dccifd(8)</A></B>, <B><A HREF="dccproc.html">dccproc(8)</A></B>,
+<B><A HREF="dccsight.html">dccsight(8)</A></B>, <B>sendmail(8)</B>.
+</PRE>
+<H2><A NAME="HISTORY">HISTORY</A></H2><PRE>
+Distributed Checksum Clearinghouses are based on an idea of Paul Vixie.
+Implementation of <B>dccm</B> was started at Rhyolite Software in 2000.  This
+document describes version 1.3.103.
+</PRE>
+<H2><A NAME="BUGS">BUGS</A></H2><PRE>
+<B>dccm</B> uses <B>-t</B> where <B><A HREF="dccproc.html">dccproc(8)</A></B> uses <B>-c</B>.
+Systems without <B>setrlimit(2)</B> and <B>getrlimit(2)</B> RLIMIT_NOFILE can have
+problems with the default limit on the number of simultaneous jobs, the
+value of <B>-j</B>.  Every job requires four open files.  These problems are
+usually seen with errors messages that say something like
+dccm[24448]: DCC: accept() returned invalid socket
+A fix is to use a smaller value for <B>-j</B> or to allow <B>dccm</B> to open more
+files.  Sendmail version 8.13 and later can be told to poll() instead of
+select with SM_CONF_POLL.  Some older versions of sendmail knew about
+FFR_USE_POLL.  One of the following lines in your devtools/Site/site.con-
+fig.m4 file can help:
+APPENDDEF(`conf_libmilter_ENVDEF', `-DSM_CONF_POLL')
+APPENDDEF(`conf_libmilter_ENVDEF', `-DFFR_USE_POLL')
+On many systems with sendmail 8.11.3 and preceding, a bug in the sendmail
+milter mechanism causes <B>dccm</B> to die with a core file when given a signal.
+February 26, 2009
+</PRE>
+<HR>
+<ADDRESS>
+Man(1) output converted with
+<a href="http://www.oac.uci.edu/indiv/ehood/man2html.html">man2html</a>
+modified for the DCC $Date 2001/04/29 03:22:18 $
+<BR>
+<A HREF="http://www.dcc-servers.net/dcc/">
+<IMG SRC="http://logos.dcc-servers.net/border.png"
+class=logo ALT="DCC logo">
+</A>
+<A HREF="http://validator.w3.org/check?uri=referer">
+<IMG class=logo ALT="Valid HTML 4.01 Strict"
+SRC="http://www.w3.org/Icons/valid-html401">
+</A>
+</ADDRESS>
+</BODY>
+</HTML>

Mercurial > notdcc

comparison dccm.html.in @ 0:c7f6b056b673