view dccd.8.in @ 0:c7f6b056b673

First import of vendor version
author Peter Gervai <grin@grin.hu>
date Tue, 10 Mar 2009 13:49:58 +0100
parents
children
line wrap: on
line source

.\" Copyright (c) 2008 by Rhyolite Software, LLC
.\"
.\" This agreement is not applicable to any entity which sells anti-spam
.\" solutions to others or provides an anti-spam solution as part of a
.\" security solution sold to other entities, or to a private network
.\" which employs the DCC or uses data provided by operation of the DCC
.\" but does not provide corresponding data to other users.
.\"
.\" Permission to use, copy, modify, and distribute this software without
.\" changes for any purpose with or without fee is hereby granted, provided
.\" that the above copyright notice and this permission notice appear in all
.\" copies and any distributed versions or copies are either unchanged
.\" or not called anything similar to "DCC" or "Distributed Checksum
.\" Clearinghouse".
.\"
.\" Parties not eligible to receive a license under this agreement can
.\" obtain a commercial license to use DCC by contacting Rhyolite Software
.\" at sales@rhyolite.com.
.\"
.\" A commercial license would be for Distributed Checksum and Reputation
.\" Clearinghouse software.  That software includes additional features.  This
.\" free license for Distributed ChecksumClearinghouse Software does not in any
.\" way grant permision to use Distributed Checksum and Reputation Clearinghouse
.\" software
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND RHYOLITE SOFTWARE, LLC DISCLAIMS ALL
.\" WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL RHYOLITE SOFTWARE, LLC
.\" BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
.\" OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
.\" WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
.\" ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
.\" SOFTWARE.
.\"
.\" Rhyolite Software DCC 1.3.103-1.143 $Revision$
.\"
.Dd February 26, 2009
.ds volume-ds-DCC Distributed Checksum Clearinghouse
.Dt dccd 8 DCC
.Os " "
.Sh NAME
.Nm dccd
.Nd Distributed Checksum Clearinghouse Daemon
.Sh SYNOPSIS
.Bk -words
.Nm dccd
.Op Fl 64dVbfFQ
.Fl i Ar server-ID
.Op Fl n Ar brand
.Op Fl h Ar homedir
.Fl I Xo
.Sm off
.Op Ar host-ID
.Op Ar ,user
.Sm on
.Xc
.br
.Oo
.Fl a Xo
.Sm off
.Op Ar server-addr
.Op Ar ,server-port
.Xc
.Sm on
.Oc
.Op Fl q Ar qsize
.br
.Oo
.Fl G Xo
.Sm off
.Op Ar on,
.Op Ar weak-body,
.Op Ar weak-IP,
.Op Ar embargo
.Op Ar ,window
.Op Ar ,white
.Xc
.Sm on
.Oc
.br
.Oo
.Fl W Xo
.Sm off
.Op Ar rate
.Op Ar ,chg
.Op Ar ,dbsize
.Sm on
.Xc
.Oc
.Oo
.Fl K Xo
.Sm off
.Op Ar no-
.Ar type
.Sm on
.Xc
.Oc
.Op Fl T Ar tracemode
.Op Fl u Ar anon-delay Ns Op Ar *inflate
.Op Fl C Ar dbclean
.Op Fl L Ar ltype,facility.level
.br
.Oo
.Fl R Xo
.Sm off
.Op Ar RL_SUB ,
.Op Ar RL_ANON ,
.Op Ar RL_ALL_ANON ,
.Op Ar RL_BUGS
.Xc
.Sm on
.Oc
.Ek
.Sh DESCRIPTION
.Nm Dccd
receives reports of checksums related to mail received by DCC clients
and queries about the total number of reports of particular checksums.
A DCC server never receives
mail, address, headers, or other information from clients, but only
cryptographically secure checksums of such information.
A DCC server cannot determine the text or other information that corresponds
to the checksums it receives.
It only acts as a clearinghouse of total counts of checksums
computed by clients.
.Pp
Each DCC server or close cluster of DCC servers is identified by a numeric
.Ar server-ID .
Each DCC client is identified by a
.Ar client-ID ,
either explicitly listed in the
.Pa ids
file or
the special anonymous client-ID.
Many computers are expected to share a single
.Ar client-ID .
A
.Ar server-ID
is less than 32768 while a
.Ar client-ID
is between 32768 and 16777215.
DCC server-IDs need be known only to DCC servers and the people running
them.
