File: FAQ.html

package info (click to toggle)
dcc 1.2.74-2
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 3,552 kB
  • ctags: 4,041
  • sloc: ansic: 41,034; perl: 2,310; sh: 2,186; makefile: 224
file content (980 lines) | stat: -rw-r--r-- 41,677 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML>
<HEAD>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    <TITLE>DCC FAQ</TITLE>
    <META http-equiv="Content-Style-Type" content="text/css">
    <STYLE type="text/css">
        <!--
        BODY {background-color:white; color:black}
        UL.FAQlist {margin-left:10%; margin-right:10%}
        DL.FAQbody {margin-left:5%}
        -->
    </STYLE>
</HEAD>

<BODY>
<H1>Distributed Checksum Clearinghouse (DCC) Frequently Answered Questions</H1>

<P>
Current versions of this list can be found among the
<A HREF="http://www.rhyolite.com/anti-spam/dcc/">DCC web pages</A>
and their <A HREF="http://www.dcc-servers.net/dcc/">mirror</A>.

<UL class="FAQlist">

<LI><A HREF="#what-is-it">
What is the Distributed Checksum Clearinghouse or DCC?</A>
<LI><A HREF="#fuzzy-personalize">
Do the fuzzy checksums ignore <Q>personalizations</Q>?</A>
<LI><A HREF="#system-load">
How much bandwidth, disk space, and computing does the DCC require?</A>
<LI><A HREF="#need-server">
Do I need to run a DCC server?</A>
<LI><A HREF="#crash">
What happens to my mail if the DCC crashes?</A>
<LI><a HREF="#mark-only">
How do I mark spam without rejecting it?</A>
<LI><A HREF="#bad-man">
Why doesn't the man command find the man pages?</A>
<LI><A HREF="#sendmail-only">
Must sendmail be used with the DCC?</A>
<LI><A HREF="#qmail1">
How can the DCC be used with qmail?</A>
<LI><A HREF="#smtpd">
Can the DCC be used with smtpd?</A>
<LI><A HREF="#exim">
Can the DCC be used with Exim?</A>
<LI><A HREF="#other-MUAs">
How can the DCC be used with mail user agents?</A>
<LI><A HREF="#spamass">
Can the DCC be used with SpamAssassin or other spam filters?</A>
<LI><A HREF="#root-needed">
Must I have the root password to use the DCC?</A>
<LI><A HREF="#firewall-ports2">
Why don't the public DCC servers work?  Do I need a client-ID?</A>
<LI><A HREF="#firewall-ports">
Which ports do I need to open in my firewall?</A>
<LI><A HREF="#cleaning1">
Why does the dccd database grow without bound?</A>
<LI><A HREF="#cleaning2">
The dccd database is corrupt.  What should I do?</A>
<LI><A HREF="#bad-locks2">
Why did building the DCC fail with a complaint about
"Resource temporarily unavailable"?</A>
<LI><A HREF="#bad-locks">
Why do my DCC clients including cdcc and dccproc
complain about "Resource temporarily unavailable"?</A>
<LI><A HREF="#maxprocs">
Why does dccifd or dccm complain about
"thread_create() failed: 11, try again"?</A>
<LI><A HREF="#server-pick">
Why doesn't my DCC client pick my local DCC server?</A>
<LI><A HREF="#IDs1">
If I have a server-ID, do I need a DCC client-ID, or vice versa?</A>
<LI><A HREF="#IDs2">Why does my DCC server complain about
 "rejected server-IDs" among flooded checksum reports?</A>
<LI><A HREF="#server-rate-limits">
Why does my server refuse to accept more than 20 operations per second?</A>
<LI><A HREF="#private-server">
How do I keep strangers from using my DCC server?</A>
<LI><A HREF="#dccm-log1">
How can I determine why dccm reported
a message as spam or with a recipient count of "MANY"?</A>
<LI><A HREF="#dblist1">
How can I see what checksums my server has heard from its clients?</A>
<LI><A HREF="#whitelist1">
Why is mail from my favorite mailing list marked with an
<I>X-DCC</I> header line that says it is spam?</A>
<LI><A HREF="#x-dcc-header1">
Why are some checksums missing from my <I>X-DCC</I> header lines?</A>
<LI><A HREF="#reg-exps1">
Can I use wild cards or regular expressions in DCC white lists?</A>
<LI><A HREF="#whitelist10">
How do I white-list mail from a legitimate
bulk mailer using its name or SMTP headers such as Mailing-List or the
Habeas SWE headers?</A>
<LI><A HREF="#whitelist2">
Do I need both server and client white lists?</A>
<LI><A HREF="#whitelist9">
How do I maintain client white lists?</A>
<LI><A HREF="#whitelist3">
When the white list file used by dccm or dccproc is changed,
what must be done to tell the software about the change?</A>
<LI><A HREF="#whitelist4">
Why do legitimate mail messages have
<I>X-DCC</I> header lines that say they are "bulk"?</A>
<LI><A HREF="#whitelist5">
Are IP address blocks in white lists used by dccproc?</A>
<LI><A HREF="#whitelist6">
Why is dccproc is ignoring <I>env_from</I> white list entries?</A>
<LI><A HREF="#whitelist7">
Why is the DCC server is ignoring <I>env_from</I> white list entries?</A>
<LI><A HREF="#delck">
What if I make a mistake with
dccproc&nbsp;-t&nbsp;many and report legitimate mail as spam?</A>
<LI><A HREF="#whitelist8">
Can the sendmail "spamfriend" mechanism tell
dccm to not check mail sent to some addresses?</A>
<LI><A HREF="#false-positives">
How can I avoid polluting the databases of DCC servers with
checksums of my mail that is not spam?</A>
<LI><A HREF="#flood3">
How many flooding peers does my DCC server need?</A>
<LI><A HREF="#flood1">
Do I need to tell the operators of other DCC servers
the password for controlling my server to turn on flooding?</A>
<LI><A HREF="#flood2">
How can I figure out why flooding is not working?</A>
<LI><A HREF="#rtt">
Why didn't the RTT reported by
the cdcc&nbsp;info
operation change when my network topology changed?</A>
<LI><A HREF="#socks1">
When my clients are configured to use SOCKS, they do not
realize immediately when a server is down.</A>
</UL>



