1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399
|
Changes to the Distributed Checksum Clearinghouse source.
2005/03/20 22:35:09 Rhyolite Software DCC 1.2.74-1.188 $Revision$
1.2.74
Make clients prefer real IPv6 address to embedded or mapped IPv4
addresses.
1.2.73
Fix crash in dccsight as suggested by Vincent Schonau.
Fix handling of log files for senders without reverse DNS in
cgi-bin/common as suggested by Vincent Schonau.
Add IPv4 and IPv6 o-opts to /var/dcc/flod lines to deal with the change
in the default from "YES" to "NO" in the FreeBSD ipv6_ipv4mapping
1.2.72
Do not make DNS blacklist checks if the MTA already knows the message
is or is not spam.
Add -lresolv to $LIBS for Mac OS X Darwin as suggested by Joel Brogniart.
Change DNS blacklist checking to check MX servers as well.
Add -B settings to control which DNS blacklists are used for the envelope
or body, and whether MX servers should be checked.
SIGUSR1 causes dccm and dccifd to send their statistics to the system log.
Use getaddrinfo() and getnameinfo() when getipnodebyname() and
getipnodebyaddr() are not available. This might make IPv6 work
on Linux systems.
Note that to make dccd listen to IPv6, -6 must be added to DCCD_ARGS
and GREY_DCCD_ARGS in /var/dcc/dcc_conf. This requirement has long
been present to defend against systems that only pretend to
understand IPv6. Perhaps it is time to remove it.
Add `dccifd -o` to use a subset of ESMTP so that dccifd can be used
as a "before-queue" filter or SMTP proxy by Postifx.
Probably fix a rare dccm and dccifd crash.
1.2.71
Fix stray greylist queries reported by Vincent Schonau.
Fix conflict between checking DCC and greylist servers on Linux
reported by Vincent Schonau.
1.2.70
Turn on IP TOS bits for DCC server-to-server flooding.
Add -B to dccproc, dccm, and dccifd to consult DNS blacklists.
This feature and greylisting are valuable supplements
to DCC target counting. However, greylisting is generally
significantly better where greylisting can be used. Most
dccproc and many dccifd installations cannot use greylisting.
1.2.69
Add `misc/hackmc -r` like -R but to reject instead of discard bad
relay attempts.
Fix bogus X-DCC header added after a fatal problem with the DCC server
as suggested by Harald Daeubler.
Release a single tarball equivalent to the old dcc-dccd-*.tar.Z that
contained the DCC server and all clients.
1.2.68
Fix counting of blacklisted DCC clients by dccd.
1.2.67
Remove bonehead optimization in dccd of /var/dcc/blacklist in 1.2.66.
Deal with stdargs in gcc 3.4 on AMD 64-bit systems that do not allow
a va_list arg to be passed to two different subfunctions, but
without breaking things on the many systems that lack va_copy().
1.2.66
Overhaul dccd rate-limiting. Instead of imposing a penalty time
on overactive clients, simply rate-limit them.
Reduce limit on dccd error messages about clients from 2/second to
0.1/second.
1.2.65
Fix accounting of NOPs from blacklisted clients.
Fix race that caused "??" server-IDs in X-DCC headers.
Do not count requests from blacklisted clients against the rate limits
as suggested by Sven Willenberger.
1.2.64
Correct ">XXXX clients" from `cdcc stats`
Removed redundant declarations of mapfile_nm and rl_anon as
suggested by Andreas Jochens.
1.2.63
Possibly fix dccm crash reported by Ludger Bolmerg.
1.2.62
Fix bug in `dccd -a10.2.3.4` diagnosed by John Levine.
1.2.61
Fix file descriptor leak in getifaddrs() replacement.
1.2.60
Fix bug reported by John Levine on systems such as BSD/OS 4.3
without getifaddrs() introduced in 1.2.59 with tracking changes
in network interfaces.
1.2.59
Fix broken `dccd -G0` reported and diagnosed by Chris Mikkelson.
Track changes in network interfaces on most modern flavors of UNIX
as suggested by James Carlson.
Fix two MIME decoding bugs as suggested by George Schlossnagle.
Treat '>' as a blank instead of punctuation for FUZ2 checksums.
Don't re-use va_list in stdargs functions to work around a characteristic
of gcc for AMD 64 bit systems. gcc 64-bit stdargs
reportedly passes va_list by reference instead of by value.
Fix date labels in graphs generated by dcc-stats-graph as suggested by
Kevin Gagel.
1.2.58
Work around new bug in FreeBSD 4.10 mechanism to disconnect UDP
sockets reported by Daniel V Klein. The symptom of the bug is
that DCC servers appear down to clients running on FreeBSD 4.10
1.2.57
Invoke WSACleanup() after using WSAStartup() on Windows systems
as suggested by Carl Stehle.
1.2.56
Fix /var/dcc/ids delay= extension.
1.2.55
Add `./configure --with-max-db-mem=X` to limit the size of the
database window.
Extend /var/dcc/ids format to allow authenticated clients to be delayed
as `dccd -U` delays anonymous clients.
Add `./configure --with-kludge=FILE`.
1.2.54
Fix problem with flooding among greylist servers using `dccd -Gweak-IP`
reported by Valentin Chopov.
1.2.53
Restore `dccsight -G grey-cksum` because the proof-of-concept CGI
scripts use it.
On OS X, use owner and group of daemon:daemon for programs and use
dccmaninstall in `make install` as suggested by Jason Schwarz.
1.2.52
Fix problem in start-dccm and start-dccifd with Solaris /bin/sh
reported by Gary Mills
Work around bug in OpenBSD HTONL() and NTOHL() reported by Jeff Drinkert.
Change wlist to rebuild the .dccw hash table unless given -Q.
1.2.51
Fix cause of "packet length 44 too small" complaints by DCC servers.
With an empty mail body and no useful headers, DCC clients were
sending empty requests to DCC servers.
Add `cdcc "debug TTL=x"` to help find firewalls that filter DCC requests.
Use shared libmilter.so in dccm as suggested by James Carlson.
Fix Body checksum when MIME boundary crosses buffer boundary from
Richard Lyons.
Stop crash in dccm reported by Krzysztof Snopek.
Deprecate misc/dccdnsbl.m4 and change misc/hackmc to work with
FEATURE(dnsbl) and FEATURE(endnsbl) in modern sendmail.
Make it compile on Mac OS X and DragonFly FreeBSD.
Reduce the size of greylisting databases.
Separate DCC query mode for dccm and dccifd from greylist query mode.
Add `dccd -G weak-IP` to whitelist not only a {sender,target,IP address}
after passing the greylist embargo, but anything from the IP address.
Use this facility with caution; it might be a bad idea.
The last change requires that all greylist clients and servers
be upgraded simultaneously.
1.2.50
Fix `dccifd lhost,lport,rhost/bits` on systems that have IPv6.
Change homedir/make-dcc_conf to track changes in
`./configure --with-rundir=x --libexecdir=y`
as suggested by Josef T. Burger. This change will not be effective
until upgrading from 1.2.50 to later versions.
Deal with tiny FD_SETSIZE reported by Christian Becker.
Fix dccifd, dccm, and dccproc core-dump caused by missing whiteclnt file
reported by Henrik Edlund.