The passwords associated with DCC server-IDs should be protected,
because DCC servers listen to commands authenticated with server-IDs
and their associated passwords.
Each client that does not use the anonymous ID must know the client-ID
and password used by each of its servers.
A single client computer can use different passwords with different
server computers.
See the
.Pa ids
file.
.Pp
A whitelist of known good (or bad) sources of email prevents
legitimate mailing lists from being seen as unsolicited bulk email
by DCC clients.
The whitelist used by a DCC server is built into
the database when old entries are removed by
.Xr dbclean 8 .
Each DCC client has its own, local whitelist, and in general,
whitelists work better in DCC clients than servers.
.Pp
The effectiveness of a Distributed Checksum Clearinghouse
increases as the number of subscribers increases.
Flooding reports of checksums among DCC servers increases
the effective number of subscribers to each server.
Each
.Nm
daemon tries to maintain TCP/IP connections to the other servers
listed in the
.Pa flod
file, and send them reports containing checksums with total
counts exceeding thresholds.
Changes in the
.Pa flod
file are noticed automatically within minutes.
.Pp
Controls on report flooding are specified in the
.Pa flod
file.
Each line specifies a hostname and port number to which reports
should be flooded,
a server-ID to identify and authenticate the output stream,
a server-ID to identify and authenticate an input stream from the
same server,
and flags with each ID.
The ability to delete reports of checksums is handy, but could
be abused.
If
.Ar del
is not present among the
.Ar in-opts
options for the incoming ID,
incoming delete requests are logged and then ignored.
Floods from DCC "brands" that count only mail to
spam traps and whose servers use the
.Fl Q
option to count extremely bulk mail
should be marked with
.Ar traps .
They can be seen as counting millions of targets, so the
.Ar traps
flag on their
.Pa flod
file entry changes their incoming flooded reports counts to
.Em many.
.Pp
.Nm Dccd
automatically checks its
.Pa flod
and
.Pa ids
files periodically.
.Xr Cdcc 8
has the commands
.Ic new ids
and
.Ic flood check
to tell
.Nm
to check those two files immediately.
Both files are also checked for changes after the SIGHUP signal.
.Ss OPTIONS
The following options are available:
.Bl -tag -width 3n
.It Fl 6
enable IPv6.
The default is equivalent to
.Fl 4 .
See also the IPv4 and IPv6 options in the
.Pa flod
file description below and the
.Em IPv6 on
.Xr cdcc 8
command.
.It Fl 4
disable IPv6.
See also
.Fl 6 .
.It Fl d
enables debugging output.
Additional
.Fl d
options increase the number of messages.
.It Fl V
displays the version of the DCC server daemon.
.It Fl b
causes the server to not detach itself from the controlling tty
or put itself into the background.
.It Fl F
uses write() instead of mmap() in some cases to modify the DCC database.
It is the default on Solaris.
.It Fl f
turns off
.Fl F .
.It Fl Q
causes the server to treat reports of checksums as queries
except from DCC clients marked trusted in the
.Pa ids
file with
.Ar rpt-ok .
See
.Fl u
to turn off access by anonymous or unauthenticated clients
.It Fl i Ar server-ID
specifies the ID of this DCC server.
Each server identifies itself as responsible for checksums
that it forwards to other servers.
.It Fl n Ar brand
is an arbitrary string of letters and numbers that
identifies the organization running the DCC server.
The brand is required, and appears in the SMTP
.Em X-DCC
headers generated by the DCC.
.It Fl h Ar homedir
overrides the default DCC home directory,
.Pa @prefix@ .
.It Fl I Xo
.Sm off
.Op Ar host-ID
.Op Ar ,user
.Sm on
.Xc
changes the server's globally unique identity for flooding 
from the default value
consisting of the first 16 characters of the host name.
or changes the UID and GID of the process
.Ar Host-ID
is a string of up to 16 characters that replaces the first
16 characters of the system's hostname in assertions 
of the server-ID that are flooded to peers.
.Ar User
must be valid user name.
.It Fl a Xo
.Sm off
.Op Ar server-addr
.Op Ar ,server-port
.Sm on
.Xc
adds an hostname or IP address to the list of local IP addresses
that the server answers.
Multiple
.Fl a
options can be used to specify a subset of the available network
interfaces or to use more than one port number.
The default without any
.Fl a
options is to listen on all local IP addresses.
It can be useful to list some of the IP addresses of
multi-homed hosts to deal with firewalls.
By default
.Ar server-port
is 6277 for DCC servers and 6276 for Greylist servers.
