Mercurial > notdcc
diff INSTALL.html.in @ 0:c7f6b056b673
First import of vendor version
| author | Peter Gervai <grin@grin.hu> |
|---|---|
| date | Tue, 10 Mar 2009 13:49:58 +0100 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/INSTALL.html.in Tue Mar 10 13:49:58 2009 +0100 @@ -0,0 +1,980 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> +<HTML> +<HEAD> + <TITLE>DCC Installation</TITLE> + <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> + <META HTTP-EQUIV="Content-Style-Type" content="text/css"> + <STYLE type="text/css"> + <!-- + BODY {background-color:white; color:black} + TABLE.centered {margin-left: auto; margin-right: auto; } + TD {font-size:80%} + TD.env {font-family:monospace} + TD.conf {font-family:monospace} + DL.compat {margin-left:5%; margin-right:10%} + .small {font-size:smaller} + SUP {font-size:smallest} + IMG.logo {width:6em; vertical-align:middle} + --> + </STYLE> +</HEAD> + +<BODY> +<H1>Distributed Checksum Clearinghouse (DCC) Installation</H1> + +<P> +<OL> +<LI><H3>Fetch the Source and Read the License</H3> +The DCC source is available at +<A HREF="http://www.dcc-servers.net/dcc/">dcc-servers.net</A> +and +<A HREF="http://www.rhyolite.com/dcc/">Rhyolite Software</A>. +<P> +Please <EM>do not</EM> try to use the more than 3 year old modified +versions of DCC software distributed by some Linux packagers. +Those versions do not detect bulk mail as well as more recent versions. +Installations using those old versions also have problems using the +public DCC servers that often make it necessary to add their IP addresses +to the blacklist that protects the public DCC servers. +Even worse, all known Linux redistributions of DCC software have been +changed in ways that break things, including the +<A HREF="misc/updatedcc.in">libexec/updatedcc</A> shell script that could +otherwise be used to fetch, configure, compile, install, and restart +a current version. +<P> +The license on the free source is in the source as well as +<A HREF="http://www.dcc-servers.net/dcc/dcc-tree/LICENSE">dcc-servers.net</A> +and +<A HREF="http://www.rhyolite.com/dcc/dcc-tree/LICENSE">Rhyolite +Software</A>. +The free license is intended to cover individuals and organizations +including Internet service providers using DCC to filter their own mail. +Organizations selling anti-spam appliances or managed mail services are +not eligible for the free license. + + +<P><LI><H3>Read the Documentation</H3> +<P> +The <A HREF="dcc.html#Installation-Considerations">DCC</A> +and other man pages describe the features, operating modes, +required data files, and other characteristics of the DCC. +Also see the DCC <A HREF=FAQ.html>FAQ</A> +or list of frequently answered questions. + + +<P><LI><H3><A NAME="step-sendmail">Build Sendmail</A></H3> +If the DCC-sendmail interface, <A HREF="dccm.html">dccm</A>, is not used, +then <B>skip</B> to the <A HREF="#step-compile">next step</A>. +<P> +Sendmail must have the +Mail Filter API or Milter enabled. +Some systems such a FreeBSD 4.6 and newer are shipped with +Milter enabled and the library installed by default. +If your system comes with the Milter interface turn on, +then <B>skip</B> to the <A HREF="#step-compile">next step</A>. +Otherwise, the Milter interface must be explicitly enabled +by adding lines like those in +<A HREF="misc/site.config.m4">misc/site.config.m4</A> +to your sendmail/devtools/Site/site.config.m4 file or equivalent. +Then build sendmail as described in the INSTALL file distributed with sendmail. +You must build <CODE>libmilter</CODE> separately by something like +<PRE> + cd libmilter + sh ./Build +</PRE> +<P> +After sendmail has been rebuilt if necessary it will need to be restarted. +That should be done after <A HREF="#step-compile">the next step</A> +after <A HREF="misc/dcc.m4">misc/dcc.m4</A> has been created by the +<EM>./configure</EM> script. + + +<P><LI><H3><A NAME="step-compile">Configure, Build, and +Install the DCC Programs</A></H3> +<P> +See the installation considerations in the +<A HREF="dcc.html#Installation-Considerations">DCC man page</A>. +<P> +Most DCC files are in a "home directory" such as @prefix@. +DCC programs such as cdcc and dccproc are run by end +users and should be installed in a directory such as /usr/local/bin. +They must also be set-UID to the UID that can change the DCC +data files. +DCC programs that do not need to be run by end users +are installed by default in the libexec subdirectory of the DCC home directory. +See the <A HREF="#envtbl">table</A> of +<EM>./configure</EM> script and makefile parameters. +If necessary, set CFLAGS, LDFLAGS, LIBS or other environment variables +listed in the <A HREF="#envtbl">table</A>. +Omit any parameters you don't really need to change and usually use only: +<PRE> + ./configure + make install +</PRE> +<P> +End users installing only <A HREF="dccproc.html">dccproc</A> +can install it in their private +<Q>~/bin</Q> directories and use private directories for their DCC +home directories. +In this case, the DCC programs that would otherwise need to be set-UID +need not be. +<P> +To build <A HREF="dccproc.html">dccproc</A> +<A NAME="individual-user">for an individual user</A>, +use something like +<PRE> + ./configure <A HREF="#envtbl--disable-sys-inst">--disable-sys-inst</A> <A HREF="#envtbl--disable-dccm">--disable-dccm</A> <A HREF="#envtbl--homedir">--homedir=$HOME/dccdir</A> <A HREF="#envtbl--bindir">--bindir=$HOME/bin</A> + make install +</PRE> +<P> +The sendmail interface, <A HREF="dccm.html">dccm</A>, +must be built with the sendmail source and object tree. +By default, the makefiles look for a +native sendmail libraries (e.g. on FreeBSD 4.6), an installed "package" +(e.g. on FreeBSD), or a directory named sendmail parallel to the DCC +source and object tree. +Those who regularly build new versions of sendmail may find it convenient +to make a symbolic link there to their current sendmail. +Otherwise configure the dccm makefile with +<PRE> + ./configure <A HREF="#envtbl--with-sendmail">--with-sendmail</A>=/some/where/sendmail + make install +</PRE> +If dccm does not build because it cannot find libmilter, +check that libmilter was compiled with sendmail +in the <A HREF="#step-sendmail">previous step</A>. +<P> +To connect the sendmail Milter interface to <A HREF="dccm.html">dccm</A>, +copy or "sym-link" <A HREF="misc/dcc.m4">misc/dcc.m4</A> to +your sendmail/cf/feature directory and +add <CODE>FEATURE(dcc)</CODE> lines to your sendmail.mc configuration file. +Then rebuild and reinstall your sendmail.cf file, and restart sendmail. + + +<P><LI><H3>Create Client Configuration Files</H3> +All DCC configuration files are in the DCC home directory, usually @prefix@. +See the +<A HREF="dcc.html#Client-Installation">dcc</A>, +<A HREF="dccm.html#FILES">dccm</A>, +<A HREF="dccifd.html#FILES">dccifd</A>, +and <A HREF="dccproc.html#FILES">dccproc</A> +man pages +for the files each needs. +Example files are in the <A HREF="homedir/">homedir</A> directory in the source. + +<UL> +<LI>Unless run anonymously, DCC clients need client-ID numbers and passwords +assigned by the operators of the chosen DCC servers in the @prefix@/map file. +<LI><P>Even if run anonymously, the @prefix@/map file must contain the IP addresses +of DCC servers. +If your mail system handles fewer than 100,000 mail messages per day, +the installation process generates a serviceable @prefix@/map file +from the included <A HREF="homedir/map.txt">homedir/map.txt</A>. +That file points to the public DCC servers. + +<LI><P>If using remote DCC servers such as the public DCC servers, +ensure that your firewalls allow outgoing packets to UDP port 6277 +on distant systems and incoming responses from UDP port 6277. +There is a +<A HREF="http://www.dcc-servers.net/dcc/firewall.html">description</A> +one firewall's configuration. + +<LI><P>Your MX servers and mail submission clients should be listed in the main +<A NAME=whitelist HREF="homedir/whiteclnt">whiteclnt</A> file with lines like: +<PRE> + mx ip 10.2.3.4 + mx ip 10.5.6.0/28 + mxdcc ip 10.5.6.0/28 + ok ip 10.7.8.9 + submit ip 192.168.1.0/24 +</PRE> +If those other systems also run DCC clients, use <EM>MXDCC</EM> instead +of <EM>MX</EM> so that messages will not be reported twice to the DCC network +and so have higher target counts, +and appear to be unsolicited bulk mail. +<P> +Use <EM>OK</EM> for mail systems that you trust to never send or +forward unsolicited bulk mail. +<P> +Untrusted SMTP clients such as end users with browsers used as +MUAs (mail user agents) should be listed in the +<A HREF="homedir/whiteclnt">whiteclnt</A> file with <EM>submit</EM>. + +<LI><P>Sources of legitimate bulk mail must be recorded in whitelists. +Example <A HREF="homedir/whiteclnt">whiteclnt</A>, +<A HREF="homedir/whitelist">whitelist</A>, and +<A HREF="homedir/whitecommon">common</A> whitelists are among +the <A HREF="homedir/">sample configuration files</A> in the homedir directory. +The format of DCC whitelists is described in the +<A HREF="dcc.html#White-and-Blacklists">DCC</A> man page. + +<LI><P>Put suitable values in the DCC configuration file, +<A HREF="homedir/dcc_conf.in">@prefix@/dcc_conf</A> for dccm or dccifd. +The default client values are usually good for a start and often only +DCCM_REJECT_AT