1.2.49
Fix infinite loop in computing DCC clients computing checksums of
large, deeply nested MIME messages reported by Clive Cleland.
1.2.48
Add "option dcc-off" and "option dcc-on" to per-user whitelist files
as suggested by Spike Ilacqua.
Make /var/dcc/libexec/fetch-testmsg-whitelist deal with cron processes
that set $PATH without /usr/local/bin
1.2.46
Fix infinite packet flood from DCC clients including dccproc observed
by Benji Spencer, Clive Cleland, and Andrew Kent. I introduced
this serious bug with the WIN32 changes in 1.2.33.
Fix "option greylist-off" bug introduced in 1.2.39 and reported by
Spike Ilacqua.
Defend dccd against too many clients.
1.2.45
Fix dccd database "window" size computation bug that chose 3 GBytes
on systems with less than 512 MByte.
Fix `cdcc "stats all"` to use the right host name from Leandro Santi.
Increase `dccd -R` default rate limits for all anonymous clients
and for individual authenticated clients..
updatedcc understands -V x.y.z unless no old version x.y.z is available.
1.2.44
Fix bug in dbclean -e and -E default reductions that made them 50% less
instead of more conservative compared to 1.2.39.
Speed up dbclean on systems with mmap(MAP_ANON).
Clean some uninitialize variable complaints from purify reported by
Praveen Nimmagadda.
Minor adjustments to deal with Solaris's VM system.
1.2.43
Fix typo in -e and -E default reductions.
1.2.42
More adjustments to deal with Solaris's VM system.
Use all except 384 MByte of physical memory on systems with more than
768 MByte. On systems with 768 MByte or less, use half.
Tweak WIN32 makefiles.
1.2.41
Restore TZ in update/misc after setting it to GMT to keep the
Solaris FTP from going crazy.
1.2.40
Include win32.makin2 that was missing from 1.2.39.
Do not respond to clients when the database is broken to ensure that
they switch to another server.
Add missing "option greylist-on" support to cgi-bin/edit-whiteclnt
Remove DCC_PROTO_HOMEDIR support for building RPM or other packages
and add `./configure --installroot=DIR`
Adjust threshold for `dbclean -F` to keep Solaris systems from spending
hours in dbclean.
Add `dbclean -f` to turn off default `dbclean -F` on Solaris for
installations where the file system has been tuned for the
large, randomly accessed file that is a DCC database.
1.2.39
Suppress syslog messages from cdcc noted by Krzysztof Snopek.
Suppress complaints about madvise(MADV_WILLNEED).
Tweak WIN32 porting aids.
1.2.38
Turn off the use of madvise(MADV_WILLNEED) on systems such as BSD/OS
that claim to have it but don't.
-Gweak did not in 1.2.37 work as reported by Valentin Chopov.
1.2.37
Tweak WIN32 #ifdefs.
Change -G for dccm and dccifd to require -Gon. Add kludges in
start-dccm and start-dccifd to convert the old -G to -Gon.
Add "-G noIP" and '-G IPmask/xx' to ignore all or part of the SMTP
client IP address in the greylist triple.
`dblist -G` no longer works. Use `dbclist -Gon`
Fix bug where dbclean increased the number of reasons to stop flooding
by 1 and then decreased it by 2 reported by Bernard Gardner.
Use madvise(WILLNEED) for database buffers on systems with plenty
of RAM as suggested by Robert Milkowski.
Adjust scripts including /var/dcc/libexec/start-dccd to deal with
POSIX compliance of `expr` in FreeBSD 5.1.
Change FUZ2 checksum to know about Polish.
1.2.36
Fix updatedcc for systems that have only make in $PATH but where
it is really gmake.
1.2.35
Turn off the use of poll() instead of select() on Linux systems.
1.2.34
Fix bugs in the ./configure mechanisms to use poll() instead of
select() on FreeBSD reported by Valentin Chopov.
1.2.33
Adjust default dbclean expirations based on available RAM and
the size of the database.
Make dcclib, cdcc, and dccproc build for WIN32 with Borland C++ 5.02
or FreeCommandLineTools.exe. The former can use the dcc.ide file
and the latter can use win32.mak.
Fix use of SO_LINGER on Solaris.
More changes to ease compiling cdcc for WIN32.
Possibly fix dccd amnesia about flooding peers.
Use poll() instead of select() on FreeBSD.
Fix updatedcc to use gmake if ./configure insisted.
Entirely remove "--prefix" from ./configure to stop people from
mistakenly assuming that ./configure is what the Free Software
Foundation dictates it should be.
Change /var/dcc/libexec/start-dccd to stop dbclean when dccd starts
and so prevent a deadlock between dbclean and dccd.
Fix problem with updatedcc on systems with only gmake reported by
James Carlson.
Fix problem with large greylist whitelist files reported by John Levine.
Reduce number of write() system calls per operation in dccifd.
1.2.32
Fix corruption of `dccm -U` directory introduced in 1.2.31 and
reported by Spike Ilacqua.
1.2.31
Make all dccd databases "big." If you have not previously used
`./configure --enable-big-db` then when version 1.2.31 of
dccd is started, it will run dbclean to rebuild the database.
This will make the hash table about 9% bigger and so 9% slower.
Make the "ms" units optional for RTT adjustments in `cdcc add` or
`cdcc load` as suggested by Hernan A. Perez Masci.
Add ${dcc_userdir} sendmail.cf macro as suggested by Valentin Chopov.
This lets you use the full power of sendmail.cf rewrite rules
to control per-user whitelist and log directories. See the
dccm man page.
Make `dbclean -F` the default on Solaris systems with plenty of RAM
and automatically turn it off when there is not enough RAM to hold
the entire database.
1.2.30
Let `dccd -C` take arguments for dbclean, so that the following line
in dcc_conf works:
DCCD_ARGS="'-C$DCC_LIBEXEC/dbclean -F'"
Make pthread_detach() failures in dccifd non-fatal.
Add mechanism to cgi-bin/list-msg to whitelist-for-greylisting
(sender,IP-address,recipient) checksums. This mechanism
requires that the 1.2.30 versions of dccd and dccsight be
installed.
Change dccifd to record the message headers in the log file even when
the MTA fails to provide the message body.
1.2.29
FUZ2 checksums character entity references in URLs in HTML.
Insert checksums of greylist triples of whitelisted messages
into the greylist database.
If greylisting is turned on, then include greylist checksums in dccm and
dccifd log files even for whitelisted and blacklist messages.
Dccm and dccifd log some messages that are whitelisted for greylisting
or otherwise not currently embargoed but were in the past.
Change whiteclnt "log all-grey" and "log no-grey" options to
"option greylist-log-off" and "option greylist-log-on".
(Of course the old strings continue to work.)
Add whiteclnt option "option greylist-off" and "option greylist-on"
to control greylisting for greylistig for an individual user.
Note mail in SMTP transactions that involve other users for which
greylisting has not been turned off can still temporarily rejected.
Add "option log-all" log everything for an individual user.
The proof-of-concept CGI scripts handle the new whiteclnt options.
Fix false "many" from dccproc when switching DCC servers reported by
Rutger ter Borg.
