Mercurial > notdcc
diff dccproc.html.in @ 0:c7f6b056b673
First import of vendor version
| author | Peter Gervai <grin@grin.hu> |
|---|---|
| date | Tue, 10 Mar 2009 13:49:58 +0100 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dccproc.html.in Tue Mar 10 13:49:58 2009 +0100 @@ -0,0 +1,434 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> +<HTML> +<HEAD> + <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> + <TITLE>dccproc.0.8</TITLE> + <META http-equiv="Content-Style-Type" content="text/css"> + <STYLE type="text/css"> + BODY {background-color:white; color:black} + ADDRESS {font-size:smaller} + IMG.logo {width:6em; vertical-align:middle} + </STYLE> +</HEAD> +<BODY> +<PRE> +<!-- Manpage converted by man2html 3.0.1 --> +<B><A HREF="dccproc.html">dccproc(8)</A></B> Distributed Checksum Clearinghouse <B><A HREF="dccproc.html">dccproc(8)</A></B> + + +</PRE> +<H2><A NAME="NAME">NAME</A></H2><PRE> + <B>dccproc</B> -- Distributed Checksum Clearinghouse Procmail Interface + + +</PRE> +<H2><A NAME="SYNOPSIS">SYNOPSIS</A></H2><PRE> + <B>dccproc</B> [<B>-VdAQCHER</B>] [<B>-h</B> <I>homedir</I>] [<B>-m</B> <I>map</I>] [<B>-w</B> <I>whiteclnt</I>] [<B>-T</B> <I>tmpdir</I>] + [<B>-a</B> <I>IP-address</I>] [<B>-f</B> <I>env</I><B>_</B><I>from</I>] [<B>-t</B> <I>targets</I>] [<B>-x</B> <I>exitcode</I>] + [<B>-c</B> <I>type,</I>[<I>log-thold,</I>]<I>rej-thold</I>] [<B>-g</B> [<I>not-</I>]<I>type</I>] [<B>-S</B> <I>header</I>] + [<B>-i</B> <I>infile</I>] [<B>-o</B> <I>outfile</I>] [<B>-l</B> <I>logdir</I>] [<B>-B</B> <I>dnsbl-option</I>] + [<B>-L</B> <I>ltype,facility.level</I>] + + +</PRE> +<H2><A NAME="DESCRIPTION">DESCRIPTION</A></H2><PRE> + <B>Dccproc</B> copies a complete SMTP message from standard input or a file to + standard output or another file. As it copies the message, it computes + the DCC checksums for the message, reports them to a DCC server, and adds + a header line to the message. Another program such as <B>procmail(1)</B> can + use the added header line to filter mail. Dccproc does not support any + thresholds of its own, because equivalent effects can be achieved with + regular expressions and you can apply dccproc several times using differ- + ent DCC servers and then score mail based what all of the DCC servers + say. + + Error messages are sent to stderr as well as the system log. Connect + stderr and stdout to the same file to see errors in context, but direct + stderr to /dev/null to keep DCC error messages out of the mail. The <B>-i</B> + option can also be used to separate the error messages. + + <B>Dccproc</B> sends reports of checksums related to mail received by DCC + clients and queries about the total number of reports of particular + checksums. A DCC server receives no mail, address, headers, or other + information, but only cryptographically secure checksums of such informa- + tion. A DCC server cannot determine the text or other information that + corresponds to the checksums it receives. It only acts as a clearing- + house of counts of checksums computed by clients. + + For the sake of privacy for even the checksums of private mail, the + checksums of senders of purely internal mail or other mail that is known + to not be unsolicited bulk can be listed in a whitelist to not be + reported to the DCC server. + + When <B>sendmail(8)</B> is used, <B><A HREF="dccm.html">dccm(8)</A></B> is a better DCC interface. <B><A HREF="dccifd.html">Dccifd(8)</A></B> + is more efficient than <B>dccproc</B> because it is a daemon, but that has costs + in complexity. See <B><A HREF="dccsight.html">dccsight(8)</A></B> for a way to use previously computed + checksums. + + <A NAME="OPTIONS"><B>OPTIONS</B></A> + The following options are available: + + <A NAME="OPTION-V"><B>-V</B></A> displays