<DL class="FAQbody">

<DT><STRONG><A NAME="what-is-it">
What is the Distributed Checksum Clearinghouse or DCC?</A></STRONG>
<DD>See the main <A HREF="dcc.html">DCC man page</A>
as well as the
<A HREF="http://www.rhyolite.com/anti-spam/dcc/FAQ.html">DCC web pages</A>
and their <A HREF="http://www.dcc-servers.net/dcc/FAQ.html">mirror</A>

<P><DT><STRONG><A NAME="fuzzy-personalize">
Do the fuzzy checksums ignore "personalizations"?</A></STRONG>
<DD>Yes, they ignore many so called "personalizations".


<P><DT><STRONG><A NAME="system-load">
How much bandwidth, disk space, and computing does the DCC require?</A></STRONG>
<DD>The UDP packets used by a DCC client to obtain the checksum totals
from a DCC server for a mail message generally use less bandwidth than
the DNS queries required to receive the same message.
A DCC client needs very little disk space.
<P>
Bulk messages are usually logged by DCC clients.
On systems receiving a lot of mail, the mechanisms for automatically
creating new log directories every minute, day, or hour
can keep any single log directory from becoming too large.
See the <A HREF="dccm.html#OPTION-l">dccm</A>
and
<A HREF="dccproc.html#OPTION-l">dccproc</A>
man pages.
<P>
As of January, 2004,
about 100 MBytes/day are exchanged between each pair of DCC servers.
Each server has 3 or 4 peers.
The resulting database is about 500 MBytes.
However, while <A HREF="dbclean.html">dbclean</A> is deleting old checksums,
there are three copies of the database.
The DCC clients and server do not need many CPU cycles,
but the daily executions of <A HREF="dbclean.html">dbclean</A>
on a system with a DCC server
require a computer with at least 768 MBytes of memory and work better with more.
<P>
DCC servers used by clients handling 100,000 or more messages per day
need to be larger.
Each additional 100,000 messages/day need about 100 MBytes of disk space
and system memory, given the default expiration used by
<A HREF="dbclean.html#OPTION-e">dbclean&nbsp;-e</A>.
<P>
In early 2004, a DCC server prefers at least 768 MBytes of RAM.


<P><DT><STRONG><A NAME="need-server">Do I need to run a DCC server?</A></STRONG>
<DD>A mail system that processes fewer than 100,000 mail messages per day
uses less of its own bandwidth and the bandwidth of other DCC servers
by using the public DCC servers.
Each mail message needs a DCC transaction that requires
about 100 bytes, and so 100,000 mail messages/day imply about 10
MBytes/day of DCC client-server traffic.  Each DCC server needs to
exchange "floods" or streams of checksms with 4 other servers.  Each
flood is currently about 100 MBytes/day for a current total of about
400 MBytes/day.
<P>
When normally installed by the included Makefiles, DCC clients are
configured to use the public DCC servers without any additional
configuration, except to open firewalls to port 6277.
<P>
Mail systems that process more than 100,000 mail messages per day
need local DCC servers connected to the global network of DCC servers.
The public DCC servers include denial of service defenses which
ignore requests in excess of about 240,000 per day per client.


<P><DT><STRONG><A NAME="crash">
What happens to my mail if the DCC crashes?</A></STRONG>
<DD>When in doubt or trouble, the DCC clients including
<A HREF="dccproc.html">dccproc</A> and <A HREF="dccm.html">dccm</A>
deliver mail.  They wait only a little while for a DCC server
to answer before giving up.  They then avoid asking a server for a while
to avoid slowing down mail.
<P>
If the DCC sendmail interface or milter program, dccm, crashes,
the default parameters in <A HREF="misc/dcc.m4">misc/dcc.m4</A>
for the sendmail.cf Xdcc line
tell sendmail to wait only about 30 seconds before
giving up and delivering the mail.
<P>
The DCC client code keeps track of the speeds of the
servers it knows about, and uses the fastest or closest.
Every hour or so it re-resolves A records
and checks the speeds of the servers it
is not using.  When the current server stops working or gets significantly
slower, the client code switches to a better server.


<P><DT><STRONG><A NAME="mark-only">
How do I mark spam without rejecting it?</A></STRONG>
<DD>Unless given thresholds at which to reject mail,
<A HREF="dccm.html#OPTION-t">dccm</A>
and
<A HREF="dccproc.html#OPTION-c">dccproc</A> do not reject mail.
When dccm is given a threshold by setting DCCM_REJECT_AT in
<A HREF="homedir/dcc_conf.in">dcc_conf</A> in the DCC home directory,
DCCM_ARGS can also be set to <A HREF="dccm.html#OPTION-a">"-a&nbsp;IGNORE</A>
so that spam is marked but not rejected.