Remove 1.2.28 change in the dccd "xx MByte window" message that
displayed the minimum of the physical file size and the mmap() window
size. The message now contains the mmap() window size..
Fix `dccd -FG,` core dump reported by Aleksander Dzierzanowski.
Make "skip asking" in `cdcc info` output a comment as suggested by
Gunther Heintzen.
Speed up flooding among greylist servers.
1.2.28
Reduce the number of msync() system calls, significantly speeding up
dbclean and dccd on FreeBSD.
Fix "window" size computation for dccd and dbclean on systems with
more than 4 GByte of RAM.
Adjust flooding threshold for greylist dccd.
Changed the dccifd man page to say that dccifd looks at the first
Received: header for the sender's IP address if was not provided
by the dccifd client.
Remove the recommendation for whitelisting the Habeas Mark from the
sample dcc_conf file.
Detect bogus -G args reported by Aleksander Dzierzanowski.
1.2.27
Use fsync() and msync() on /var/dcc/flod.map in dccd to try to
get Linux to send the file to the disk.
Use setsockopt(SO_LINGER) to speed shutdown on FreeBSD.
1.2.26
Fix `dccd -F`. Adding -F to DBCLEAN_ARGS in /var/dcc/dcc_conf on
Solaris systems with enough RAM to hold most of the database
can make dbclean twice as fast and reduces its effects on other
processes. Addcing -F to DCCD_ARGS might have similar effects.
The use of MAP_NOSYNC on systems that support it including FreeBSD
reduces the effects of dccd on other processes.
1.2.25
Fiddle with /var/dcc/libexec/dcc-stats-graph.
Add `dccd -F` like `dbclean -F`
1.2.24
Generate /var/dcc/dcc_conf-new whether it is needed or not.
Add `dbclean -F` to work around Solaris performance bugs with large
files and mmap().
Add `dccd -Gweak` to not require a retransmission of the same message
to end a greylist embargo.
Add option "no-reject" to the dccifd-MTA protocol to be similar to
`dccm -aIGNORE` for greylisting while ignoring DCC results.
1.2.22
Fix stray hostnames reported in dccifd log file headers observed by
Chris Mikkelson.
Fix empty dccm syslog complaints seen on Solaris.
Fix core-dump with bogus hostname in whiteclnt file observed by
Joe Ilacqua.
Updatedcc starts to shut down dccd early to avoid problems restarting
it on slow systems at the end.
1.2.21
Fix dbclean every 20 seconds possibly observed by Kelsey Cummings.
Stop frequent running of dbclean from dccd to clean up greylisting records.
1.2.20
Fix cdcc core dump with non-existent /var/dcc/map files.
Change updatedcc to not use "set -e" because some versions of
bash have tantrums if you unset a variable that is not set.
1.2.19
Fix "too many CIDR blocks" problem reported by John Doherty.
1.2.18
Fix infinite loop in dccm reported by Gary Mills. This error might
also have caused dccm to crash. It should affect dccd as well
as the DCC client programs. I introduced it in version 1.2.15.
1.2.17
Fix IP whitelist entries in DCC server databases broken in 1.2.15 and
1.2.16.
1.2.16
Fix bug in libexec/updatedcc with blanks in CFLAGS reported by
Aaron Paetznick. This only fix uses of updatedcc after
1.2.16 has been installed.
1.2.15
Ensure the mtime of /var/dcc/whiteclnt.dccw files changes to stop
endless reparsing on some Linux systems.
Resolve inconsistency in dccproc whitelist vs. -t many noted by
Dawn Endico by making whitelisting always produce an exit code of 0.
Put absolute path on cdcc in misc/stats-get as pointed out by
Kevin Gagel.
Make dccm and dccifd log file size configurable as suggested by
Furlan Campos.
Fix bug reported by Jim Carroll that kept mail from being rejected
when first sent to a spam.
Allow large CIDR blocks to be white- or blacklisted in whiteclnt files.
Fix dccifd -p bug reported by Christopher Bodenstein.
Fix "continue not asking greylist" log message that should be
"continue not asking DCC" reported by Jorg Bielak.
Fix ./configure script in dccproc tarball that was creating a bogus
RUNDIR value for dccifd.
Add `./configure --with-max-log-size=KB` as requested by Furlan Campos.
The proof of concept CGI scripts now
deal with per-user logs for user that receive enough spam that their
log directories have 20,000 entries.
support the per-user greylist log options for whiteclnt files
described in the dcc man page near the description of "include"
support locking of per-user whiteclnt files with a line of
"#webuser locked"
Fix output file data corruption bug reported by Chris Mikkelson.
Change default dccm greylist SMTP status code as suggested by Gary Mills.
1.2.14
Adjust homedir/make-dcc_conf for Solaris as suggested by Gary Mills.
1.2.13
Tweak libexec/updatedcc for Solaris.
1.2.12
Report checksums in greylist embargoed mail to a DCC server while
waiting for the embargo to expire.
Recognize more than 1 GByte of RAM on Solaris systems.
Fix bug in stats-get not counting queries pointed out by Yury Razbegin.
Change the default greylist -G "white" value from 30 to 63 days.
dccm and dccifd now include the greylist triple checksum in per-user
log files.
Fix bugs in dccifd C interface routine pointed out by Stephen Misel.
Fix dccd whitelist bug observed by Gary Mills.
Fix bug in 1.2.8 through 1.2.11 that stops flooding of brand new
reports of bulk mail that is not spam.
Automatically generate /var/dcc/dcc_conf-new from existing dcc_conf
to aid installation of greylisting.
1.2.11
Resume looking for native sendmail milter libraries on more than
FreeBSD.
1.2.10
Fix some compiler warnings on Solaris.
Fix "only 256 open files allowed" message from dccid on Solaris
reported by Turgut Kalfaoglu.
Use poll() instead of select() in dccifd if possible.
Fix error in libexec/start-dccd reported by Valentin Chopov.
Look for native sendmail milter and install man pages on
recent versions of NetBSD as suggested by Josef T. Burger.
1.2.9
Turn off database hash debugging accidentally turned on in 1.2.8.
1.2.8
Fix serious bug in resolving DCC server host names by dccm and dccifd.
Add "temporary" to default greylist rejection messages.
Fix greylisting of null messages.
Add misc/fetch-testmsg-whitelist
Improve compression/suppression of flooded checksums to reduce the
database size and bandwidth requirements 10-50% for DCC servers that
see fewer than 20K DCC ops/day. Tests have produced conflicting
results. The full effects are not seen unless flooding peers
install this version.
1.2.7
Fix greylist flooding problem reported by Valentin Chopov.
Add whitelists to greylist servers as requested by Bobby Rose.
Change `dccm -r` to also set the greylist rejection message and to
optionally interpolate the queue-ID and SMTP client IP address
as requested by Gary Mills.
Fix 1.2.x bug that treated all flooded checksums to a new database
as stale until a local checksum has been added and dbclean run.
1.2.6
Complete the fix for "badly signed NOP response" in the DCC server.
To be effective, the public DCC servers will need to use
version 1.2.6.
1.2.5
Fix "badly signed NOP response" bug diagnosed by Philipp Buehler and
Thorsten Janssen.