It is the UDP port at which DCC
requests are received and the TCP port for incoming floods of reports.
.Pp
If
.Ar server-addr
is absent
and if the
.Xr getifaddrs 8
function is supported,
separate UDP sockets are bound to each configured network interface so
that each DCC clients receives replies from the
IP addresses to which corresponding request are sent.
If
.Nm
is started before all network interfaces are turned on or
there are interfaces that are turned on and off or change their addresses
such as PPP interfaces,
then the special string
.Ar @
should be used to tell
.Nm
to bind to an IN_ADDRANY UDP socket.
.Pp
Outgoing TCP connections to flood checksum reports to other DCC servers
used the IP address of a single
.Fl a
option,
but only if there is single option that is not localhost.
See also the
.Pa flod
file.
.It Fl q Ar qsize
specifies the maximum size of the queue of requests from anonymous or
unauthenticated clients.
The default value is the maximum DCC RTT in seconds times 200 or 1000.
.It Fl G Xo
.Sm off
.Op Ar on,
.Op Ar weak-body,
.Op Ar weak-IP,
.Op Ar embargo
.Op Ar ,window
.Op Ar ,white
.Xc
.Sm on
changes
.Nm
to a Greylist server for
.Xr dccm 8
or
.Xr dccifd 8 .
Greylisting consists of temporarily rejecting or embargoing mail from
unfamiliar combinations of SMTP client IP address, SMTP envelope sender,
and SMTP envelope recipient.
If the SMTP client persists for
.Ar embargo seconds
and so is probably not an open proxy, worm-infected personal computer,
or other transient source of spam, the triple of
.Em (IP\ address,sender,recipient)
is added to a database similar to the usual DCC database.
If the SMTP client does not try again after
.Ar embargo
seconds and before
.Ar window
seconds after the first attempt,
the triple is forgotten.
If the SMTP client persists past the embargo,
the triple is added to the database and becomes familiar
and the message is accepted.
Familiar triples are remembered for
.Ar white
seconds after the last accepted mail message.
The triple is forgotten if it is ever associated with unsolicited bulk email.
.Pp
All three durations can be a number of minutes, hours, days, or
weeks followed by
.Ar MINUTES ,
.Ar M ,
.Ar HOURS ,
.Ar H ,
.Ar DAYS ,
.Ar D ,
.Ar WEEKS
or
.Ar W .
The default is
.Fl G Ar 270seconds,7days,63days .
The first duration or the
.Ar embargo
should be longer than open proxies can linger retransmitting.
The second
.Ar window
time should be as long as legitimate mail servers persist in retransmitting
to recognize embargoed messages whose retransmissions were not
received because of network or other problems.
The
.Ar white
time should be long enough to recognize and not embargo messages from
regular senders.
.Pp
Usually the DCC greylist system requires that an almost
identical copy of the message be retransmitted during the
.Ar embargo .
If
.Ar weak-body
is present,
any message with the same triple of sender IP address, sender mail
address, and target mail address ends the embargo,
even if the body of the message differs.
.Pp
If
.Ar weak-IP
is present,
all mail from an SMTP client at an IP address is accept
after any message from the same IP address has been accepted.
.Pp
Unlike DCC checksums, the contents of
greylist databases are private and do not benefit from broad sharing.
However, large installations can use more two or more greylist servers
flooding triples among themselves.
Flooding among greylist servers is controlled by the
.Pa grey_flod
file.
.Pp
All greylist cooperating or flooding greylist servers
.Em must
use the same
.Fl G
values.
.Pp
Clients of greylist servers cannot be anonymous and must have
client-IDs and passwords assigned in the
.Pa ids
file.
This implies that
.Xr cdcc
commands directed to greylist servers must specify the server-ID.
.Pp
White- and blacklists are honored by the DCC clients.
whitelisted messages are embargoed or checked with a greylist server.
The greylist triples of blacklisted messages, messages whose DCC counts make
them spam, and other messages known to be spam are sent to a greylist
server to be removed from the greylist database and cause an embargo
on the next messages with those triples.
.Pp
Messages whose checksums match greylist server whitelists
are not embargoed and the checksums of their triples are not
added to the greylist database.
.Pp
The target counts of embargoed messages are reported to the DCC network
to improve the detection of bulk mail.
.It Fl W Xo
.Sm off
.Op Ar rate
.Op Ar ,chg
.Op Ar ,dbsize
.Sm on
.Xc
controls quick database cleaning.