<P><DT><STRONG><A NAME="bad-man">
Why doesn't the man command find the man pages?</A></STRONG>
<DD>The nroff source, formated nroff output, and HTML versions of the
man pages are in the top-level source directory.
Formatted or nroff source is installed by default somewhere in /usr/local/man
depending on the target system.
It may be necessary to add /usr/local/man to the MANPATH environment variable.
Even with that, SunOS 5.7 sometimes has trouble finding them unless
<B>man&nbsp;-F</B> is used.


<P><DT><STRONG><A NAME="sendmail-only">
Must sendmail be used with the DCC?</A></STRONG>
<DD>While the sendmail milter interface, <A HREF="dccm.html">dccm</A>
and the DCC program interface or <A HREF="dccifd.html">dccifd</A>
are the most efficient ways to report and check DCC checksums,
<A HREF="dccproc.html">dccproc</A> is also commonly used.


<P><DT><STRONG><A NAME="qmail1">
How can the DCC be used with qmail?</A></STRONG>
<DD>There are comments about using <A HREF="dccproc.html">dccproc</A> with
qmail
in the
<A HREF="http://www.rhyolite.com/pipermail/dcc/">DCC mailing list archives</A>
including Chris Shenton's
<A HREF="http://www.rhyolite.com/pipermail/dcc/2002/000126.html">message</A>.
See also
Chris Shenton's
<A HREF="http://chris.shenton.org/sysadm/antispam/dcc-qmail-gnus.html">
DCC, qmail, and gnus page</A>.


<P><DT><STRONG><A NAME="smtpd">
Can the DCC be used with smtpd?</A></STRONG>
<DD>Yes, <A HREF="dccproc.html">dccproc</A> can be used with Obtuse's smtpd.
Dave Lugo has contributed a shell script to the
<A HREF="http://sd.inodes.org/">smtpd-sd project</A>
which can be used to do DCC checking prior to the end of the SMTP
DATA command.


<P><DT><STRONG><A NAME="exim">
Can the DCC be used with Exim?</A></STRONG>
<DD>There are comments about using <A HREF="dccproc.html">Dccproc</A> with
<A HREF="http://www.exim.org/">Exim</A>
in the
<A HREF="http://www.rhyolite.com/pipermail/dcc/">DCC mailing list archives</A>
including these messages:
<UL>
<LI><A HREF="http://www.rhyolite.com/pipermail/dcc/2002/000203.html">
2002/000203</A>
<LI><A HREF="http://www.rhyolite.com/pipermail/dcc/2002/000254.html">
2002/000254</A>
</UL>


<P><DT><STRONG><A NAME="spamass">
Can the DCC be used with SpamAssassin or other spam filters?</A></STRONG>
<DD>The DCC can be used with
<A HREF="http://www.spamassassin.org/">SpamAssassin</A> as
well as other spam and virus filters.
Note that it is more efficient to arrange to use a DCC client daemon
such as <A HREF="dccm.html">dccm</A> to mark passing mail and check
<I>X-DCC</I> header lines in the filter than to start and run
<A HREF="dccproc.html">dccproc</A> on each message.
<P>
Some commercial virus and spam filters include DCC clients that
query public DCC servers or DCC servers operated by the filter vendor
and that "flood" or exchange bulk mail checksums with public servers.


<P><DT><STRONG><A NAME="other-MUAs">
How can the DCC be used with mail user agents?</A></STRONG>
<DD><A HREF="dccproc.html">Dccproc</A> can be used with any mail user
agent that can check mail headers.
For example, WD Baseley sent a
<A HREF="http://www.rhyolite.com/pipermail/dcc/2002/000212.html">note</A>
to the <A HREF="http://www.rhyolite.com/mailman/listinfo/dcc">DCC
mailing list</A>
on how to configure <A HREF="http://www.eudora.com/">Eudora</A> to
act on X-DCC header lines.
<P>
Bharat Mediratta has developed DeepSix for people using mail user agents
on UNIX boxes connected remote servers such as corporate Exchange servers.
See his
project on <A HREF="http://www.sourceforge.net/projects/deepsix">Sourceforge</A>
as well as his
<A HREF="http://www.rhyolite.com/pipermail/dcc/2001/000042.html">announcement</A>
in the DCC mailing list.


<P><DT><STRONG><A NAME="root-needed">
Must I have the root password to use the DCC?</A></STRONG>
<DD>No, the procmail or sendmail .forward DCC user programs
can be installed in an individual ~/bin directory.
Then <A HREF="cdcc.html">cdcc</A>
can create a private map file used with
<A HREF="dccproc.html#OPTION-h">dccproc&nbsp;-h&nbsp;dir</A>
or
<A HREF="dccproc.html#OPTION-m">dccproc&nbsp;-m&nbsp;dir/map</A>.
<P>
Also see the <A HREF="INSTALL.html#individual-user">DCC installation
instructions</A>.


<P><DT><STRONG><A NAME="firewall-ports2">
Why don't the public DCC servers work?  Do I need a client-ID?</A></STRONG>
<DD>The public DCC servers accept requests from clients using the
anonymous client-ID.
Incorrectly configured firewalls often cause problems.
Traceroute can be used to send UDP packets to test for interfering firewalls.
See the answer to the <A HREF="#firewall-ports">firewall question</A> below.

<P><DT><STRONG><A NAME="firewall-ports">
Which ports do I need to open in my firewall?</A></STRONG>
<DD>DCC traffic is like DNS traffic.  You should treat port 6277
like port 53.
Allow outgoing packets to distant UDP port 6277 and incoming packets
from distant UDP port 6277.
<P>
If `dccproc` fails or the command `cdcc info` says no DCC servers
are answering, you may need to adjust your firewall.
<P>
If you run a DCC server, open incoming connections to local TCP port 6277
from your flooding peers,
and outgoing connections to your flooding peers from your TCP port 6277.
Also open UDP port 6277 to IP addresses 204.152.184.184 and 192.188.61.3
for the DCC server status web page.
<P>
See also the discussion of Cisco ACLs at
<A HREF="http://www.rhyolite.com/anti-spam/dcc/firewall.html">http://www.rhyolite.com/anti-spam/dcc/firewall.html</A>.