the version of the DCC <B>procmail(1)</B> interface. + + <A NAME="OPTION-d"><B>-d</B></A> enables debugging output from the DCC client software. Additional + <B>-d</B> options increase the number of messages. One causes error mes- + sages to be sent to STDERR as well as the system log. + + <A NAME="OPTION-A"><B>-A</B></A> adds to existing X-DCC headers (if any) of the brand of the current + server instead of replacing existing headers. + + <A NAME="OPTION-Q"><B>-Q</B></A> only queries the DCC server about the checksums of messages instead + of reporting and then querying. This is useful when <B>dccproc</B> is used + to filter mail that has already been reported to a DCC server by + another DCC client such as <B><A HREF="dccm.html">dccm(8)</A></B>. No single mail message should + be reported to a DCC server more than once per recipient. + + It is better to use <I>MXDCC</I> lines in the <B>-w</B> <I>whiteclnt</I> file for your MX + mail servers that use DCC than <B>-Q</B> + + <A NAME="OPTION-C"><B>-C</B></A> outputs only the X-DCC header and the checksums for the message. + + <A NAME="OPTION-H"><B>-H</B></A> outputs only the X-DCC header. + + <A NAME="OPTION-E"><B>-E</B></A> adds lines to the start of the log file turned on with <B>-l</B> and <B>-c</B> + describing what might have been the envelope of the message. The + information for the inferred envelope comes from arguments including + <B>-a</B> and headers in the message when <B>-R</B> is used. No lines are gener- + ated for which no information is available, such as the envelope + recipient. + + <A NAME="OPTION-R"><B>-R</B></A> says the first Received lines have the standard + "helo (name [address])..." format and the address is that of the + SMTP client that would otherwise be provided with <B>-a</B>. The <B>-a</B> option + should be used if the local SMTP server adds a Received line with + some other format or does not add a Received line. Received headers + specifying IP addresses marked <I>MX</I> or <I>MXDCC</I> in the <B>-w</B> <I>whiteclnt</I> file + are skipped. + + <A NAME="OPTION-h"><B>-h</B></A> <I>homedir</I> + overrides the default DCC home directory, <I>@prefix@</I>. + + <A NAME="OPTION-m"><B>-m</B></A> <I>map</I> + specifies a name or path of the memory mapped parameter file instead + of the default <I>map</I> in the DCC home directory. It should be created + with the <B>new map</B> operation of the <B><A HREF="cdcc.html">cdcc(8)</A></B> command. + + <A NAME="OPTION-w"><B>-w</B></A> <I>whiteclnt</I> + specifies an optional file containing SMTP client IP addresses and + SMTP headers of mail that do not need X-DCC headers and whose check- + sums should not be reported to the DCC server. It can also contain + checksums of spam. If the pathname is not absolute, it is relative + to the DCC home directory. Thus, individual users with private + whitelists usually specify them with absolute paths. Common + whitelists shared by users must be in the DCC home directory or one + of its subdirectories and owned by the set-UID user of <B>dccproc</B>. It + is useful to <I>include</I> a common or system-wide whitelist in private + lists. + + Because the contents of the <I>whiteclnt</I> file are used frequently, a + companion file is automatically created and maintained. It has the + same pathname but with an added suffix of <I>.dccw</I>. It contains a mem- + ory mapped hash table of the main file. + + <I>Option</I> lines can be used to modify many aspects of <B>dccproc</B> filter- + ing, as described in the main <B><A HREF="dcc.html">dcc(8)</A></B> man page. For example, an + <I>option</I> <I>spam-trap-accept</I> line turns off DCC filtering and reports the + message as spam. + + <A NAME="OPTION-T"><B>-T</B></A> <I>tmpdir</I> + changes