needs to be changed when it is time to reject spam. + +<LI><P>Optionally configure DNS blacklist (DNSBL) checks in +<A HREF="dccm.html#OPTION-B">dccm</A> +or +<A HREF="dccifd.html#OPTION-B">dccifd</A> +by setting DNSBL_ARGS in in the configuration file, +<A HREF="homedir/dcc_conf.in">dcc_conf</A>, in the home directory. + + +<LI><P>Optionally create per-user directories for logs and whitelists. +See also the +<A HREF="cgi-bin/">CGI scripts</A> that allow users to +maintain their private whitelists +and monitor their individual logs of rejected mail. + +<LI><P>Install a daily or more frequent cron job like +<A HREF="misc/crontab.in">misc/crontab</A> +and +<A HREF="misc/cron-dccd.in">@libexecdir@/cron-dccd</A> +to prune <A HREF="dccm.html#FILE-logdir">dccm</A> or +<A HREF="dccifd.html#FILE-logdir">dccifd</A> +log files and the prune dccd database with +<A HREF="dbclean.html">dbclean</A>. +</UL> + +<P><LI><H3>Create Server Files and Start the Server</H3> +<B><A HREF="#step-greylist">Skip</A></B> this and the next step +if only remote DCC servers will be used. +You should use your own, local DCC servers if your mail system handles +more than 100,000 mail messages per day. +<P> +It is best to use remote servers until the DCC client, +dccm, dccifd, or dccproc, is stable. +Then +<UL> +<LI>Put suitable values for dccd + in the configuration file, +<A HREF="homedir/dcc_conf.in">dcc_conf</A>. +Every DCC server requires a unique +<A HREF="dcc.html#Client-and-Server-IDs">server-ID</A>. +Obtain a server-ID by contacting Vernon Schryver +<A HREF="mailto:vjs@rhyolite.com">vjs@rhyolite.com</A> by email +or via a +<A HREF="http://www.rhyolite.com/cgi-bin/ct.cgi?sb=DCC+server-ID">web +form</A>. + +<LI><P>Choose a secret password for your server-ID in your +<A HREF="homedir/ids">@prefix@/ids file</A>. +This password can be used to control your server remotely. + +<LI><P>Start the server with the system by installing +<A HREF="misc/rcDCC.in">@libexecdir@/rcDCC</A> or an equivalent. +If it is used unchanged, rcDCC is best installed with a symbolic link +to automate installing updates. +The server can be started manually with +<PRE> + rcDCC start +</PRE> + +<LI><P>The script +<A NAME=cleaning HREF="misc/cron-dccd.in">@libexecdir@/cron-dccd</A> +<EM>must</EM> be used to run +<A HREF="dbclean.html">dbclean</A> about once a day. +An entry like <A HREF="misc/crontab.in">misc/crontab</A> can be put into +the crontab file for the user that runs dccd. +If you have more than one DCC server, +stagger the times at which the cron job is run so +that not all of your servers are simultaneously busy cleaning databases. + +<LI><P>Install the shutdown script +<A HREF="misc/rcDCC.in">@libexecdir@/rcDCC</A> +to shut down the DCC server as the operating system stops. +If the DCC server fails to close the database cleanly, +the database must be cleaned by the server with it starts. +That takes time. + +</UL> + + + +<P><LI><H3><A NAME="step-flooding">Configure Flooding</A></H3> +<A HREF="#step-greylist">Skip to the next step</A> +if only remote DCC servers will be used. +<P> +Flooding requires that every server participating in a network of DCC +servers have a unique server-ID. +Server-IDs can be obtained by contacting Vernon Schryver +<A HREF="mailto:vjs@rhyolite.com">vjs@rhyolite.com</A> by email +or via a +<A HREF="http://www.rhyolite.com/cgi-bin/ct.cgi?sb=DCC+server-ID">web +form</A>. +<P> +After you have an official server-ID, +<UL> +<LI>Obtain the <A HREF="dccd.html#FILE-flod">passwd-ID</A> and its password +and add them to your <A HREF="homedir/ids">@prefix@/ids file</A>. +<LI>If necessary adjust your firewalls to allow both incoming TCP connections +to port 6277 on your DCC server and outgoing TCP connections to port 6277 +on your flooding peer. +<LI>Add a line for each flooding peer to +the <A HREF="dccd.html#FILE-flod">@prefix@/flod</A> file. +<LI>Wait a few minutes for dccd to notice the change to the file +and start flooding. +The <A HREF="cdcc.html#OPERATION-stats">cdcc stats</A>, +<A HREF="cdcc.html#OPERATION-flood-list">cdcc "id X; flood list"</A> +and +<A HREF="dblist.html#OPTION-H">@libexecdir@/dblist -Hv</A> +commands can be used to monitor the floods of reports of checksums +of bulk mail. +</UL> +<P> +Flooded reports of bulk email contain timestamps that are used for several +things including expiring old reports. +To accurately detect stale incoming reports, +a DCC server needs a clock that is not too inaccurate. +For that reason it is good to run an NTP daemon on systems running DCC servers. + +<P><LI><H3><A NAME="step-greylist">Configure Greylisting</A></H3> +<B>Skip</B> to