<P><DT><STRONG><A NAME="cleaning1">
Why does the</A> <A HREF="dccd.html#FILE-dcc_db">dccd database</A>
grow without bound?</STRONG>
<DD><A HREF="dbclean.html">Dbclean</A> should be run about once a day
with a script like <A HREF="misc/cron-dccd.in">misc/cron-dccd</A>.
An entry like <A HREF="misc/crontab.in">misc/crontab</A> can be put into
the crontab file for the user that runs <A HREF="dccd.html">dccd</A>,
such as /var/spool/cron/crontabs/root for Solaris.


<P><DT><STRONG><A NAME="cleaning2">
The dccd database is corrupt.  What should I do?</A></STRONG>
<DD><A HREF="dbclean.html#OPTION-R">Dbclean&nbsp;-R</A>
will usually repair a broken
DCC server database.
However,
if your server is "flooding" or exchanging checksums with other servers,
it is often quicker to stop the DCC server,
delete the
<A HREF="dccd.html#FILE-dcc_db">dcc_db</A> and
<A HREF="dccd.html#FILE-dcc_db.hash">dcc_db.hash</A> files,
run <DD><A HREF="dbclean.html#OPTION-N">Dbclean&nbsp;-N</A> to create
empty database files,
and the restart <A HREF="dccd.html">dccd</A> with the
<A HREF="misc/start-dccd.in">libexec/start-dccd</A> script.
When dccd starts, it will notice that the database has been purged
and ask its flooding peers to rewind and retransmit all of their bulk
checksums.


<P><DT><STRONG><A NAME="bad-locks2">
Why did building the DCC fail with a complaint about
"Resource temporarily unavailable"?</A></STRONG>
<DD>The most common cause of this problem is the same the
<A HREF="#bad-locks">next question</A>,
or bugs in the target platform's fcntl() locking on NFS file systems.
If the DCC home directory will not be NFS mounted,
it is probably sufficient to run <EM>make</EM> a second time.


<P><DT><STRONG><A NAME="bad-locks">
Why do my DCC clients including</A>
<A HREF="cdcc.html">cdcc</A> and <A HREF="dccproc.html">dccproc</A>
complain about "Resource temporarily unavailable"?</STRONG>
<DD>The most common cause of such messages is holding a lock on
the white list file with an editor.
However, perhaps your operating system has bugs in its implementation of
<CODE>fcntl</CODE> file locking, particularly for the
DCC client <A HREF="cdcc.html#FILES-map">map</A> file when it is on
an NFS file system.
If so, try configuring, compiling, and installing with the
<CODE><A HREF="INSTALL.html#envtbl--with-bad-locks">--with-bad-locks</A></CODE>
setting mentioned in the installation instructions.


<P><DT><STRONG><A NAME="maxprocs">
Why does dccifd or dccm complain about
"thread_create() failed: 11, try again"?</A></STRONG>
<DD>The most common cause of "thread_create() failed: 11, try again"
error messages from <A HREF="dccm.html">dccm</A>
and <A HREF="dccifd.html">dccifd</A>
is a too small limit on the maximum number of processes allowed
the UID running the dccm or dccifd process.
The "maxproc" limit should be a dozen or so larger than the sum of
the queue sizes of dccm or dccifd (or both if both are running).


<P><DT><STRONG><A NAME="server-pick">
Why doesn't my DCC client pick my local DCC server?</A></STRONG>
<DD>The DCC clients including <A HREF="dccm.html">dccm</A>
and <A HREF="dccproc.html">dccproc</A> pick the nearest and fastest
server in the list kept in the <A HREF="cdcc.html#FILE-map">/var/dcc/map</A>
file.
DCC servers not in that list will not be used.
That list can be viewed with the
<A HREF="cdcc.html#OPERATION-info">cdcc&nbsp;info</A>
or
<A HREF="cdcc.html#OPERATION-RTT">cdcc&nbsp;RTT</A> operations.
Add to the list with
<A HREF="cdcc.html#OPERATION-add">cdcc&nbsp;add</A>
or <A HREF="cdcc.html#OPERATION-load">cdcc&nbsp;load</A>.
<P>
A nearby server that seems slower than a more distant server will
not be chosen.
Note that the anonymous
user delay set with <A HREF="dccd.html#OPTION-u">dccd&nbsp;-u</A>
is intended to make a server appear slow to "freeloaders."
The "RTT +/-" value that can be used with
the <A HREF="cdcc.html#OPERATION-add">cdcc&nbsp;add</A>
and <A HREF="cdcc.html#OPERATION-load">cdcc&nbsp;load</A>
operations can be used to force DCC clients to prefer or avoid servers
except when absolutely necessary.



<P><DT><STRONG><A NAME="IDs1">
If I have a server-ID, do I need a DCC client-ID, or vice versa?</A></STRONG>
<DD>DCC <A HREF="dcc.html#Client-and-Server-IDs">server and client-IDs</A>
serve distinct purposes.
Servers require server-IDs to identify each other in the floods of checksums
they exchange and to recognize authorized users of powerful
cdcc operations such as <A HREF="cdcc.html#OPERATION-stop">stop</A>.
DCC servers require client-IDs to identify paying clients that should
be given quicker service that anonymous clients, to refuse reports from
anonymous clients, or to refuse even to answer queries from anonymous
clients.