Turn off connect() on DCC client UDP sockets for Linux 5.2.
Use sysconf() on Solaris and Linux and sysctl() on BSD systems to
estimate the size of physical memory. This may reduce the need
for `./configure --with-db-memory=X`
Add `./configure --with-DCC-MD5` to use the MD5 code in the DCC source
instead of any local library.
Fix dblcean "repairing" the database because "was [it] not closed cleanly."
1.2.4
Fix core dump in creating X-DCC header as suggested by James Carlson.
Fix dccif.c for `./configure --disable-IPv6` and stats-get for
deleting /dev/null when interrupted as suggested by Yury Razbegin.
1.2.3
Fix leak in greylist server.
Improve some obscure error messages from dccd.
Address IPv6 problem on RedHat 5.2 reported by Darren Nickerson.
Check /proc/meminfo on Linux for hints on real memory size to
work around the Linux mmap() bugs and resulting dccd performance
problems as suggested by Dave Lugo.
1.2.2
Avoid `chown` in start-dccm and start-dccd.
Fix stop-dccd as noted by Michael Ghens.
Add greylist installation instructions to INSTALL.html and INSTALL.txt.
1.2.1
Fix typo in default map.txt noted by Michael Ghens.
Fix undetected hash table size overflow noted by Leandro Santi.
Fix "BRAND" error in start-dccd.
Fix inflation of target counts on greylisted messages.
Dccd is off in the default dcc_conf.
Reduce default greylist embargo to 4.5 minutes.
1.2.0
Many changes to support a form of Greylisting.
See http://projects.puremagic.com/greylisting/
and the dccd and dccm man pages. Greylisting is probably not
ready for prime time in 1.2.0.
Change flod.map file format to allow `cdcc "flood stats 123"` to say
"not connected since" as suggested by by James Carlson.
Fix bogus "overwriting existing entry" error message noted by
Dallas Engelken.
As suggested by Leandro Santi, prevent false alarms about bogus packets
received by DCC clients.
Improve 24-hour averaging of client operations by dccd.
Fixes to dccd/rl.c from Leandro Santi.
1.1.45
Fix error in sample homedir/map.txt file.
Fix problem in starting flooding.
Fix error in misc/dcc-stats-init.
1.1.44
Fix core dump observed by Stephen Misel.
Suppress error message from rcDCC and start-dccm when dccm is not
installed as noted by Kevin Gagel.
1.1.43
Fix core dump reported by James Carlson.
1.1.42
Fix dbclean progress reporting bug noted by Vladimir Samoilov.
Improve misc/na-spam to catch another kind of quote leader.
Drop anonymous requests that would be delayed by more than the maximum
possible RTT.
Add application layer keepalives to flooding.
1.1.41
Sort IP addresses in `cdcc rtt`.
Improve response of the client code to broken servers.
1.1.40
Adjust client failure "fail_more()" backoff mechanism.
Add commas to misc/dcc.m4 as suggesed by Spike Ilacqua.
1.1.39
Fix missing changes to dcc.m4.
1.1.38
Fix `make install` file ownership as noted by Gary Mills.
1.1.37
Deal with certain obfuscating URLs. This change includes some
URLs in Fuz2 checksums and removes parts of some URLs from Fuz1
checksums. This should reduce much of the need for the dubious
many hex FUZ2: 00000000 00000000 00000000 00000000
whiteclnt entry.
Decode RFC 822 and MIME entity headers to control quoted-printable
and base64 decoding instead of the previous adaptive algorithm.
This also involves decoding nested MIME multipart messages.
A side effect of this is to change the checksums computed for
some mail.
Use poll() on Solaris to avoid failures from select() on large FDs.
Smuggle the Mail_From value to dccm with a ${dcc_mail_host} macro
so the mail_host checksum is valid despite sendmail smart relays.
This requires rebuilding sendmail.cf with the new dcc.m4.
Move part of the server-failing timer into /var/dcc/map so that
dccproc processes can share it.
Fix dccifd bug in handling detecting the end of headers reported
by Tim Clymo.
Fix `dccd -u` which was almost entirely broken. Extend `dccd -u`
to inflate the delay for busy anonymous clients.
Make server selection more stable despite network problems.
Fix some cases of false alarms of database corruption by dbclean.
This fix is important where dbclean complains about `repairing` the
database.
Clear dccd queue delay when the server is idle. This should help
dccd on BSD/OS after dbclean runs.
Avoid `chown` and `chgrp` with `configure --disable-sys-inst`.
Add `dccproc -x exitcode` as suggested by Paul Wright.
`cdcc clients` displays counts of NOPs to catch misconfigured firewalls
at clients.
1.1.36
Add optional DCCM_ENABLE and DCCD_ENABLE to /var/dcc/dcc_conf
Look for libmilter.a where it is in some versions of Linux.
Add "eval" to start-dccd, start-dccm, and start-dccifd when
not using a separate UID to allow quoted blanks in
`dccm -r "rejection messages"`.
1.1.35
Deal with name space pollution in Solaris as suggested by Isaac Saldana.
1.1.34
Fix libexec/dcc-stats-collect and libexec/stats-get as noted
by Valentin Chopov.
Adjust FUZ2 length thresholds to catch more HTML obfuscated spam.
Reduce some stalling of dccd on BSD/OS when dbclean starts.
Resolve conflict between start-dccifd and dccifd by making the default
location for the dccifd PID file the same as for the dccm file
Fix dccifd to remove stray X-DCC headers.
Fix start-dccifd to pay attention to DCCIFD_ARGS in dcc-conf.
1.1.33
Fix rare core-dump in dccd that more frequently corrupts the database.
Do not loop forever as the result of some database corruption.
Turn off by default dccd blacklist event tracing.
Increase the limit on the size of white-listed CIDR blocks from /24 to
/20 or 1024 IP addresses. Every IP address whether specified
separately or with a CIDR block requires a separate entry in a
client DCC whitelist hash table. The hash table is limited to
about 80K entries.
Add '-T' to misc/hackmc to trust or white-list mail authenticated
by SMTP AUTH or START TLS.
Server blacklisting suppresses "bad client or server-ID" error messages.
add /var/dcc/libexec/stats-get produce server statistics as noted by
Daniel Klein.
1.1.32
Do not count MIME content-type image bytes when deciding whether
to generate FUZ2 checksums.
Unlink dccm and dccifd PID files before trying to (re)create them.
Dccm watches milter "contexts" more closely for corruption.
Add an optional count to `cdcc clients`.
Dbclean tries harder to restore dccd flooding.
Initialize wtgts in dccproc as noted by Leandro Santi.
1.1.31
Fix core dump in ckfuz1.c noted by Gary Mills.
1.1.30
Allow blanks in MIME boundaries.
Possibly fix compiler "initialization type mismatch" warnings noted by
Gary Mills.
1.1.29
Fix dccm core dump in ckfuz1.c noted by Sven Willenberger.
1.1.28
Fix dccm core dump in dcc_ck_body0() noted by Valentin Chopov.
1.1.27
Add to HTML character references known by the Fuz2 checksums.
1.1.25
Notice "Content-Type: text/html" headers to pay attention to HTML
even in mail without <html> tags.