the default directory for temporary files from the system + default. The system default is <I>/tmp</I>. + + <A NAME="OPTION-a"><B>-a</B></A> <I>IP-address</I> + specifies the IP address (not the host name) of the immediately pre- + vious SMTP client. It is often not available. <B>-a</B> <I>0.0.0.0</I> is + ignored. <B>-a</B>. The <B>-a</B> option should be used instead of <B>-R</B> if the + local SMTP server adds a Received line with some other format or + does not add a Received line. + + <A NAME="OPTION-f"><B>-f</B></A> <I>env</I><B>_</B><I>from</I> + specifies the RFC 821 envelope "Mail From" value with which the mes- + sage arrived. It is often not available. If <B>-f</B> is not present, the + contents of the first Return-Path: or UNIX style From_ header is + used. The <I>env</I><B>_</B><I>from</I> string is often but need not be bracketed with + "<>". + + <A NAME="OPTION-t"><B>-t</B></A> <I>targets</I> + specifies the number of addressees of the message if other than 1. + The string <I>many</I> instead of a number asserts that there were too many + addressees and that the message is unsolicited bulk email. + + <A NAME="OPTION-x"><B>-x</B></A> <I>exitcode</I> + specifies the code or status with which <B>dccproc</B> exits if the <B>-c</B> + thresholds are reached or the <B>-w</B> <I>whiteclnt</I> file blacklists the mes- + sage. + + The default value is EX_NOUSER. EX_NOUSER is 67 on many systems. + Use 0 to always exit successfully. + + <A NAME="OPTION-c"><B>-c</B></A> <I>type,</I>[<I>log-thold,</I>]<I>rej-thold</I> + sets logging and "spam" thresholds for checksum <I>type</I>. The checksum + types are <I>IP</I>, <I>env</I><B>_</B><I>From</I>, <I>From</I>, <I>Message-ID</I>, <I>substitute</I>, <I>Received</I>, + <I>Body</I>, <I>Fuz1</I>, <I>Fuz2</I>, <I>rep-total</I>, and <I>rep</I>. The first six, <I>IP</I> through + <I>substitute</I>, have no effect except when a local DCC server configured + with <B>-K</B> is used. The <I>substitute</I> thresholds apply to the first sub- + stitute heading encountered in the mail message. The string <I>ALL</I> + sets thresholds for all types, but is unlikely to be useful except + for setting logging thresholds. The string <I>CMN</I> specifies the com- + monly used checksums <I>Body</I>, <I>Fuz1</I>, and <I>Fuz2</I>. <I>Rej-thold</I> and <I>log-thold</I> + must be numbers, the string <I>NEVER</I>, or the string <I>MANY</I> indicating + millions of targets. Counts from the DCC server as large as the + threshold for any single type are taken as sufficient evidence that + the message should be logged or rejected. + + <I>Log-thold</I> is the threshold at which messages are logged. It can be + handy to log messages at a lower threshold to find solicited bulk + mail sources such as mailing lists. If no logging threshold is set, + only rejected mail and messages with complicated combinations of + white and blacklisting are logged. Messages that reach at least one + of their rejection thresholds are logged regardless of logging + thresholds. + + <I>Rej-thold</I> is the threshold at which messages are considered "bulk," + and so should be rejected or discarded if not whitelisted. + + DCC Reputation thresholds in the commercial version of the DCC are + controlled by thresholds on checksum types <I>rep</I> and <I>rep-total</I>. Mes- + sages from an IP address that the DCC database says has sent more + than <B>-t</B> <I>rep-total,log-thold</I> messages are logged. A DCC Reputation + is computed for messages received from IP addresses that have sent + more than <B>-t</B> <I>rep-total,log-thold</I> messages. The DCC Reputation of an + IP address is the percentage of its messages that have been detected + as bulk or having at least 10 recipients. The defaults