<P><DT><STRONG><A NAME="IDs2">
Why does my DCC server complain about
"rejected server-IDs" among flooded checksum reports?</A></STRONG>
<DD>Redundant paths among DCC servers exchanging
or flooding reports of checksums would cause duplicate entries in
each server's database without a mechanism that depends on every DCC server 
having a unique server-ID.
Parts of that mechanism detect two servers claiming a single server-ID
and server-IDs that are not listed in the local
<A HREF="dccd.html#FILE-ids">/var/dcc/ids</A> file.
Reports supposedly from unknown servers are rejected or ignored by the DCC
server.
<P>
The ID of every server in the network must be in the file,
usually without its real password.
The sample <A HREF="homedir/ids">ids</A> file in the DCC source
is a good start for
a new DCC server in the network to which dcc.dcc-servers.net belongs.
A current copy of that file is also in the online copies of the source
including that at
<A HREF="http://www.rhyolite.com/anti-spam/dcc/dcc-tree/homedir/ids">Rhyolite
Software</A>.
<P>
At least one server in every network of DCC servers should use
an ids file without any extra entries to detect rogue server-ID assignments.


<P><DT><STRONG><A NAME="server-rate-limits">
Why does my server refuse to accept more than
20 operations per second?</A></STRONG>
<DD>A common cause of such problems is one of the DCC server's
defenses against denial of service attacks.
A DCC server cannot know anything about anonymous clients,
or clients using client-ID 1 or without a client-ID and matching password
from the <A HREF="dccd.html#FILE-ids">/var/dcc/ids</A> file.
As far as your server can know, an anonymous client sending many
operations is run by an unhappy sender of unsolicited bulk mail trying
to flood your server with a denial of service attack.
It is easy to tell your client its ID with the
<A HREF="cdcc.html#OPERATION-add">cdcc add</A>
or <A HREF="cdcc.html#OPERATION-load">load</A> operations.
<P>
The default limits can changed by
adding an <A HREF="dccd.html#OPTION-R">dccd&nbsp;-R</A> argument
can be added to DCCD_ARGS in the
<A HREF="homedir/dcc_conf.in">dcc_conf</A> file in the DCC home directory,


<P><DT><STRONG><A NAME="private-server">
How do I keep strangers from using my DCC server?</A></STRONG>
<DD>See the <A HREF="dccd.html#OPTION-Q">dccd&nbsp;-Q</A>
and <A HREF="dccd.html#OPTION-u">dccd&nbsp;-u</A> options.


<P><DT><STRONG><A NAME="dccm-log1">
How can I determine why</A> <A HREF="dccm.html">dccm</A> reported
a message as spam or with a recipient count of "MANY"?</STRONG>
<DD>Dccm is usually configured to log mail with recipient counts greater
than the <A HREF="dccm.html#OPTION-t">-t&nbsp;,log-thold,</A>
as well as mail with some conflicts among
<A HREF="dcc.html#White-and-Blacklists">white list</A> entries.
Each log file contains a single message, its checksums, its disposition,
and other information as described in the
<A HREF="dccm.html#FILE-logdir">dccm man page</A>.
<P>
See also the <A HREF="dblist.html#OPTION-C">dblist&nbsp;-C</A> command.


<P><DT><STRONG><A NAME="dblist1">
How can I see what checksums my server has heard from its clients?</A></STRONG>
<DD>The <A HREF="dblist.html#OPTION-v">dblist&nbsp;-Hv</A>
command displays the contents of the database.
Look for records with your
<A HREF="dcc.html#Client-and-Server-IDs">server-ID</A>
with <A HREF="dblist.html#OPTION-I">dblist&nbsp;-I</A>.


<P><DT><STRONG><A NAME="whitelist1">
Why is mail from my favorite mailing list marked with an
<I>X-DCC</I> header line that says it is spam?</A></STRONG>
<DD>Sources of solicited bulk mail including mailing lists to which
you have subscribed should usually be in your DCC client
<A HREF="dcc.html#White-and-Blacklists">white list</A>
so that they receive no <I>X-DCC</I> header lines.


<P><DT><STRONG><A NAME="x-dcc-header1">
Why are some checksums missing from my <I>X-DCC</I> header lines?</A></STRONG>
<DD>If the DCC client was not able to compute a checksum for a message,
it will not ask the server about that checksum and the checksum will
not appear in the <I>X-DCC</I> header.
For example, if <A HREF="dccproc.html">dccproc</A> is not told and
cannot figure out the IP address of the source of the message,
that checksum will be missing.
The <I>Fuz1</I> and <I>Fuz2</I> checksums cannot be computed for
messages that are too small, and so will be missing for them.
A checksum will also be missing if the DCC server is configured to not count
it.


<P><DT><STRONG>
How do I maintain client
<A NAME="whitelist9" HREF="dcc.html#White-and-Blacklists">white
lists</A>?</STRONG>
<DD>The overall procedure includes monitoring bulk mail in the
log directories specified with
<A HREF="dccproc.html#OPTION-l">dccproc&nbsp;-l</A>,
<A HREF="dccm.html#OPTION-l">dccm&nbsp;-l</A>,
and
<A HREF="dccm.html#OPTION-U">dccm&nbsp;-U</A>,
and adding entries to white list files.
<P>
The global
<A HREF="dccm.html#FILE-whiteclnt">dccm white list</A> file
specified with <A HREF="dccm.html#OPTION-w">dccm&nbsp;-w</A>
and the white lists specified with
<A HREF="dccproc.html#OPTION-w">dccproc&nbsp;-w</A> are easily maintained
with ordinary text editors.
Note that some text editors including versions of <EM>vi</EM>
lock their files.
Dccm and dccproc are unable to read white list files while they are locked.
<P>
White lists specified with <A HREF="dccm.html#OPTION-U">dccm&nbsp;-U</A>
are easily maintained with ordinary text editors by the system administrator.
However, it is often better to let individual users deal with their
own white lists.
The DCC source includes <A HREF="cgi-bin">sample CGI scripts</A>
to let individual end-users monitor their private logs of bulk mail
and their individual white lists.
See the <A HREF="cgi-bin/README">README</A> file in that directory.