Tweak the Fuz2 checksum to ignore some Microsoft delivery notifications.
Adjust Fuz1 checksum to be more consistent on URLs.
Fix date bug reported by Krzysztof Snopek in `cdcc clients`.
Include an indication that the client was blacklisted in `cdcc clients`.
Change MIME decoding somewhat as suggested by Leandro Santi.
Fix bug in dccd client blacklist.
Add `dccm -g not-all`.
1.1.24
Add `cdcc "clients -s"` to sort by the number of requests.
Add /var/dcc/blacklist of blocks of IP addresses refused by dccd.
Remove -lpthread from $(DPADD) in dccm and dccifd Makefiles for Solaris
with gmake to try to deal with problem observed by Krzysztof Snopek.
1.1.23
Fix handling of & in the middle of words in HTML.
Change dccifd to respond with DCCIF_RESULT_REJECT or 'R' when
queried about spam.
Fix typo in detection of non-compiler on SunOS.
Add `./configure --disable-dccifd` as suggested by Krzysztof Snopek.
1.1.22
Fix inconsistencies in fuzzy checksums computed by dccm and dccproc.
More ./configure script changes to try to deal with problems on
a Solaris system with GCC and some undetermined oddities.
1.1.21
Suppress repeated messages about unauthorized server IDs of peers.
Install cdcc, dccproc, and so forth in $HOME/bin by default
if /usr/local/bin is not writable and $HOME/bin exists.
Fix infinite loop in decoding invalid HTML character references.
1.1.20
Fuzzy checksums ignore all text before initial MIME boundary and
after terminal MIME boundary.
Add support for Spanish thanks to Leandro Santi.
Shuffle hostname resolving code to try to fix what may be a race
in the Linux pthread_create() as discovered by Karl Grindley.
Reduce default value of `dbclean -e` from 7 to 2 days. Mail that does
not reach the local bulk threshold within 2 days is probably not
spam and if it is, it will almost certainly reach a bulk threshold
at some other server in the network.
1.1.19
fix missing env_From handling in dccifd/dccif.pl observed
by Nathan Neulinger
set mode of dccifd socket to 0666 as suggested by Nathan Neulinger
1.1.18
fix `dccproc -c` logging bug noted by Brad Volz.
fix ./configure to pick UID and GUID out of `id` with --disable-sys-inst
multiply the `dccd -u` delay by 4 when flooding is off or broken to
steer clients away from DCC servers without working links.
radically reduce the number of wsync() calls to speed systems with
lame mmap() support including BSD/OS 4.2.
fix setting of file descriptor limit in dccm and dccifd as noted
by Gary Mills
change configure script to deal with change in gmake version string
discovered by Aaron Paetznick
1.1.17
add DCC interface daemon, dccifd, similar to dccm for SpamAssassin and
Perl filters and MTAs other than sendmail. This is only an initial
release soliciting comments about its interface. Its interface
may change in 1.1.18. The new lines of homdir/dcc_conf must be
added to /var/dcc/dcc_conf to turn it on.
`dccm -a IGNORE` says "would have rejected" in the log messages
for Sven Willenberger
generate sample client-ID password for localhost server in /var/dcc/ids
and /var/dcc/map
dccd only complains about unknown server-IDs when "IDS" tracing is
turned on.
DCC clients check for new server DNS records every other hour
instead of every hour
compute the same Base64 result for 32-character lines with or without '\r'
close unlikely, theoretical per-user log file FD leak in dccm.
dccproc passes header lines (including continuations) longer than
20 KBytes
fix bugs in misc/newwebuser as noted by Furlan Campos.
dccm deletes all X-DCC headers of the right brand name to foil
tricky spammers.
dccproc defaults the -T tmpdir to the -l logdir
1.1.16
fix long HELO values in dccm from Leandro Santi.
fix /var/dcc ownership installation bugs noted by John Reames.
let count of clients seen within 24 hours be more than 1000.
change misc/na-spam, the news.admin.net-abuse.sightings gateway script
to use dccproc log files instead of generating its own.
don't allow ':' in DCC server "brandnames".
recover misplaced change to misc/dcc.m4 to fix need to use
FEATURE(`delay_checks')
fix apparently harmless quoting error in dcc.m4
fix `cdcc "flood stats all"` when the server's peers are not ordered
by their IDs.
decode Base64 with invalidly long lines.
1.1.15
change graph generating shell scripts, including making the
database size RRA use "MIN" instead of "MAX". A shell script
that can convert existing RRDs is available.
make `misc/hackmc -O` apply to all uses of the sendmail access DB
instead of only the envelope Mail_From value.
1.1.14
tweak graph generating shell scripts.
add `cdcc "flood stats all"` and `cdcc "flood stats clear all"`
1.1.13
tweak graph generating shell scripts including fixes from Jack Bates.
adjust autoconf mechanism to try to deal with systems with inet_ntop()
but without IPv6.
1.1.12
move dccd statistics to the flod.map so they're preserved despite
restarting dccd.
add shell scripts to generate RRD graphs.
make rate-limits run-time parameters for `dccd -R`.
1.1.11
fix dccm bugs with handling a non-responsive server.
change misc/hackmc to modify sendmail.cf to reject unauthorized relay
attempts with a temporary failure when they are supposed to be sent
to the DCC but dccm is not running. This prevents leaking relay
relay spam. You must use the new hackmc script to install this
change in sendmail.cf.
remove "# whitelisted" from `cdcc stats` output to give more room
for totals.
prevent empty dccproc log files as noted by Krzysztof Snopek.
even fatal errors should cause dccproc to exit with 0 to avoid
rejecting mail, as noted by Krzysztof Snopek.
When server hostnames have common IP addresses, prefer the server
with the non-anonymous client-ID, noted by Krzysztof Snopek.
1.1.10
try to deal with truncated per-user dccm logs on Solaris.
reduce threshold at which Fuz2 checksums are computed to capture
more spam.
force the use of gcc on Solaris.
try not to wait for the syslog console messages to resolve a dccm
crash on Solaris.
1.1.9
make `cdcc "flood list"` unpriviledged, but disclose only server-IDs
to strangers.
1.1.8
fix "invalid database address" problems on SPARC systems with
./configure ----enable-big-db
%-encode quotes in URLs generated by the CGI scripts.
fix `cdcc "id=X"` for X>65535.
increase path length limit to 24.
add `dblist -I server-ID`.
1.1.7
fix man page installation on AIX.
work around connect() bugs on AIX41 and OpenUNIX.
1.1.6
fix encoding of quote characters in the CGI scripts
look for sendmail 8.12.1 libsm.a that is required by that version of
the Milter code.
make the configure script again find the FreeBSD MD5 library.
1.1.5
fix bugs in white-list links in the CGI scripts.
increase 8-hop flooding path limit to 16.
changes from Mark Moraes to compile dccproc under Cygwin on Windows 2000
the DCC source compiles on OpenUNIX 8.0.1 thanks to Larry Rosenman.
reduce the chances of duplicate or missing entries in the list
from `cdcc clients` as suggested by Dave Lugo.
add `dblist -C` to limit the listing to reports with specified checksums
as suggested by Sam Leffler.