the <A HREF="#step-start-dccm">next step</A> +if greylisting will not be used. +Greylist is very effective. +See this +<A HREF="http://www.dcc-servers.net/dcc/greylist.html">description</A>. +<P> +Larger sites can use more than one greylist server, +with the greylist servers flooding data just like DCC servers. +<P> +To configure greylisting: +<OL> +<LI><H4>Assign greylist client- and server-IDs</H4> +<P>Client-IDs and matching passwords must be used by clients of +greylist servers such as dccm and dccifd. +The client-IDs must be in the @prefix@/map file on the client system. +Greylist client- and server-IDs must be in the +<A HREF="homedir/ids">@prefix@/ids</A> file on the +greylist server. +When a system hosts both DCC and greylist servers, it is convenient +for clients to use the same client-ID and password for both. +It is also convenient for a greylist server and a DCC server on a system +to share a common server-ID and password. +<P> +The vast majority of installations, which do not have local DCC servers, +can use the greylist server-ID generated by the makefiles in the +<A HREF="homedir/ids">@prefix@/ids</A> file. + +<P><LI><H4>Add the greylist server to @prefix@/map</H4> +<P>If the +cdcc "<A HREF="cdcc.html#OPERATION-info">info</A>" +command does not show the correct greylist server, +add it with something like +<PRE> + cdcc "<A HREF="cdcc.html#OPERATION-add">add localhost greylist 32768 secret"</A> +</PRE> +The DCC makefile files add a greylist server at localhost or 127.0.0.1 +to <A HREF="cdcc.html#FILES">@prefix@/map</A> file created for a new +DCC installation. + +<P><LI><H4>Set @prefix@/dcc_conf</H4> +In most installations, enable a local greylist server by +installing the script <A HREF="misc/rcDCC.in">@libexecdir@/rcDCC</A> +with a symbolic link, +setting <EM>GREY_ENABLE=on</EM> in @prefix@/dcc_conf +and then running +<PRE> + <A HREF="misc/rcDCC.in">@libexecdir@/rcDCC</A> start +</PRE> + +<P>If absolutely necessary, override the greylist +<A HREF="dccd.html#OPTION-G">embargo, wait, and white</A> values +in GREY_DCCD_ARGS in @prefix@/dcc_conf. +Usually simply set GREY_CLIENT_ARGS=on + +<P><LI><H4>Set @prefix@/grey_flod</H4> +<P> +Sites with more than one greylist server should arrange to flood +data among them by adding lines to +<A HREF="dccd.html#FILE-grey_flod">@prefix@/grey_flod</A> files +in the same format as +<A HREF="dccd.html#FILE-flod">@prefix@/flod</A> files. +Flooding among greylist servers uses port 6276 by default, and so that +port may need to be opened in firewalls. + +<P><LI><H4>Set cron job</H4> +<P> +Install a daily cron job like +<A HREF="misc/crontab.in">misc/crontab</A> +and +<A HREF="misc/cron-dccd.in">@libexecdir@/cron-dccd</A> +to clean the database. +<P> + +<P><LI><H4>Whitelist Mail Submission Clients</H4> +<P> +Greylisting of local mail systems must be turned off because common +mail user agents (MUAs) cannot handle temporary rejections. +One way to turn off greylisting of local client is with <EM>submit</EM> lines +in the main <A HREF="homedir/whiteclnt">whiteclnt</A> file +as described <A HREF="#whitelist">above</A>. +<P> +An alternative to whitelisting mail submission clients is available with +<A HREF="dccm.html">dccm</A> and sendmail by using the +<A HREF="misc/hackmc">misc/hackmc -T</A> +script to modify sendmail.cf to trust SMTP clients authenticated with +SMTP-TLS or SMTP-AUTH. + +</OL> + + + +<P><LI><H3><A NAME="step-start-dccm">Start dccm</A></H3> +If the DCC-sendmail interface, dccm, is not used, +<B>skip</B> to the <A HREF="#step-start-dccifd">next step</A>. +<P> +The DCC sendmail milter interface <A HREF="dccm.html">dccm</A> +should be started before sendmail. +That often requires changing an /etc/rc script or configuration file. +The script <A HREF="misc/rcDCC.in">@libexecdir@/rcDCC</A> +should be installed, best with a symbolic link. +The milter daemon can be started manually with +<PRE> + rcDCC start +</PRE> + + + +<P><LI><H3><A NAME="step-start-dccifd">Start dccifd</A></H3> +If the general MTA interface, dccifd, is not used, +<B>skip</B> to the <A HREF="#configure-dccproc">next step</A>. +If you are using SpamAssassin, then you almost certainly +should be using dccifd. +<P> +The general MTA interface <A HREF="dccifd.html">dccifd</A> +should usually be started before the mail transfer agent or MTA. +It should be enabled by setting <EM>DCCIFD_ENABLE=on</EM> +in <A HREF="homedir/dcc_conf.in">dcc_conf</A>. +It is also usually necessary to change an /etc/rc script or configuration file +to start and stop the daemon with the system. +The script <A HREF="misc/rcDCC.in">@libexecdir@/rcDCC</A> +should be