<P><DT><STRONG>
Can I use wild cards or regular expressions in DCC
<A NAME="reg-exps1" HREF="dcc.html#White-and-Blacklists">white
lists</A>?</STRONG>
<DD>No, regular expressions cannot be used,
because DCC client and server white lists are converted to lists of checksums.
The same basic idea is used for DCC client white lists
as for the DCC protocol.
A DCC client computes the checksums for a message, and then looks
for those checksums in the local white list.
Depending on the values associated with those checksums,
the DCC client asks a DCC server about them.
<P>
There would also be portability difficulties in including regular
expressions in DCC clients.
In other words, consider the complications of bundling
procmail with the DCC code.
<P>
To use regular expressions with the DCC, consider procmail.
Procmail is included with many UNIX-like systems.
See also the
<A HREF="http://www.procmail.org/">Procmail Homepage</A>.
<P>
DCC clients can be configured to white- or blacklist
using called "substitute" headers.
See <A HREF="dccproc.html#OPTION-S">dccproc&nbsp;-S</A> or
<A HREF="dccm.html#OPTION-S">dccm&nbsp;-S</A>.
<P>
It is also possible to use a sendmail access_db file entries to
white- or blacklist based on portions of SMTP envelope and
client IP addresses.
For example, an access_db file line of "From:example.com OK"
can be used to tell dccm white-list all mail from SMTP clients
in the example.com domain.
See the -O argument to the
<A HREF="misc/hackmc">misc/hackmc</A> script.


<P><DT><STRONG>
<A NAME="whitelist10">How do I white-list mail from a legitimate
bulk mailer using its name or SMTP headers such as Mailing-List
headers?</A></STRONG>
<DD>Start by determining an envelope value or SMTP header that distinguishes
the bulk mail from a sample message or DCC log file.
The name of the sending computer is the <EM>mail_host</EM> value in
<A HREF="dccm.html#FILE-logdir">dccm log files</A>.
If the distinguishing header or envelope value is not among the main
<A HREF="dcc.html#White-and-Blacklists">DCC white list values</A>,
then a "substitute" value must be used.
An "ok substitute ..." line must be added to the white list file
and the DCC client program must be told with
<A HREF="dccproc.html#OPTION-S">dccproc&nbsp;-S</A> or
<A HREF="dccm.html#OPTION-S">dccm&nbsp;-S</A>.
There are example white list entries in the sample
<A HREF="homedir/whiteclnt">/var/dcc/whiteclnt</A> file.
<P>

<P><DT><STRONG>
Do I need both server and client
<A NAME="whitelist2" HREF="dcc.html#White-and-Blacklists">white
lists</A>?</STRONG>
<DD>The <A HREF="dccd.html#FILE-whitelist">dccd whitelist</A> file is
not as useful as the client white lists used by
<A HREF="dccproc.html#FILE-whiteclnt">dccproc whiteclnt</A>
and
<A HREF="dccm.html#FILE-whiteclnt">dccm whiteclnt</A> files.
Entries in a DCC server's white list apply to all clients that use
that server,
including clients in other organizations if permitted.
Thus, only very global values are appropriate for server white lists.
Common entries in server white lists include the 127.1 IP address,
the IP address ranges of the SMTP servers of the organization
running the server, and well known, unimpeachable mailing lists
such as CERT's.
<P>
Client white lists apply only to the stream of mail handled by the client.
<A HREF="dccm.html#FILE-whiteclnt">Dccm white lists</A> apply
to the mail received by the associated sendmail process.
Distinct organizations and individual users can have very different
notions of what bulk mail is solicited and what other mail is always
unsolicited bulk mail.


<P><DT><STRONG><A NAME="whitelist3"></A>
When the <A HREF="homedir/whiteclnt">white list file</A>
used by <A HREF="dccm.html#FILE-whiteclnt">dccm</A>
or <A HREF="dccproc.html#FILE-whiteclnt">dccproc</A>
is changed,
what must be done to tell the software the change?</STRONG>
<DD>The DCC clients notice when their whiteclnt files
as well as included files change and automatically rebuild the corresponding
<A HREF="dccm.html#FILE-whiteclnt.dccw">.dccw hash table</A> files.
Changes to the <A HREF="dccd.html#FILE-whitelist">dccd whitelist</A>
are not effective until after <A HREF="dbclean.html">dbclean</A> is run.
<P>
Note that some text editors including versions of <EM>vi</EM>
lock their files.
Dccm and dccproc are unable to read white list files while they are locked.


<P><DT><STRONG><A NAME="whitelist4">
Why do legitimate mail messags have
<I>X-DCC</I> header lines that say they are "bulk"?</A></STRONG>
<DD>There are several possible causes of such problems.
The first and most obvious is that the mail is solicited bulk mail
and that the source needs to be added to your
<A HREF="dcc.html#White-and-Blacklists">white list</A>.