If the database is larger than
.Ar dbsize ,
it seems that the database has not recently and is not about to be cleaned,
.Nm
is receiving fewer than
.Ar rate
requests per second,
and if telling DCC clients that the database is about to be cleaned
reduces that rate by
.Ar chg Ns %,
then
.Nm
starts
.Xr dbclean 8
for a quick database cleaning.
The cleaning is abandoned if it takes too long.
The default values are equivalent to
.Bk -words
.Fl W Ar 1.0,40.0,RSS
where
.Ar RSS
is the maximum dccd resident set
displayed the system log by
.Fl d
when
.Nm starts .
.Ek
.It Fl K Xo
.Sm off
.Op Ar no-
.Ar type
.Sm on
.Xc
marks checksums of
.Ar type
(not) be kept
or counted in the database unless they appear in the whitelist.
Explicit settings add to or remove from the initial contents of the list,
which is equivalent to
.Fl K Ar Body
.Fl K Ar Fuz1
.Fl K Ar Fuz2 .
.It Fl T Ar tracemode
causes the server to trace or record some operations.
.Ar tracemode
must be one of the following:
.Bl -tag -width FLOOD2 -offset 2n -compact
.It Ar ADMN
administrative requests from the control program,
.Xr cdcc 8
.It Ar ANON
errors by anonymous clients
.It Ar CLNT
errors by authenticated clients
.It Ar RLIM
rate-limited messages
.It Ar QUERY
all queries and reports
.It Ar RIDC
some messages concerning the report-ID cache that is used
to detect duplicate reports from clients
.It Ar FLOOD
messages about inter-server flooding connections
.It Ar FLOOD2
messages about flooded reports
.It Ar IDS
unknown server-IDs in flooded reports
.It Ar BL
requests from clients in the
.Pa blacklist
file.
.It Ar DB
odd database events including long chains of duplicate checksums
.It Ar WLIST
reports of whitelisted checksums from authenticated, not anonymous DCC clients
.El
The default is
.Ar ANON CLNT .
.It Fl u Ar anon-delay Ns Op Ar *inflate
changes the number of milliseconds anonymous or unauthenticated clients
must wait for answers to their queries and reports.
The purpose of this delay is to discourage large anonymous clients.
The
.Ar anon-delay
is multiplied by 1 plus the number of recent anonymous requests from
an IP address divided by the
.Ar inflate
value.
.Pp
The string
.Ar FOREVER
turns off all anonymous or unauthenticated access not only
for checksum queries and reports but also
.Xr cdcc 8
.Ic stats
requests.
A missing value for
.Ar inflate
turns off inflation.
.Pp
The default value is
.Ar 50,none ,
except when
.Fl G
is used in which case
.Ar FOREVER
is assumed and required.
.It Fl C Ar dbclean
changes the default name or path of the program used to rebuild
the hash table when it becomes too full.
The default value is
.Pa @libexecdir@/dbclean
in the
.Pa @libexecdir@
directory.
The value can include arguments as in
.Ar -C '$DCC_LIBEXEC/dbclean -F' .
.Pp
 Dbclean
.Em should not
be run by
.Nm
except in emergencies such as database corruption or hash table overflow.
.Xr Dbclean 8
should be run daily with the @libexecdir@/cron-dccd cron script
.It Fl L Ar ltype,facility.level
specifies how messages should be logged.
.Ar Ltype
must be
.Ar error ,
.Ar info ,
or
.Ar off
to indicate which of the two types of messages are being controlled or
to turn off all
.Xr syslog 3
messages from
.Nm .
.Ar Level
must be a
.Xr syslog 3
level among
.Ar EMERG ,
.Ar ALERT ,
.Ar CRIT , ERR ,
.Ar WARNING ,
.Ar NOTICE ,
.Ar INFO ,
and
.Ar DEBUG .
.Ar Facility
must be among
.Ar AUTH ,
.Ar AUTHPRIV ,
.Ar CRON ,
.Ar DAEMON ,
.Ar FTP ,
.Ar KERN ,
.Ar LPR ,
.Ar MAIL ,
.Ar NEWS ,
.Ar USER ,
.Ar UUCP ,
and
.Ar LOCAL0
through
.Ar LOCAL7 .
The default is equivalent to
.Dl Fl L Ar info,MAIL.NOTICE  Fl L Ar error,MAIL.ERR
.It Fl R Xo
.Sm off
.Op Ar RL_SUB ,
.Op Ar RL_ANON ,
.Op Ar RL_ALL_ANON ,
.Op Ar RL_BUGS
.Xc
.Sm on
sets one or more of the four rate-limits.