`dccm -r "4xx ..." now produces a proper SMTP "temporary failure".
deal with /usr/include/md5.h that seems to be RedHat 7.3 but that does
not compile by itself.
1.1.4
fix dccproc and dccm tarballs broken in 1.1.3.
1.1.3
add a "VERSION:" string to the start of dccm and dccproc log files.
fix memory leak in dccm observed by Gary Mills.
fix core-dump in dccd with unreadable /var/dcc/flod noted by Sam Leffler.
add prototype CGI scripts for per-user white lists.
rate limit and improve log messages about read-only whiteclnt files.
allow null passwords for server-IDs in /var/dcc/ids that are used only
as markers so that no DCC server is accidentally started with the
password "unknown"
install initial /var/dcc/map file using dcc.dcc-servers.net
install empty server database as suggested by Andrew Macpherson.
create /var/dcc/log during installation.
adjust the `dccd -u` default to minimize rejecting DCC queries from
nearby anonymous clients.
convert upper to lower case in dccm per-user white list directories as
suggested by Andrew Macpherson.
allow null passwords as place-keepers in /var/dcc/ids.
rebuild gmake .d depend files when include/dcc_config.h changes so
that bad things don't happen when a header file disappears and
the configuration changes to match.
fix "log-del" option in /var/dcc/flod to log checksum delete requests.
add "del" and "no-log-del" options to /var/dcc/flod lines.
change the defaults for flooding delete requests to log them ("log-del"),
not send them ("no-del" among o-opts) and
reject them ("no-del" among i-opts).
change misc/hackmc to be usable in typical Makefiles that generate
.mc files. It now feeds a single set of .mc files to m4
to produce a single .cf file on stdout instead of a set of .mc files.
It also no longer includes ../m4/cf.m4
use native sendmail milter libraries on FreeBSD 4.6
IDs in /var/dcc/ids can be placeholders without passwords
1.1.2
fix `dccm -W`.
the recipient mailbox resolved by sendmail can be used as an white list
value by dccm. This simplifies white-listing when the system
has more than one name.
1.1.1.
add -follow to cron-dccd in case user log directories are beyond
symbolic links.
fix "resource temporarily unavailable" message from dccproc
reported by Henrik Lewander.
fix `dccm -W` problem in 1.1.0 reported by Mark Motley.
1.1.0
"substitute" whitelist header entries must start with the name of
the header. This is incompatible with previous versions.
remove `dccm -a REJECT_ONLY`
add per-user whitelists and logs to dccm. See `dccm -U`. Use the
DCCM_USERDIRS variable in the new homedir/dcc_conf file to turn on.
To generate per-user log files without leaking informatio about
Bcc addresses, the format of all log files has changed slightly.
Look for "bulk" in the X-DCC line instead of the final "targets" line.
add `dccproc -E` to add dccm log file style envelope lines to log files.
fix cleaning of hourly DCC log files as suggested by Gary Mills.
X-DCC header lines contain the string "bulk" when the message is bulky.
add the "mail_host" as a possible "subsitute header" for dccm.
several of the mailing lists in the sample white list now require that
dccproc or dccm use `-S sender` or dccm use `-S mail_host`.
This removes hostnames from the sample whitelist, because they
can take a long time to resolve or fail to resolve.
change env_To: lines in dccm log files to include the sendmail "mailer"
and address. Also add the resolved "mail_addr" and "mail_host"
to dccm log files.
allow common dccproc white list files owned by the DCC user to be in
subdirectories of the DCC home directory instead of only the
DCC home directory.
use Rgethostbyname() in clients only when `cdcc SOCKS on` is sent
and in the server only for flooding peers that are flagged with
"SOCKS" in /var/dcc/flod.
use gethostid() and hash the local host name instead of gethostbyname()
to generate the DCC client host ID
consider an entire report of checksums obsolete if the fuzziest checksum
is obsolete for dbclean or flooding. This reduces the database
size and flooding bandwidth by another factor of 2.
fix `./configure --mandir=/tmp/foo` to put the man pages into
/tmp/foo/man8/dccm.8 and similar places on other systems instead
of /tmp/foo8/dccm.8 as suggested by Michael Grant.
add `configure --disable-sys-install` to simplify and make a non-system
installation (e.g. by a user with a shell account) safer (no suid).
stop frequent complaints about bad flooding passwords in most cases.
1.0.53
fix bug in fuzzy checksums that was not handling long Base64 lines.
increase the thresholds for computing the Body and Fuz2 checksums
and decrease the threshold for the Fuz1 checksum.
limit work-around for broken Linux threads that need signals delivered
to the process group to Linux systems to avoid breaking dccm
on Solaris 2.6 systems.
add `cdccc "flood stats ID". Part of this involves a change
to format of the flod.map file. It will be automatically rebuilt.
fix `cdcc clients` and `cdcc stats` operations to do better with more
than 64 active clients.
fix core-dump in dccd found by James Carlson.
use Rgethostbyname() when SOCKS is configured.
fix private (not owned by the dcc user) whitelist files for dccproc.
notice and report missing incoming flood connections.
detect and complain about duplicate definitions in /var/dcc/ids
1.0.52
fix bug in dbclean that was inflating instead of compressing some
reports.
fix spurious emergency execution of dbclean by dccd.
deal with missing h_nerr and h_errlist[] in Solaris 2.6 as
suggested by Gary Mills.
fix use of old $DCCM_RUNDIR in rcDCC as suggested by Gary Mills.
fix extra blank in dcc.m4 as suggested by Gary Mills.
generate dcc.m4 with the local choice for /var/dcc/run with configure.
use dcc_inet_ntop() on systems that do not understand IPv6 to fix
a problem on Solaris 2.6 discovered by Gary Mills.
1.0.51
fix man pages on FreeBSD.
fix file descriptor leak in dccd when using SOCKS.
`cdcc "flood check"` forces dccd to re-resolve hostnames for flooding
peers that are failing.
1.0.50
Improve automatic dbclean-ing by dccd.
1.0.49
Check the log directory for dccproc and dccm after changing to the
home directory.
1.0.48
Split old records in the database so they compress better.
Reduce bandwidth required for flooding by summarizing checksum counts.
Fix configure in the partial packages, dcc-dccm-*.tar.Z and
dcc-dccproc-*.tar.Z
Fix `dccd -K no-IP`.
Fix error messages for `dccproc -c type,thold` and add "never" as in
`dccproc -c all,never`
Fix yet another bug in dcc_mkstemp().
Add "NEVER" to -c for dccproc and -t for dccm.
Enhance `dccm -l logdir` and `dccproc -l logdir` to scatter log files
among directories for systems dealing with more than 500,000
mail messages per day.
Dccm log files are now named "tmp.XXXXXX" until it is known that they
are needed and they are renamed to msg.XXXXXX or they are deleted.
1.0.47
Make "-n brand" optional for dccd.
decode Base64 before computing checksums.
remove `cdcc pck` and `cdcc delck body` operations.
add configure parameter --with-bad-locks to deal with Solaris mmap()
vs. fcntl() locking problems.
Dccm and dccproc shold keep only the last of several locally specified
header checksums.
Because people have been confused by env_To checksums being ignored
in server whitelists, they are now reported as errors.
1.0.46
Fix garbage in dccm log file names.