<P>Another possible reason is that your individual legitimate mail messages
have not been marked as spam because their <I>Body</I> or <I>Fuz1</I>
checksum counts are small, but that the IP address or other checksum
counts are large.
The IP address checksum count, for example, is the total of all reports
of addressees for that checksum.
That total is independent of the other checksums, and so counts
all reports for all messages with that source IP address.
A source of legitimate mail that has sent a message that was reported
as spam by one of its recipients will often have the totals
for the checksums of its IP address, From header, and
other values be <I>MANY</I>.
This is why it usually does not make sense to reject mail based on what the
DCC server reports for the IP address, From header, and other values that
are not unique to the message.
Only the last Received header line, the Message-ID line, and body checksums
can be expected to be unique and sometimes not the Message-ID
and Received header lines.

<P><DT><STRONG><A NAME="qmail2">
Why is legitimate mail from someone using <I>qmail</I>
marked as spam?</A></STRONG>
<DD>A common cause for that and similar complaints involves
null or missing Message-ID header lines.
Spam often lacks Message-ID lines or has a null or "&lt&gt" ID,
so rejecting mail with null or missing Message-IDs can be an
effective filter.
DCC clients treat missing Message-ID lines as if they were present but null.
The sample <A HREF="homedir/whitecommon">whitecommon</A>
<A HREF="dcc.html#White-and-Blacklists">white list</A> file in the DCC source
includes the line:
<Pre>
        many    message-id &lt;&gt;
</Pre>
Some Mail Transfer Agents violate section 3.6.4 of RFC 2822 and
do not include Message-ID header lines in mail they send,
including some combinations of qmail and
"<B>sendmail&nbsp;-bs</B>" acting as the originating MTA,
and qmail by itself when it is generates a non-delivery message or "bounce."
Solutions to this problem include removing that line from your
<A HREF="dcc.html#White-and-Blacklists">white lists</A>
or adding lines specifying the From or envelope
from values of senders of legitimate mail lacking Message-ID header lines.


<P><DT><STRONG><A NAME="whitelist5"></A>
Are <A HREF="dcc.html#White-and-Blacklists">IP address blocks</A>
in <A HREF="homedir/whiteclnt">white lists</A> used by
<A HREF="dccproc.html">dccproc</A>?</STRONG>
<DD>Yes, <A HREF="dccproc.html">dccproc</A> can white-list mail
by the IP address of the immediately
preceding SMTP client,
but only if it knows that IP address.
Unless the <A HREF="dccproc.html#OPTION-a">dccproc&nbsp;-a</A>
or <A HREF="dccproc.html#OPTION-R">dccproc&nbsp;-R</A>
options are used, dccproc does not know the IP address.


<P><DT><STRONG><A NAME="whitelist6">
Why is</A> <A HREF="dccproc.html">dccproc</A> is ignoring
<A HREF="dcc.html#White-and-Blacklists"><I>env_from</I> white list</A>
entries?</STRONG>
<DD>DCC checksums are of the entire header line or envelope value.
An entry in the white list file for <I>jsmith@example.com</I>
will have no effect on mail with an envelope value of
<I>"J.Smith"&nbsp;jsmith@example.com</I>.
The file must contain <I>"J.Smith"&nbsp;jsmith@example.com</I>.
<P>
Another common cause for this problem is implied by the fact that
for an <I>env_from</I> white list entry
to have any effect, dccproc must be able to find the envelope value
in the message in a <I>Return-Path</I> header or <B>-f</B> must be
used.
If your mail delivery agent does not add a <I>Return-Path</I> header
and you do not use
<A HREF="dccproc.html#OPTION-f">dccproc&nbsp;-f</A>,
then dccproc cannot know about
white or blacklist entries for envelope return addresses.
<P>
Note also that dccproc has no white list by default and
that <A HREF="dccproc.html#OPTION-w">dccproc&nbsp;-w</A>
must be used.


<P><DT><STRONG><A NAME="whitelist7">
Why is the</A> <A HREF="dccd.html">DCC server</A> is ignoring
<I>env_from</I>
<A HREF="dcc.html#White-and-Blacklists">white list</A> entries.</STRONG>
<DD>Common causes of this problem include sendmail access_db file entries
and blacklisting entries in the DCC client
<A HREF="dcc.html#White-and-Blacklists">white list</A>.
Entries in the sendmail access_db or the
<A HREF="dccproc.html#OPTION-w">dccproc</A> or
<A HREF="dccm.html#OPTION-w">dccm</A>
whitelist override the DCC server's advice.
<P>
Note also that it is common for a DCC client to be configured to use
the current nearest of several DCC servers.
If one of the DCC servers does not have the entry in its white list,
the DCC client will occasionally not benefit from it.


<P><DT><STRONG><A NAME="delck">
What if I make a mistake with</A>
<A HREF="dccproc.html#OPTION-t">dccproc&nbsp;-t&nbsp;many</A>
and report legitimate mail as spam?</STRONG>
<DD>It is possible to delete checksums from the distributed DCC
database with the <A HREF="cdcc.html#OPERATION-delck-type-hex1-hex2-hex3-hex4">
cdcc&nbsp;delck</A>
operation.
However, it is not worth the trouble.
Unless the same (as far as the fuzzy checksums are concerned) message
is sent again, no one is likely to notice the mistake before the
report of the message's checksums expire from the DCC servers'
databases for lack of repetition.