.Ar RL_SUB
limits the number of DCC transactions per second from subscribers
or DCC clients with known client-IDs and passwords.
This limit applies to each IP address independently.
.Pp
.Ar RL_ANON
limits the number of DCC transactions per second from anonymous DCC clients.
This limit applies to each IP address independently.
It is better to use
.Fl u
than to change this value to exclude anonymous clients.
.Pp
.Ar RL_ALL_ANON
limits the number of DCC transactions per second from all anonymous DCC clients.
This limit applies to all anonymous clients as a group, regardless of their
IP addresses.
.Pp
.Ar RL_BUGS
limits the number of complaints or error messages per second for all
anonymous DCC clients as a group as well as for each DCC client by IP
address.
.Pp
The default is equivalent to
.Fl R Ar 400,50,600,0.1
.El
.Sh FILES
.Bl -hang -width @prefix@ -compact
.It Pa @prefix@
is the DCC home directory containing data and control files.
.It Pa dcc_db
is the database of mail checksums.
.It Pa dcc_db.hash
is the mail checksum database hash table.
.It Pa grey_db
is the database of greylist checksums.
.It Pa grey_db.hash
is the greylist database hash table.
.It Pa flod
contains lines controlling DCC flooding of the form:
.br
.Bd -ragged -compact
.Ar host Ns Xo
.Sm off
.Op Ar ,rport
.Op Ar ;src Op Ar ,lport
.Sm on
.Xc
.Ar rem-ID
.Op Ar passwd-ID Op Ar o-opt Op Ar i-opt
.Ed
where absent optional values are signaled with "-" and
.Bl -hang -offset 1n -width 2n -compact
.It Ar host
is the IP address or name of a DCC server and
.Ar rport
is the name or number of the TCP port used by the remote server.
.It Ar src
and
.Ar lport
are the IP address or host name and TCP port
from which the outgoing flooding connection should come.
Incoming flooding connections must arrive at an address and port
specified with
.Fl a .
.It Ar rem-id
is the server-ID of the remote DCC server.
.It Ar passwd-ID
is a server-ID that is not assigned to a server,
but whose first password is used to sign
checksum reports sent to the remote system.
Either of its passwords are required with incoming reports.
If it is absent or "-", outgoing floods are signed with the first
password of the local server in the
.Pa ids
file and incoming floods must be signed with either password of
the remote server-ID.
.It Ar i-opt Li and Ar o-opt
are comma separated lists of
.Bl -hang -offset 1n -width 2n -compact
.It Ar off
turns off flooding to the remote or local system.
.It Ar traps
indicates that
the remote sending or local receiving system has only spam traps.
.It Ar no-del
says checksum delete requests are refused by the remote or local server
and so turns off sending or accepting delete requests, respectively.
By default, delete requests are sent to remote servers and accepted
in incoming floods if and only if the peers are exchanging DCC reputations.
.It Ar del
says delete requests are accepted by the remote or local server.
.It Ar no-log-del
turns off logging of incoming requests to delete checksums.
.It Ar passive
is used to tell a server outside a firewall to expect a peer
inside to create both of the pair
of input and output TCP connections used for flooding.
The peer inside the firewall should use
.Ar SOCKS
or
.Ar NAT
on its
.Pa flod
file entry for this system.
.It Ar SOCKS
is used to tell a server inside a firewall that it should create both
of the TCP connections used for flooding and that SOCKS protocol should
be used.
The peer outside the firewall should use
.Ar passive
on its
.Pa flod
file entry for this system.
.It Ar NAT
differs from
.Ar SOCKS
only by not using the SOCKS protocol.
.It Ar ID1->ID2
converts server-ID
.Ar ID1
in flooded reports to server-ID
.Ar ID2 .
Either
.Ar ID1
or
.Ar ID2
may be the string
.Sq self
to specify the server's own ID.
.Ar ID1
can be the string
.Sq all
to specify all server-IDs
or a pair of server-IDs separated by a dash to specify an inclusive range.
.Ar ID2
can be the string
.Sq ok
to send or receive reports without translation
or the string
.Sq reject
to not send outgoing or refuse incoming reports.
Only the first matching conversion is applied.
For example, when
.Sq self->ok,all->reject
is applied to a locally generated report,
the first conversion is applied and the second is ignored.
.It Ar leaf=path-len
does not send reports with paths longer than
.Ar path-len
server-IDs.