When run as root, dbclean avoids changing the owner of the database files.
Add logging to dccproc in the style of dccm.
Accept hex checksums to allow whitelisting message bodies, and especially
"empty" bodies contianing more than 1 KBytes generated by
Outlook Express.
Improve compression of old entries in the database.
Add checking of "substitute" headers. See -S in the dccm and dccproc
man pages.
1.0.45
Repair incoming flood duplicate detection broken in 1.0.44.
1.0.44
Dccd now tries to fix the database when it starts
dccd also marks the database potentially inconsistent while it
is running and until it stops cleanly. Graceless shutdowns
are now detected and the database is automatically checked with
`dbclean -R` before dccd resumes operation.
Add Fuz2 checksums to the default lists along with Fuz1 and Body
By default, dccd does not keep non-body checksums in the database.
The previous behavior can be restored with -Kall.
Double the maximum size of the database's hash table
Teach dccd to run dbclean to expire checksums so things work even
if the cron job doesn't
Misc/hackmc -D adds a local rule to reject mail from SMPT clients
without reverse DNS to the DCC
Suppress messages from dccd for EINVAL the second connect().
This is lame, but both FreeBSD and Linux answer the second connect()
on a non-blocking socket after an ICMP Unreachable or timeout
with EINVAL.
Speed up dbclean for large databases
It is only about 2.5 times faster on linux 2.2.14-5.0
Large systems handling more than 200,000 messages/day should
use --with-db-memory=500000000 or whatever is the appropriate number.
This change combined with the -K changes mentioned above produce
an overall speed-up of about 10 times for busy, not large systems.
Add configure parameter --enable-big-db to support server databases
with up to 2 billion instead of 16 million entries in the hash table
Fix problem with env_To white-listing reported by Mark Motley
Add -H to dccproc to emit only the header
Fix dccd to pass -L parameters to dbclean so that log messages from
automatic invocations of dbclean are not lost
1.0.43
add prototype Fuz2 fuzzy body checksum and remove the subject checksum
See INSTALL.{html,txt} about DCC_RPT_SUBJECT if you want to
restore Subject checksums in in you DCC clients.
fix SOCKS connection and re-connection of flood stream.
add -c thresholds to dccproc and make its exit code indicate whether
they are exceeded. This should eliminate common needs to parse
the output of dccproc.
fix dccd iflod_send_pos() core-dump seen during very high network losses
to flooding peer.
deal with Linux bug in not allowing connect() after a previous
connect() to 127.1.
fix dccm core-dump on some platforms when whitelist hostnames fail to
resolve.
deal with Linux `bash` vs. `su`
handle duplicate local interfaces on Linux
make `cdcd "flood rewind"` require a remote server-ID
1.0.42
fix dccm crash while dealing with white list.
1.0.41
fix bug introduced in 1.0.37 that broke `cdcc add`
include truncated getifaddrs() for systems that do not have it to improve
the default behavior of dccd with multihoming.
fixes for syntax errors in misc/{rcDCC,stop-dccd} from Michael Ghens
make `dccm -W` less confusing.
change hackmc to report mail with bogus DNS senders to the DCC
1.0.40
fix for syntax error in /var/dcc/libexec/cron-dccd from Dave Lugo
deal with slow dccd response to dbclean
1.0.39
keep dccd from going crazy with a crazy value for -q
1.0.38
fix dccd core dump with Dave Lugo's help.
improve dccd host name resolving helper process.
improve misc/na-spam.
`cdcc 'stats clear'` now also clears the list of clients seen by dccd.
add a path of server-IDs to flooded checksum reports.
increase the number of checksums recognized by the server.
fix pthread error on SunOS and possibly AIX.
use absolute path for `cdcc` in /var/dcc/libexec/stop-dccd as suggested
by Sam Leffler.
improve fuzzy ignoring of MIME multipart boundaries.
1.0.37
deal with lack of -s in SunOS `logger`.
dccd now has a helper process to wait for slow DNS servers to resolve
the names of flooding peers.
Deleting and restarting the DCC server's database now causes dccd to
ask peers to re-flood their checksums. This new feature required
changing the flooding protocol. DCC servers using the new protocol
talk to servers using the old protocol after the old servers start
their streams or with an explicit tag in the /var/dcc/flod file.
`sendmail -bs` is used by some mail user agents such as pine. In such
cases the sendmail milter interface gives filters such as dccm a null
pointer to what should be an IP address and a pointer to the
string "localhost". Dccm now acts as if such mail arrived from
IP address 127.1. This makes the common white list entry
"ok IP localhost" effective for such mail. Note that dccm deletes
X-DCC header lines with its own brand from white listed messages,
because they would otherwise be wrong and a potential vulnerability
to bad guys.
Fix `dccproc -o ofile` to include the X-DCC header in ofile. If this fix
is a problem, see `dccproc -C`
add /var/dcc/libexec/na-spam and ng-spam to gather spam from
news.admin.net-abuse.sightings
fix start-dccd, start-dccm, and cron-dccd to support multiple dccd
daemons in separate home directories.
1.0.36
support for OSF1.
handle msync() with only two parameters in old BSD/OS.
try to fix rare core-dump in dccm whitelist parsing.
fix error in misc/dccdnsbl.m4 noted by Michael Ghens.
fix autoconf errors for SunOS noted by Sam Leffler
add "log-del" option to /var/dcc/flod file
fix recent damage to DCC{D,M}_ARGS in start_dcc{d,m}
1.0.35
add DCC_LOG_FACILITY to dcc_conf as suggested by Sam Leffler.
You must install the new homedir/dcc_conf with your parameters
to use it.
fix recently introduced bug that kept dccd from automatically
running dbclean to expand the database.
document the output of the dblist program in its man page.
`configure --with-rundir` can be used to override the use of /var/run/dcc
for the PIDs of DCC daemons, sockets, and so forth.
`configure --with-uid=dcc` creates Makefiles and scripts to install
and start DCC programs as the user "dcc"
1.0.34
support for IRIX
fix bug in setting libexecdir for configure
change `cdcc stats` to show cumulative report counts
increase maximum number of flooding peers from 16 to 32
and make it a compile-time parameter
change $UID in misc/start-dcc{d,m} to the avoid reserved variable in
RedHat 6.2 as suggested by Michael Ghens
fix bug in cron-dccd found by Michael Ghens and Dave Lugo
remove mechanism for configuring the DCC home directory by setting
an environment variable before invoking `make`
change the default value of the -u anon-delay parameter for dccd to 0.
add "flood list" operation to `cdcc`
look for sendmail for dccm in a FreeBSD "ports" package
1.0.33
support for HPUX thanks to Richard Rauenzahn.
check against "$USER" instead of "root" in start-dccm and start-dccd
as suggested by Luke Crawford.
make the server rate limits configurable at compile-time.
1.0.32
fix bug in local white lists that ignored changes in the count field
by default, start-dccm no longer tells dccm to reject based on
message-ID checksums
fix recently introduced bug that kept flooding off after the
hash table needs to be expanded.
1.0.31
add SOCKS support.
dccproc only logs errors unless given -d. This should fix problems
in some mail systems using dccproc caused by network problems.
fix permissions bugs related to using private map files
the dcc_notspam sendmail macro used by dccm with -o must be non-empty
to be considered "set".