are equiva- + lent to <B>-t</B> <I>rep,never</I> and <B>-t</B> <I>rep-total,never,20</I>. + + Bad DCC Reputations do not reject mail unless enabled by an <I>option</I> + <I>DCC-rep-on</I> line in a <I>whiteclnt</I> file. + + The checksums of locally whitelisted messages are not checked with + the DCC server and so only the number of targets of the current copy + of a whitelisted message are compared against the thresholds. + + The default is <I>ALL,NEVER</I>, so that nothing is discarded, rejected, or + logged. A common choice is <I>CMN,25,50</I> to reject or discard mail with + common bodies except as overridden by the whitelist of the DCC + server, the sendmail <I>${dcc</I><B>_</B><I>isspam}</I> and <I>${dcc</I><B>_</B><I>notspam}</I> macros, and + <B>-g</B>, and <B>-w</B>. + + <A NAME="OPTION-g"><B>-g</B></A> [<I>not-</I>]<I>type</I> + indicates that whitelisted, <I>OK</I> or <I>OK2</I>, counts from the DCC server + for a type of checksum are to be believed. They should be ignored + if prefixed with <I>not-</I>. <I>Type</I> is one of the same set of strings as + for <B>-c</B>. Only <I>IP</I>, <I>env</I><B>_</B><I>From</I>, and <I>From</I> are likely choices. By default + all three are honored, and hence the need for <I>not-</I>. + + <A NAME="OPTION-S"><B>-S</B></A> <I>hdr</I> + adds to the list of substitute or locally chosen headers that are + checked with the <B>-w</B> <I>whiteclnt</I> file and sent to the DCC server. The + checksum of the last header of type <I>hdr</I> found in the message is + checked. As many as 6 different substitute headers can be speci- + fied, but only the checksum of the first of the 6 will be sent to + the DCC server. + + <A NAME="OPTION-i"><B>-i</B></A> <I>infile</I> + specifies an input file for the entire message instead of standard + input. If not absolute, the pathname is interpreted relative to the + directory in which <B>dccproc</B> was started. + + <A NAME="OPTION-o"><B>-o</B></A> <I>outfile</I> + specifies an output file for the entire message including headers + instead of standard output. If not absolute, the pathname is inter- + preted relative to the directory in which <B>dccproc</B> was started. + + <A NAME="OPTION-l"><B>-l</B></A> <I>logdir</I> + specifies a directory for copies of messages whose checksum target + counts exceed <B>-c</B> thresholds. The format of each file is affected by + <B>-E</B>. + + See the FILES section below concerning the contents of the files. + See also the <I>option</I> <I>log-subdirectory-{day,hour,minute}</I> lines in + <I>whiteclnt</I> files described in <B><A HREF="dcc.html">dcc(8)</A></B>. + + The directory is relative to the DCC home directory if it is not + absolute + + <A NAME="OPTION-B"><B>-B</B></A> <I>dnsbl-option</I> + enables DNS blacklist checks of the SMTP client IP address, SMTP + envelope Mail_From sender domain name, and of host names in URLs in + the message body. Body URL blacklisting has too many false posi- + tives to use on abuse mailboxes. It is less effective than + greylisting with <B><A HREF="dccm.html">dccm(8)</A></B> or <B><A HREF="dccifd.html">dccifd(8)</A></B> but can be useful in situa- + tions where greylisting cannot be used. + + <I>Dnsbl-option</I> is either one of the <B>-B</B> <I>set:option</I> forms or + <B>-B</B> <I>domain</I>[<I>,IPaddr</I>[<I>/xx</I>[<I>,bltype</I>]]] + <I>Domain</I> is a DNS blacklist domain such as example.com that will be + searched. <I>IPaddr</I>[<I>/xxx</I>] is the string "any" an IP address in the DNS + blacklist that indicates that the mail message should be rejected, + or a CIDR block covering results from the DNS blacklist. + "127.0.0.2" is assumed if <I>IPaddr</I> is absent. IPv6 addresses can be + specified with the usual colon (:) notation. Names can