<P><DT><STRONG><A NAME="whitelist8">
Can the sendmail "spamfriend" mechanism tell</A>
<A HREF="dccm.html">dccm</A> to not check mail sent to some addresses?</STRONG>
<DD>Sendmail decisions to accept, reject, or discard mail are largely
independent of the decisions made by dccm.
The DCC equivalent is to add
<A HREF="dcc.html#White-and-Blacklists">env_to</A> entries to the
<A HREF="dccm.html#FILE-whiteclnt">dccm white list</A>.
See the sample <A HREF="homedir/whiteclnt">whiteclnt</A> file in the
DCC source
<P>
However, if your sendmail.cf file sets the
<A HREF="dccm.html#OPTION-o">dcc_notspam macro</A> while processing the
envelope, then the message will by white-listed.
This is related to the <A HREF="dccm.html#OPTION-s">dcc_isspam macro</A>
used by sendmail.cf modified by <A HREF="misc/hackmc">misc/hackmc&nbsp;-R</A>
to tell dccm to report blacklisted messages as spam to the DCC server.



<P><DT><STRONG><A NAME="false-positives">
How can I avoid polluting databases of DCC servers with
checksums of my mail that is not spam?</A></STRONG>
<DD>Reports of checksums with
<A HREF="dcc.html#White-and-Blacklists">white list</A>
entries in your server's database are not flooded to its peers.
The checksums of messages white-listed with entries in local
<A HREF="dccm.html">dccm</A> or <A HREF="dccproc.html">dccproc</A>
white lists are not reported to DCC servers.
It is good to add entries to DCC server and client
<A HREF="dcc.html#White-and-Blacklists">white lists</A>
for localhost, your IP address blocks, and your domains if
you know that none of your users will ever send spam.
<P>
However, in the common mode in which the DCC is used, no
checksums of mail are pollution.
Checksums of genuinely private mail will have target counts of
1 or a small number, and so will not be flooded by your server to
other servers.
Strangers will not see your private mail and so will not be able
to ask any DCC server about the checksums of your private mail.
On the other hand, the DCC functions best by collecting reports
of the receipt of bulk mail as soon as possible.
That implies that it is generally desirable
to send reports of all mail to a DCC server.
<P>
The DCC flooding protocol does not send checksums with counts
below a DCC server's <A HREF="dccd.html#OPTION-t">bulk threshold</A> to
other servers.


<P><DT><STRONG><A NAME="flood3">
How many flooding peers does my DCC server need?</A></STRONG>
<DD>A DCC server in a network of many servers should have at least three
flooding peers to ensure that the failure of a single server or network
link cannot partition the network.
Limiting the number the number of peers of any server to four or perhaps
a few more ensures that no single server is critical to the network.
To minimize the distances in the network, four peers
per server seem necessary.
<P>
An organization with more than one server can be viewed as a single
server by other organizations, with its servers flooding each other
and external peers spread among its servers.
This protects the network should the organization suffer large scale problems
while protecting the organization from single points of failure.


<P><DT><STRONG><A NAME="flood1">
Do I need to tell the operators of other DCC servers
the password for controlling my server to turn on flooding?</A></STRONG>
<DD>No, you do not need to and generally should not tell other DCC server
operators the passwords for controlling your server with
the <A HREF="cdcc.html">cdcc</A> command.
Every Inter-server flood of checksums is authorized by lines in
each server's <A HREF="dccd.html#FILE-flod">/var/dcc/flod</A> file
and authenticated by the password associated with the
<A HREF="dccd.html#FILE-flod">passwd-ID</A> in those lines.
The passwd-ID is a <A HREF="dcc.html#Client-and-Server-IDs">server-ID</A>
defined in the <A HREF="dccd.html#FILE-ids">/var/dcc/ids</A> file
that should generally be used only to authenticate floods of checksums.


<P><DT><STRONG><A NAME="flood2">
How can I figure out why flooding is not working?</A></STRONG>
<DD>Many DCC server problems can be diagnosed by turning
on one or more of the tracing modes in the server with the
<A HREF="cdcc.html#OPERATION-trace">cdcc&nbsp;trace</A> operation
or by restarting the server with
<A HREF="dccd.html#OPTION-T">dccd&nbsp;-T</A>.
<P>
The <A HREF="cdcc.html#OPERATION-flood-list">cdcc flood list</A>
operation displays the current flooding peers of a DCC server.
Counts of checksum reports sent and received to and from
a single peer can be displayed with
<A HREF="cdcc.html#OPERATION-flood-stats">cdcc "flood stats ID"</A>
<P>
The positions in the local database of outgoing streams of checksums
are displayed by the start of <A HREF="dblist.html">dblist&nbsp;-Hv</A>.


<P><DT><STRONG><A NAME="rtt">
Why didn't the RTT reported by the</A>
<A HREF="cdcc.html#OPERATION-info">cdcc&nbsp;info</A> operation
change when my network topology changed?</STRONG>
<DD>The RTT or round trip time is an average value.
Changes in network topology, server load, and so forth are not
immediately reflected in the RTT to avoid switching DCC servers
too frequently.


<P><DT><STRONG><A NAME="socks1">
When my clients are configured to use SOCKS, they do not
realize immediately when a server is down.</A></STRONG>
<DD>When configured to use SOCKS, DCC clients cannot "connect"
to a server and so do not receive ICMP errors and must wait for
timeouts to know the server is not answering.


</DL>


<P>
This document describes DCC version 1.2.74.
</P>

</BODY>
</HTML>
<!--  LocalWords:  dccproc libmilter pthreads procmail dccm dccd DCC libmilter
 -->
<!--  LocalWords:  homedir dbclean setenv nbsp Solaris crontab Linux ICMP flod
 -->
<!--  LocalWords:  gmake FreeBSD NetBSD CFLAGS PTHREAD LDFLAGS LIBS HPUX IDs DT
 -->
<!--  LocalWords:  cdcc DL DD ids var RTT TD TR whiteclnt dccifd whitelist
 -->
<!--  LocalWords:  hackmc MBytes
 -->