1.0.30
fix man page installation on OpenBSD.
fix bug in starting incoming floods on systems with IPv6 interfaces
but without what DCC recognizes as IPv6 support such as OpenBSD.
deal with systems such as OpenBSD with lame mmap() support.
speed up recognition of changes in the /var/dcc/flod file.
use DCCM_REJECT_AT in /var/dcc/dcc_conf to also set the default
flooding threshold used by dccd when it is started by
/var/dcc/libexec/start-dccd
add configure switches to not build dccm and the server
`dccd -u` turns off `cdcc stats` from anonymous systems to avoid telling
strangers how many mail messages a small DCC server has seen.
1.0.29
fix start-dccd to deal better with non-standard DCC home directories.
dccproc is now like dccm and treats a missing Message-ID header.
as if it were present and with a null value.
do the right thing for DCC servers running on platforms where
gethostname() fails completely on a short buffer instead of
giving a prefix of the hostname.
detect and quit on null hostname from gethostname().
1.0.28
improve the handling of an already running daemon in by misc/start-dccd
support mapping of ranges of server IDs when flooding reports
yet more changes to deal with quoted-printable. These changes
generally cause the fuz1 checksum to differ.
remove need for FEATURE(delay_checks) when reporting sendmail access_db
hits to DCC server
change body checksum to ignore '>' in "\n>From" because the '>' is
often added for old UNIX MUAs.
improve response of dccproc to 20KByte or larger To: headers.
make `cdcc "file map2; load map2.txt"` act the same as
`printf "file map2\nload map2.txt" | cdcc`
dccm now treats a missing Message-ID header as if it existed but with
a null value.
1.0.27
change example scripts to deal with `expr` exiting with 1 and stopping
them on Solaris
fix client IDs larger than 65535
detect and complain server IDs offered to `cdcc` as client IDs
1.0.26
if dccm is already installed, try to build it even if the sendmail
milter library is not available to prevent silent failures to
install new versions of dccm.
1.0.25
fix confusion if a quoted-printable sequence overlaps a buffer boundary.
do not give up on remote servers if a local server responds with
an ICMP unreachable error.
1.0.24
minimize interpreting '=' in a URL as quoted-printable to make dccproc
and dccm compute the same fuzzy checksums more often.
1.0.23
fix confusion in dccproc about whether an initial line of a message
that starts with blanks is a continuation of the last header line
1.0.22
fix infinite loop and packet spew from dccproc when the clock jumps
backward or jumps forward more than 1000 seconds.
fix syslog process name on Solaris and AIX
`dccproc -R` picks IP address out of standard Received: lines
fix bugs in decoding quoted printable with broken soft ends of lines
1.0.21
repair DCC server whitelist broken in 1.0.20
1.0.20
support for Solaris
describe ways to connect spam traps to the DCC in INSTALL.html
move parameters from start-dccd, start-dccm, and cron-dccd to a common file
add misc/rcDCC start-up script for Solaris and Linux
fix byte-order bug in flood header server ID which requires changing
the flood protocol. To flood to version 1.0.19 or older versions
of dccd, specifiy version 4 in the flod file line.
removed locking file /var/dcc/map.lock
change handling of spam sent simultaneously to white-listed and unlisted
targets. See the discussion of the new "REJECT_ONLY" action in the
dccm man page.
1.0.19
improve `cdcc stats` flood formatting
fix `cdcc "host domain.com; stats all"`
change dccproc to use the value of the Return-Path: header for the
envelope-From checksum if the header is present and -f is not used.
fix `dbclean -S -N` when the whitelist is empty
add rough support for NetBSD.
mention dccd in the INSTALL file.
fix for parsing "-L error,LOCAL1.ERR" from Vincent Schonau
1.0.18
add "clients -n" to cdcc
add -C to dccproc
1.0.17
add dccsight
1.0.16
try again to deal with getifaddrs() without freeifaddrs().
fix bug introduced in 1.0.15 that causes dccproc to require
a white-list
fix corruption of /var/dcc/map when dccproc is run with stderr not
open and when the DCC server first fails to answer.
1.0.15
make the sendmail {dcc_isspam} and {dcc_notspam} macros consistently
override what dccm and the DCC server determine
1.0.14
deal with systems that have getifaddrs() but not freeifaddrs().
fix bogus response from server when a duplicate request from an
anonymous client arrives before the original request has been
scheduled to be answered.
fix obscure double-trip bug in threaded client library.
accept "rpt-ok" as well as "rpt_ok" in the ids file.
fix /var/dcc/flod option scanning bug by dccd.
'dccd -u 999999' turns off access by anonymous or unauthenticated clients.
add -W to dccm to cause only explicitly listed targets to be protected
by the DCC
add a "reject" server-ID translation target in the flods file to
not send or receive the reports of some servers.
1.0.13
add RTT adjustment to cdcc load and add operations to allow a client
to prefer servers despite worse RTT's
1.0.12
in dccm count two intead of one open file for each active job against
the system imposed limit on open files for automatically setting
the value of -j for dccm and for automatically changing the soft
resource limit.
use the GNU autoconfig install script instead of `install -d` to create
$(HOMEDIR)/libexec because GNU autoconfig does not detect install
programs that do not understand -d
rate limit complaints by dccd about unrecognized server IDs
1.0.11
dccm tolerates null sender IP addres and hostname from `sendmail -bs`
from sendmail 8.11.3 but perhaps not from 8.12.
change -p for dccd and dbclean to -a to allow specification of entire
server addresses.
by default, dccd listens on separate UDP sockets so that clients receive
responses from the same IP address to which they send requests.
1.0.10
fix "bogus oflod complaint length 0" nonsense from server
`cdcc stats` counts the clients seen in the last 24 hours, but
`cdcc clients` displays all that fit in the cdcc buffer even if
older than 24 hours
the `configure` script looks at `make -v` to guess whether to generate
gmake or make makefiles
include list of common "dictionary attack" user names among the sample
homedir files
1.0.9
body checksums ignore effects of quoted-printable encoding
deal with versions of gmake that do not understand ?=
improve "clients" request of cdcc
1.0.8
fix rate limiting bugs in the server
fix local env-To whitelist
1.0.7
fix locking bug when client whitelist file cannot be opened
use `install -c` to not delete misc scripts
fix server flood stalls when there are many stale or whitelisted
reports
1.0.6
fix bug in alternate dccm argv[0] in start-dccm
fix bug in noticing changes to included white lists
1.0.5
install cron-dccd, start-dccd, and start-dccm in $(HOMEDIR)/libexec
1.0.4
fix server core-dump for repeated invalid admin. opcodes while
tracing is enabled.
add "clients" request to `cdcc`
add "stats all" request to `cdc
add homedir/start-dccm.sh
/var/run/dccm.pid and /var/run/dccm depend on argv[0]
white-lists can use "include pathname"
dccm -o overrides -s
dccm -o and -s have default values
move /var/run/dccm and /var/run/dccm.pid to the directory /var/run/dcc
and change the sendmail "feature" file misc/dcc.m4 to match
1.0.3
improve flood ID mapping
remove need to explicitly build before `make install`
|