be used + instead of numeric addresses. The type of DNS blacklist is speci- + fied by <I>bltype</I> as <I>name</I>, <I>IPv4</I>, or <I>IPv6</I>. Given an envelope sender + domain name or a domain name in a URL of spam.domain.org and a + blacklist of type <I>name</I>, spam.domain.org.example.com will be tried. + Blacklist types of <I>IPv4</I> and <I>IPv6</I> require that the domain name in a + URL sender address be resolved into an IPv4 or IPv6 address. The + address is then written as a reversed string of decimal octets to + check the DNS blacklist, as in 2.0.0.127.example.com, + + More than one blacklist can be specified and blacklists can be + grouped. All searching within a group is stopped at the first posi- + tive result. + + Unlike <B><A HREF="dccm.html">dccm(8)</A></B> and <B><A HREF="dccifd.html">dccifd(8)</A></B>, no <I>option</I> <I>DNSBL-on</I> line is required in + the <I>whiteclnt</I> file. A <B>-B</B> argument is sufficient to show that DNSBL + filtering is wanted by the <B>dccproc</B> user. + + <B>-B</B> <I>set:no-client</I> + says that SMTP client IP addresses and reverse DNS domain names + should not be checked in the following blacklists. + <B>-B</B> <I>set:client</I> restores the default for the following black- + lists. + + <B>-B</B> <I>set:no-mail</I><B>_</B><I>host</I> + says that SMTP envelope Mail_From sender domain names should + not be checked in the following blacklists. <B>-B</B> <I>set:mail</I><B>_</B><I>host</I> + restores the default. + + <B>-B</B> <I>set:no-URL</I> + says that URLs in the message body should not be checked in the + in the following blacklists. <B>-B</B> <I>set:URL</I> restores the default. + + <B>-B</B> <I>set:no-MX</I> + says MX servers of sender Mail_From domain names and host names + in URLs should not be checked in the following blacklists. + <B>-B</B> <I>set:MX</I> restores the default. + + <B>-B</B> <I>set:no-NS</I> + says DNS servers of sender Mail_From domain names and host + names in URLs should not be checked in the following black- + lists. <B>-B</B> <I>set:NS</I> restores the default. + + <B>-B</B> <I>set:defaults</I> + is equivalent to all of <B>-B</B> <I>set:no-temp-fail</I> <B>-B</B> <I>set:client</I> + <B>-B</B> <I>set:mail</I><B>_</B><I>host</I> <B>-B</B> <I>set:URL</I> <B>-B</B> <I>set:MX</I> and <B>-B</B> <I>set:NS</I> + + <B>-B</B> <I>set:group=X</I> + adds later DNS blacklists specified with + <B>-B</B> <I>domain</I>[<I>,IPaddr</I>[<I>/xx</I>[<I>,bltype</I>]]] + to group 1, 2, or 3. + + <B>-B</B> <I>set:debug=X</I> + sets the DNS blacklist logging level + + <B>-B</B> <I>set:msg-secs=S</I> + limits <B>dccproc</B> to <I>S</I> seconds total for checking all DNS black- + lists. The default is 25. + + <B>-B</B> <I>set:URL-secs=S</I> + limits <B>dccproc</B> to at most <I>S</I> seconds resolving and checking any + single URL. The default is 11. Some spam contains dozens of + URLs and that some "spamvertised" URLs contain host names that + need minutes to resolve. Busy mail systems cannot afford to + spend minutes checking each incoming mail message. + + <A NAME="OPTION-L"><B>-L</B></A> <I>ltype,facility.level</I> + specifies how messages should be logged. <I>Ltype</I> must be <I>error</I>, <I>info</I>, + or <I>off</I> to indicate which of the two types of messages are being con- + trolled or to turn off all <B>syslog(3)</B> messages from <B>dccproc</B>. <I>Level</I> + must be a <B>syslog(3)</B> level among <I>EMERG</I>, <I>ALERT</I>, <I>CRIT</I>, <I>ERR</I>, <I>WARNING</I>, + <I>NOTICE</I>, <I>INFO</I>, and <I>DEBUG</I>. <I>Facility</I> must be among <I>AUTH</I>, <I>AUTHPRIV</I>, + <I>CRON</I>, <I>DAEMON</I>, <I>FTP</I>, <I>KERN</I>, <I>LPR</I>, <I>MAIL</I>, <I>NEWS</I>, <I>USER</I>, <I>UUCP</I>, and <I>LOCAL0</I> + through <I>LOCAL7</I>. The default is equivalent to + <B>-L</B> <I>info,MAIL.NOTICE</I> <B>-L</B> <I>error,MAIL.ERR</I> + + <B>dccproc</B> exits with 0 on success and with the <B>-x</B> value if the <B>-c</B> thresh- + olds are reached or the <B>-w</B> <I>whiteclnt</I> file blacklists the message. If at + all possible, the input mail message is output to standard output or the + <A NAME="OPTION-o"><B>-o</B></A> <I>outfile</I> despite errors. If possible, error messages are put into the + system log instead of being mixed with the output mail message. The exit + status is zero for errors so that the mail message will not be rejected. + + If <B>dccproc</B> is run more than 500 times in fewer than 5000 seconds, <B>dccproc</B> + tries to start <B><A HREF="dccifd.html">Dccifd(8)</A></B>. The attempt is made at most once per hour. + Dccifd is significantly more efficient than <B>dccproc</B>. With luck, mecha- + nisms such as SpamAssassin will notice when dccifd is running and switch + to dccifd. + + +</PRE> +<H2><A NAME="FILES">FILES</A></H2><PRE> + <A NAME="FILE-@prefix@">@prefix@</A> DCC home directory in which other files are found. + <A NAME="FILE-map">map</A> memory mapped file in the DCC home directory of information + concerning DCC servers. + <A NAME="FILE-whiteclnt">whiteclnt</A> contains the client whitelist in the format described in + <B><A HREF="dcc.html">dcc(8)</A></B>. + <A NAME="FILE-whiteclnt.dccw">whiteclnt.dccw</A> + is a memory mapped hash table corresponding to the <I>whiteclnt</I> + file. + <A NAME="FILE-tmpdir">tmpdir</A> contains temporary files created and deleted as <B>dccproc</B> pro- + cesses the message. + <A NAME="FILE-logdir">logdir</A> is an optional directory specified with <B>-l</B> and containing + marked mail. Each file in the directory contains one message, + at least one of whose checksums reached one of its <B>-c</B> thresh- + olds. The entire body of the SMTP message including its + header is followed by the checksums for the message. + + +</PRE> +<H2><A NAME="EXAMPLES">EXAMPLES</A></H2><PRE> + The following <B>procmailrc(5)</B> rule adds an X-DCC header to passing mail + + :0 f + | /usr/local/bin/dccproc -ERw whiteclnt + + This <B>procmailrc(5)</B> recipe rejects mail with total counts of 10 or larger + for the commonly used checksums: + + :0 fW + | /usr/local/bin/dccproc -ERw whiteclnt -ccmn,10 + :0 e + { + EXITCODE=67 + :0 + /dev/null + } + + +</PRE> +<H2><A NAME="SEE-ALSO">SEE ALSO</A></H2><PRE> + <B><A HREF="cdcc.html">cdcc(8)</A></B>, <B><A HREF="dcc.html">dcc(8)</A></B>, <B><A HREF="dbclean.html">dbclean(8)</A></B>, <B><A HREF="dccd.html">dccd(8)</A></B>, <B><A HREF="dblist.html">dblist(8)</A></B>, <B><A HREF="dccifd.html">dccifd(8)</A></B>, <B><A HREF="dccm.html">dccm(8)</A></B>, + <B><A HREF="dccsight.html">dccsight(8)</A></B>, <B>mail(1)</B>, <B>procmail(1)</B>. + + +</PRE> +<H2><A NAME="HISTORY">HISTORY</A></H2><PRE> + Distributed Checksum Clearinghouses are based on an idea of Paul Vixie. + Implementation of <B>dccproc</B> was started at Rhyolite Software in 2000. This + document describes version 1.3.103. + + +</PRE> +<H2><A NAME="BUGS">BUGS</A></H2><PRE> + <B>dccproc</B> uses <B>-c</B> where <B><A HREF="dccm.html">dccm(8)</A></B> uses <B>-t</B>. + + February 26, 2009 +</PRE> +<HR> +<ADDRESS> +Man(1) output converted with +<a href="http://www.oac.uci.edu/indiv/ehood/man2html.html">man2html</a> +modified for the DCC $Date 2001/04/29 03:22:18 $ +<BR> +<A HREF="http://www.dcc-servers.net/dcc/"> + <IMG SRC="http://logos.dcc-servers.net/border.png" + class=logo ALT="DCC logo"> + </A> +<A HREF="http://validator.w3.org/check?uri=referer"> + <IMG class=logo ALT="Valid HTML 4.01 Strict" + SRC="http://www.w3.org/Icons/valid-html401"> + </A> +</ADDRESS> +</BODY> +</HTML>