.It Ar IPv4
overrides a
.Fl 6
setting for this flooding peer.
.It Ar IPv6
overrides the
default or an explicit
.Fl 4
setting.
.It Ar vers
specifies the version of the DCC flooding protocol used by the remote
DCC server with a string such as
.Sq version2 .
.It Ar trace
sends information about a single peer like the
.Xr cdcc 8
command
.Ic trace FLOOD on
does for all peers.
.It Ar trace2
sends information about individual flooded reports like the
.Xr cdcc 8
command
.Ic trace FLOOD2 on
does for all peers.
.El
.El
.It Pa grey_flod
is the equivalent of
.Pa flod
used by
.Nm
when it is a greylist server.
.It Pa flod.map
is an automatically generated file in which
.Nm
records its progress sending or flooding reports to DCC peers.
.It Pa grey_flod.map
is the equivalent of
.Pa flod.map used by
.Nm
when it is a greylist server.
.It Pa ids
contains the IDs and passwords known by the DCC server.
An
.Pa ids
file that can be read by others cannot be used.
It contains blank lines, comments starting
with "#" and lines of the form:
.Bd -ragged -compact -offset indent
.Sm off
.Ar id
.Op Ar ,rpt-ok
.Op Ar ,delay=ms  Ns Op Ar *inflate
.Sm on
.Ar passwd1 Op Ar passwd2
.Ed
where
.Bl -hang -offset 1n -width 2n -compact
.It Ar id
is a DCC
.Ar client-ID
or
.Ar server-ID .
.It Ar Rpt-ok
if present overrides
.Fl Q
by saying that this client is trusted
to report only checksums for unsolicited bulk mail.
.It Ar delay=ms  Ns Op Ar *inflate
delays answers to systems using the client
.Ar id .
The
.Ar delay
in milliseconds is multiplied by 1 plus the number of recent requests from
an IP address using
.Ar id
divided by the
.Ar inflate
value.
See
.Fl u .
.It Ar passwd1
is the password currently used by clients with identifier
.Ar id .
It is a 1 to 32 character string that does not contain
blank, tab, newline or carriage return characters.
.It Ar passwd2
is the optional next password that those clients will use.
A DCC server accepts either password if both are present in the file.
.El
Both passwords can be absent if the entry not used except to tell
.Nm
that server-IDs in the flooded reports are valid.
The string
.Em unknown
is equivalent to the null string.
.It Pa whitelist
contains the DCC server whitelist.
It is not used directly but is loaded into the database when
.Xr dbclean 8
is run.
.It Pa grey_whitelist
contains the greylist server whitelist.
It is not used directly but is loaded into the database when
.Xr dbclean 8
is run with
.Fl G .
.It Pa blacklist
if present, contains a list of IP addresses and blocks of IP addresses
DCC clients that are ignored.
Each line in the file should be blank, a comment starting with '#',
or an IP address or block of IP addresses in the form
.Bd -ragged -compact -offset indent
.Op Ar trace,
.Op Ar ok,
.Op Ar bad
.No xxx.xxx.xxx.xxx Ns Op /yy
.Ed
Changes to the file are automatically noticed and acted upon within
a few minutes.
Addresses or blocks of addresses can be preceded with
.Em ok
to "punch holes"
in blacklisted blocks or with
.Em trace
to log activity.
This mechanism is intended for no more than a few dozen blocks of addresses.
.It Pa dccd_clients
contains client IP addresses and activity counts.
.It Pa grey_clients
contains greylist client IP addresses and activity counts.
.El
.Sh EXAMPLES
.Nm
is usually started with other system daemons with something like the
script
.Pa @libexecdir@/rcDCC .
That scripts uses values in @prefix@/dcc_conf to start the server.
With the argument
.Em stop ,
.Pa @libexecdir@/rcDCC
can be used to stop the daemon.
.Pp
The database grows too large unless old reports are removed.
.Xr dbclean 8
should be run daily with the @libexecdir@/cron-dccd cron script
.Sh SEE ALSO
.Xr cdcc 8 ,
.Xr dcc 8 ,
.Xr dbclean 8 ,
.Xr dblist 8 ,
.Xr dccifd 8 ,
.Xr dccm 8 ,
.Xr dccproc 8 .
.Xr dccsight 8 ,
.Sh HISTORY
.Nm
is based on an idea from Paul Vixie.
It was designed and written at Rhyolite Software, starting in 2000.
This document describes version 1.3.103.