installed, best with a symbolic link. +The daemon can be started manually with +<PRE> + rcDCC start +</PRE> +<P> +Dccifd can be used as a +<A HREF="http://www.postfix.org/SMTPD_PROXY_README.html">Postfix Before-Queue +Content filter</A> +as described the +<A HREF="dccifd.html#EXAMPLES">dccifd documentation</A>. + + +<P><LI><H3><A NAME="configure-dccproc">Configure Uses of dccproc</A></H3> +If dccproc is used with procmail, +add rules to procmailrc files as described in the +<A HREF="dccproc.html#EXAMPLES">dccproc man page</A>. + +<P><LI><H3>Adjust Rejection Thresholds</H3> +<P>It is best to only mark mail with X-DCC SMTP headers +before changing procmail or dccm to reject mail. +Configure dccm with DCCM_LOG_AT in <A HREF="homedir/dcc_conf.in">dcc_conf</A> +to log bulk mail with somewhat lower counts. + + +<P><LI><H3>Additional Considerations</H3> +<P>Some additional mechanisms are available in the DCC client programs. +They are often unnecessary when +<A HREF="#step-greylist">greylisting</A> is used. +<UL> +<LI><A HREF="dccm.html#OPTION-B">DNS blacklists (DNSBL)</A> +can reject messages containing "spamvertised" URLs. +<LI><A HREF="dccm.html#OPTION-t">DCC reputations</A> +are available in the commercial version of the DCC source. +</UL> + +<P> +When possible, it is almost always better to use dccifd than dccproc. +This is certainly true with SpamAssassin. + + + +<P><LI><H3>Update As Needed</H3> +<P>New versions released at the +<A HREF="http://www.dcc-servers.net/dcc/">usual place</A> +can be installed by running the +<A HREF="misc/updatedcc.in">@libexecdir@/updatedcc</A> script. +That script is (re)built by the +<EM>./configure</EM> script +and runs <EM>./configure</EM> with parameters and +environment variables from the previous installation. + + + +<P><LI><H3>Remove or Uninstall</H3> +<P>Most of the DCC can be removed by running +<A HREF="misc/uninstalldcc.in">@libexecdir@/uninstalldcc</A> script. +Some logs and configuration files with locally chosen parameters in the home +directory are not deleted. +Manual changes such as links to +<A HREF="misc/rcDCC.in">@libexecdir@/rcDCC</A> +or the installation of the cron job, +<A HREF="misc/cron-dccd.in">@libexecdir@/cron-dccd</A>, +are not reversed. + + +</OL> + + + +<H2>Installation Parameters</H2> +<P>There are several installation configuration parameters that can +set to suit individual preferences and systems. + +<P> +<TABLE class=centered border="1" cellpadding="2%" frame=void rules=rows + summary="table of makefile and configure script controls"> +<CAPTION><A NAME="envtbl"> + <B>Makefile and <EM>./configure</EM> Script Controls + <BR>Do NOT set these parameters unless absolutely necessary.</B></A> +</CAPTION> +<TR><TH><EM>./configure</EM> option + <TH>env name or <br>make variable + <TH>used by + <TH>default value + <TH>use +<TR><TD class=env><A NAME="envtbl--homedir">--homedir=HOMEDIR</A> + <TD> + <TD><EM>./configure</EM> + <TD>@prefix@/ + <TD>DCC home directory with most DCC files +<TR><TD class=env><A NAME="envtbl--libexecdir">--libexecdir=DIR</A> + <TD> + <TD><EM>./configure</EM> + <TD><A HREF="#envtbl--homedir">--homedir</A>/libexec + <TD>directory containing most DCC programs +<TR><TD class=env><A NAME="envtbl--bindir">--bindir</A>=DIR + <TD> + <TD><EM>./configure</EM> + <TD>/usr/local/bin + <TD>installation directory for DCC user commands including cdcc and + dccproc<SUP>3</SUP> +<TR><TD class=env>--mandir=DIR + <TD>  + <TD><EM>./configure</EM> + <TD>/usr/local/man + <TD>installation directory for man pages<SUP>3</SUP> +<TR><TD class=env> + <TD class=conf>NOMAN<SUP>1</SUP> + <TD>make + <TD>(unset) + <TD>do not install man pages when set<SUP>3</SUP> +<TR><TD class=env><A NAME="envtbl--installroot">--with-installroot=DIR</A> + <TD> + <TD><EM>./configure</EM> + <TD>(unset) + <TD>prefix all installation directory paths to build a binary tarball +<TR><TD class=env><A NAME="envtbl--configsuffix">--with-configsuffix=str</A> + <TD> + <TD><EM>./configure</EM> + <TD>(unset) + <TD>append <EM>str</EM> to generated configuration file names +<TR><TD class=env><A NAME="envtbl--with-uid">--with-uid=UID</A> + <TD> + <TD><EM>./configure</EM> + <TD>root + <TD>user name and set-UID for DCC programs and data +<TR><TD class=env> + <TD class=conf><A NAME="envtbl-DCC_OWN">DCC_OWN</A><SUP>1</SUP> + <TD>make + <TD>bin, daemon on OS X, or current + <TD>owner or UID of most installed files<SUP>3</SUP> +<TR><TD class=env> + <TD class=conf><A NAME="envtbl-DCC_GRP">DCC_GRP</A><SUP>1</SUP> + <TD>make + <TD>bin, daemon on OS X, or current + <TD>group of most installed files<SUP>3</SUP> +<TR><TD class=env> + <TD class=conf>DCC_MODE<SUP>1</SUP> + <TD>make + <TD>555 + <TD>mode of most installed programs +<TR><TD class=env> + <TD class=conf>MANOWN<SUP>1</SUP> + <TD>make + <TD><A HREF="#envtbl-DCC_OWN">DCC_OWN</A> + or current + <TD>owner or UID of installed man pages<SUP>3</SUP> +<TR><TD class=env> + <TD class=conf>MANGRP<SUP>1</SUP> + <TD>make + <TD><A HREF="#envtbl-DCC_GRP">DCC_GRP</A> + or current + <TD>group of installed man pages<SUP>3</SUP> +<TR><TD class=env><A NAME="envtbl--disable-sys-inst">--disable-sys-inst</A> + <TD> + <TD><EM>./configure</EM> + <TD>enabled + <TD>disable system installation or chmod, chgrp, and set-UID<SUP>3</SUP> +<TR><TD class=env><A NAME="envtbl--disable-server">--disable-server</A> + <TD> + <TD><EM>./configure</EM> + <TD>build but do not start + <TD>do not build server including dbclean and dccd +<TR><TD class=env><A NAME="envtbl--disable-dccifd">--disable-dccifd</A> + <TD> + <TD><EM>./configure</EM> + <TD>build but do not start + <TD>do not build program interface +<TR><TD class=env><A NAME="envtbl--disable-dccm">--disable-dccm</A> + <TD> + <TD><EM>./configure</EM> + <TD>build but do not start + <TD>do not build sendmail interface +<TR><TD class=env><A NAME="envtbl--with-sendmail">--with-sendmail=DIR</A> + <TD> + <TD><EM>./configure</EM> + <TD>../sendmail or /usr/ports/mail/... + <TD>directory containing sendmail milter header files +<TR><TD class=env><A NAME="envtbl--cgibin">--with-cgibin</A>=DIR + <TD> + <TD><EM>./configure</EM> + <TD><A HREF="#envtbl--homedir">--homedir</A>/cgi-bin + <TD>directory for DCC whitelist <A HREF="cgi-bin/">CGI scripts</A> +<TR><TD class=env>--with-rundir=DIR + <TD> + <TD><EM>./configure</EM> + <TD>@dcc_rundir@ + <TD>"run" directory for PIDs and sockets +<TR><TD class=env> + <TD class=conf>CFLAGS<SUP>1</SUP> + <TD>make & <EM>./configure</EM> + <TD> + <TD>global compiler options such as -g or -O2 +<TR><TD class=env> + <TD class=conf>DCC_CFLAGS<SUP>2</SUP> + <TD><EM>./configure</EM> + <TD>depends on target + <TD>global compiler options +<TR><TD class=env> + <TD class=conf>PTHREAD_CFLAGS<SUP>2</SUP> + <TD><EM>./configure</EM> + <TD>depends on target + <TD>compiler options for compiling dccm and dccifd with pthreads +<TR><TD class=env> + <TD class=conf>LDFLAGS<SUP>1</SUP> + <TD>make & <EM>./configure</EM> + <TD> + <TD>global linker options +<TR><TD class=env> + <TD class=conf><A NAME="envtbl-DCC_LDFLAGS">DCC_LDFLAGS</A><SUP>2</SUP> + <TD><EM>./configure</EM> + <TD>depends on target + <TD>global linker options +<TR><TD class=env> + <TD class=conf>PTHREAD_LDFLAGS<SUP>2</SUP> + <TD><EM>./configure</EM> + <TD>depends on target + <TD>linker options for dccm and dccifd +<TR><TD class=env> + <TD class=conf><A NAME="envtbl-LIBS">LIBS</A><SUP>2</SUP> + <TD><EM>./configure</EM> + <TD> + <TD>additional libraries linked with all programs +<TR><TD class=env> + <TD class=conf>PTHREAD_LIBS<SUP>2</SUP> + <TD><EM>./configure</EM> + <TD>depends on target + <TD>libraries for dccm and dccifd +<TR><TD class=env> + <TD class=conf>CC + <TD>make & <EM>./configure</EM> + <TD>cc + <TD>C compiler such as "gcc" or "/opt/SUNWspro/SC6.1/bin/cc" +<TR><TD class=env> + <TD class=conf>INSTALL<SUP>1</SUP> + <TD>make + <TD><A HREF="autoconf/install-sh">./autoconf/install-sh</A> + <TD>installation script +<TR><TD class=env> + <TD class=conf>DCCD_MAX_FLOODS<SUP>1</SUP> + <TD>make + <TD>32 + <TD>maximum DCC server flooding peers +<TR><TD class=env><A NAME="envtbl--with-db-memory">--with-db-memory=MB</A> + <TD> + <TD><EM>./configure</EM> + <TD>64 + <TD>minimum server database buffer size between 32 MBytes and 49152 MBytes + <!-- DB_MIN_MBYTE --> +<TR><TD class=env><A NAME="envtbl--with-max-db-mem">--with-max-db-mem=MB</A> + <TD> + <TD><EM>./configure</EM> + <TD>1920 <!--DB_MAX_2G_MBYTE--> on 32-bit systems + <BR>49152 <!--MAX_MAX_DB_MBYTE--> on 64-bit systems + <TD>maximum server database buffer size + <!-- DB_MAX_MBYTE --> +<TR><TD class=env><A NAME="envtbl--with-max-log-size">--with-max-log-size=KB</A> + <TD> + <TD><EM>./configure</EM> + <TD>32 + <TD>maximum dccifd and dccm log file size in KBytes; 0=no limit +<TR><TD class=env><A NAME="envtbl--disable-IPv6">--without-IPv6</A> + <TD> + <TD><EM>./configure</EM> + <TD>IPV6 on if supported + <TD>turn off IPv6 support +<TR><TD class=env><A NAME="envtbl--with-socks">--with-socks[=lib]</A> + <TD> + <TD><EM>./configure</EM> + <TD>none + <TD>location of <A HREF="#SOCKS">SOCKS</A> client library +<TR><TD class=env><A NAME="envtbl--64bits">--enable-64-bits</A> + <TD> + <TD><EM>./configure</EM> + <TD>correct value on most systems + <BR>32 bits Solaris and Linux PowerPC + <TD>use MD5 code in DCC source instead of any local library +<TR><TD class=env><A NAME="envtbl--with-DCC-MD5">--with-DCC-MD5</A> + <TD> + <TD><EM>./configure</EM> + <TD>local library if available; + <TD>use MD5 code in DCC source instead of any local library +<TR><TD class=env><A NAME="envtbl--with-kludge">--with-kludge=FILE</A> + <TD> + <TD><EM>./configure</EM> + <TD>none + <TD>include header FILE, best with an absolute path +<TR><TD class=env><A NAME="envtbl--fetch-cmd">--with-fetch-cmd=pgm</A> + <TD> + <TD><EM>./configure</EM> + <TD>wget, fetch, curl, or ftp + <TD>program used by + <A HREF="misc/updatedcc.in">@libexecdir@/updatedcc</A>, + and other utilities to fetch files +<TR><TD> +</TABLE> + +<DL class=small> +<DT>Note<SUP>1</SUP> +<DD>These values are not built into the Makefiles by the +<EM>./configure</EM> script but their current values in the environment +are used by the script and the Makefiles. + +<DT>Note<SUP>2</SUP> +<DD>These values are copied by the <EM>./configure</EM> script from the +environment into the generated Makefiles. + +<DT>Note<SUP>3</SUP> +<DD>When <A HREF="#envtbl--disable-sys-inst">--disable-sys-inst</A> +is specified, the current UID and GID become the defaults, +and the man pages are not installed. +If the <EM>./configure</EM> script is not run as root, +<A HREF="dccproc.html">dccproc</A>, <A HREF="cdcc.html">cdcc</A>, +and <A HREF="dccsight.html">dccsight</A> are not installed set-UID. +It is usually also necessary to set +<A HREF="#envtbl--bindir">--bindir</A> to a private directory such +as $HOME/bin. +</DL> + +<H2><A NAME="Compatibility">Compatibility</A></H2> +<P>DCC is thought to work on several systems including: +<DL class=compat> +<DT>BSDI BSD/OS +<DD>DCC works starting with version 3.0 of BSD/OS. + +<DT>FreeBSD +<DD>The works starting with at least version 4.0 of FreeBSD. + +<DT>NetBSD +<DD>The DCC should work starting with at least 1.4.2 without threads +and so with dccd, dccproc, and all of DCC except the part that uses +threads, dccm. +Dccm is available if you point PTHREAD_LIBS, PTHREAD_CFLAGS, and +PTHREAD_LDFLAGS to the optional threads package. + +<DT>OpenBSD +<DD>DCC works starting with at least 2.9 despite lame +the lame mmap() implementation. + +<DT>Linux +<DD>DCC works starting with at least RedHat 5.2. +<P> +On 64-bit PowerPC systems with more than 4 GBytes, +use <EM>./configure --with-64-bits</EM> to build a DCC server that can +benefit from a full sized database. +A 64-bit sendmail milter library will be needed if +<A HREF="dccm.html">Dccm</A> is used + +<DT>AIX +<DD>DCC on 4.1.PPC has been tried but not well tested. +Rumor has it that the 4.1.PPC pthreads code does not work +with the sendmail milter library and dccm, but the rest of +DCC does work. + +<DT>Solaris +<DD>DCC compiles on several versions of Solaris with gcc or +native C compiler by setting the environment variable CC appropriately. +<EM>You must install gmake</EM>. +<EM>Do not</EM> use "CFLAGS=-fast" with the native compiler. +<P> +While building the sendmail milter library, consider using +<EM>_FFR_USE_POLL</EM> to avoid problems with large file descriptors +and select(). +<P> +On 64-bit systems with more than 4 GBytes, +use <EM>./configure --with-64-bits</EM> to build a DCC server that can +benefit from a full sized database. +A 64-bit sendmail milter library will be needed if +<A HREF="dccm.html">Dccm</A> is used + +<DT>HP-UX +<DD>DCC compiles on versions of HP-UX starting with 11.00. +It requires gmake. Dccproc and dccm work. +Dccifd does not work with UNIX domain sockets because select() and +poll() do not notice the results of shutdown(). +Dccifd does work with TCP/IP connections to MTAs or spam filters. +<BR> +Dccproc should work on version 10.20, since it does not use pthreads. + +<DT>IRIX +<DD>DCC compiles on IRIX 6.5. +It requires gmake. + +<DT>OSF1 +<DD>DCC compiles on OSF1 V5.0 with gmake. + +<DT>OpenUNIX +<DD>DCC compiles on OpenUNIX 8.0.1. + +<DT>Mac OS/X +<DD>DCC compiles on at least some versions of Apple's OS/X. + +<DT>Windows +<DD>The DCC client dccproc compiles and works on at least some versions of +Windows 98 and Windows XP with Borland's free SDK +and with Microsoft's SDK. +See the <A HREF="win32.mak">main Makefile</A> for Windows. + + +</DL> +<P> +<SMALL>Those system names include trademarks. Please don't abuse them.</SMALL> + +<H2><A NAME="Troubleshooting">Troubleshooting</A></H2> +<P> +Much of the DCC <A HREF=FAQ.html>list of frequently asked questions</A> +concerns troubleshooting DCC installations. +Many of the messages in the archive of the +<A HREF="http://www.rhyolite.com/pipermail/dcc/">DCC mailing list</A> +are also troubleshooting questions and answers. + +<H2><A NAME="spam-traps"></A><A NAME="spamtraps">Spam Traps</A></H2> +<P><A HREF="dccm.html">Dccm</A> and sendmail can be configured to +report the checksums of unsolicited bulk mail so that other DCC clients +can reject later copies of the same unsolicited bulk mail +sent from other sources. +Such mechanisms are commonly called <EM>spam traps</EM>. + +<P>Entries in a sendmail access_db can also be rejected or discarded +while they are reported to the DCC server by dccm. +The script +<A HREF="misc/hackmc">misc/hackmc</A> modifies the output of +sendmail .mc files to tell dccm about some undesirable mail. +The script accepts one or more .mc files and generates the corresponding +slightly modified .cf files. +If the access_db entry starts with the string "DCC:", +the message is reported by dccm to the DCC server as extremely bulky. +Otherwise the message is rejected as usual. +The remainder of the the access_db entry after "DCC:" consists of +the optional string "DISCARD" followed by an optional SMTP status message. +If the string "DISCARD" is present, the message is discarded instead of +rejected. This is important to keep senders of unsolicited bulk mail from +discovering and removing "spam trap" addresses from their target lists. + +<P>For example, a line like the following in an access_db can +discard all mail from example.com while reporting it to the DCC server +as extremely bulky. + Note the quotes ("). +<PRE> + example.com DCC: "DISCARD spam" +</PRE> + +<P>It is also possible to route mail from a spam trap address to +dccproc as described in the +<A HREF="dccproc.html#EXAMPLES">dccproc man page</A> + + +<H2><A NAME="SOCKS">SOCKS</A></H2> +<P>The DCC client and server programs can be built to use the SOCKS +protocol. +The +<A HREF="#envtbl--with-socks">--with-socks</A> +<EM>./configure</EM> parameter +configures the DCC client library and the DCC server +to use common SOCKS network library functions. +If the SOCKS library is in a standard place, +something like <A HREF="#envtbl--with-socks">--with-socks=socks</A> +should be sufficient. +Setting the environment variable +<A HREF="#envtbl-DCC_LDFLAGS">DCC_LDFLAGS</A> to something +like <Em>-L/usr/local/lib</Em> is sometimes helpful. +Otherwise, using <A HREF="#envtbl--with-socks">--with-socks</A> +without specifying the library name and setting <A HREF="#envtbl-LIBS">LIBS</A> +to the full pathname of the library +might work. +<P> +DCC client programs +including dccproc and dccm that use the DCC client library +must be told to use the SOCKS5 protocol with the +<A HREF="cdcc.html#OPERATION-SOCKS">SOCKS on</A> +operation of +<A HREF="cdcc.html">cdcc</A>. +SOCKS5 is required instead of SOCKS4 +because DCC clients communicate with DCC servers using UDP. + +<P> +DCC servers can use SOCKS4 or SOCKS5 when exchanging +floods of reports of checksums. +Links between individual pairs of peers are configured with the +<Em>passive</Em> and <Em>SOCKS</Em> flags in the flod file described +in the <A HREF="dccd.html#FILE-flod">dccd</A> man page. +In both cases, the SOCKS library code must be configured, often +in the files /etc/socks.conf and /etc/socksd.conf. + +<P> +When the DCC software is built with SOCKS, +IPv6 name resolution is turned off. + +<P> +The DCC server and client programs have been tested with the +<A HREF="http://www.inet.no/dante/">DANTE</A> library and server. +The DANTE SOCKS implementation is also one of the FreeBSD "ports" +or packages. +<P> +Note that if a connection fails repeatedly, Dante will disable the rule +that failed and will eventually try the underlying connect() +call. +This fails in almost every SOCKS environment because there is +no available route for an ordinary connect(). +Dante by default won't re-enable the failing rule. +To fix this, change BADROUTE_EXPIRE from the default of <EM>0*60</EM> +to <EM>5</EM> in include/config.h in the Dante source and recompile. + + +<P class=small> +This document describes DCC version 1.3.103. +<P> +<A HREF="http://www.dcc-servers.net/dcc/"> + <IMG SRC="http://logos.dcc-servers.net/border.png" + class=logo ALT="DCC logo"> + </A> +<A HREF="http://validator.w3.org/check?uri=referer"> + <IMG class=logo ALT="Valid HTML 4.01 Strict" + SRC="http://www.w3.org/Icons/valid-html401"> + </A> +</BODY> +</HTML> +<!-- LocalWords: dccproc libmilter pthreads procmail dccm dccd dcc libmilter + --> +<!-- LocalWords: homedir dbclean whitelist setenv nbsp Solaris crontab Linux + --> +<!-- LocalWords: gmake FreeBSD NetBSD CFLAGS PTHREAD LDFLAGS LIBS HPUX IDs DT + --> +<!-- LocalWords: cdcc DL DD ids var RTT TD TR dccifd greylist MTA + --> +<!-- LocalWords: whitelisting + -->