1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>dccm.8</TITLE>
<META http-equiv="Content-Style-Type" content="text/css">
<STYLE type="text/css">
BODY {background-color:white; color:black}
</STYLE>
</HEAD>
<BODY>
<PRE>
<!-- Manpage converted by man2html 3.0.1 -->
<B><A HREF="dccm.html">dccm(8)</A></B> Distributed Checksum Clearinghouse <B><A HREF="dccm.html">dccm(8)</A></B>
</PRE>
<H2><A NAME="NAME">NAME</A></H2><PRE>
<B>dccm</B> -- Distributed Checksum Clearinghouse Milter Interface
</PRE>
<H2><A NAME="SYNOPSIS">SYNOPSIS</A></H2><PRE>
<B>dccm</B> [<B>-VdbxANQW</B>] [<B>-G</B> <I>on</I> | <I>off</I> | <I>noIP</I> | <I>IPmask/xx</I>] [<B>-h</B> <I>homedir</I>]
[<B>-p</B> <I>protocol:filename</I> | <I>protocol:port@host</I>] [<B>-m</B> <I>map</I>]
[<B>-w</B> <I>whiteclnt</I>] [<B>-U</B> <I>userdirs</I>] [<B>-a</B> <I>IGNORE</I> | <I>REJECT</I> | <I>DISCARD</I>]
[<B>-t</B> <I>type,</I>[<I>log-thold,</I>]<I>rej-thold</I>] [<B>-g</B> [<I>not-</I>]<I>type</I>] [<B>-S</B> <I>header</I>]
[<B>-l</B> <I>logdir</I>] [<B>-R</B> <I>rundir</I>] [<B>-r</B> <I>rejection-msg</I>] [<B>-j</B> <I>maxjobs</I>]
[<B>-B</B> <I>dnsbl-option</I>] [<B>-L</B> <I>ltype,facility.level</I>]
</PRE>
<H2><A NAME="DESCRIPTION">DESCRIPTION</A></H2><PRE>
<B>Dccm</B> is a daemon built with the sendmail milter interface intended to
connect sendmail to DCC servers. When built with the milter filter
machinery and configured to talk to <B>dccm</B> in the <I>sendmail.cf</I> file, send-
mail passes all email to <B>dccm</B> which in turn reports related checksums to
the nearest DCC server. <B>Dccm</B> then adds an <I>X-DCC</I> SMTP header line to the
message. Sendmail is told to reject the message if it is unsolicited
bulk mail.
<B>dccm</B> sends reports of checksums related to mail received by DCC clients
and queries about the total number of reports of particular checksums. A
DCC server receives <I>no</I> mail, address, headers, or other information, but
only cryptographically secure checksums of such information. A DCC
server cannot determine the text or other information that corresponds to
the checksums it receives. Its only acts as a clearinghouse of counts
for checksums computed by clients. For complete privacy as far as the
DCC is concerned, the checksums of purely internal mail or other mail
that is known to not be unsolicited bulk can be listed in a whitelist to
not be reported to the DCC server.
Since the checksums of messages that are whitelisted locally by the <B>-w</B>
<I>whiteclnt</I> file are not reported to the DCC server, <B>dccm</B> knows nothing
about the total recipient counts for their checksums and so cannot add
<I>X-DCC</I> header lines to such messages. Sendmail does not tell <B>dccm</B> about
messages that are not received by sendmail via SMTP, including messages
submitted locally and received via UUCP, and so they also do not receive
<I>X-DCC</I> header lines.
The list of servers that <B>dccm</B> contacts is in a memory mapped file shared
by local DCC clients. The file is maintained with <B><A HREF="cdcc.html">cdcc(8)</A></B>. Put parame-
ters into the <I>dcc</I><B>_</B><I>conf</I> file and start the daemon with the <I>start-dccm</I>
script.
When sendmail is not used, then <B>dccm</B> is not useful. <B><A HREF="dccproc.html">dccproc(8)</A></B> or
<B><A HREF="dccifd.html">dccifd(8)</A></B> can often be used instead.
<A NAME="OPTIONS"><B>OPTIONS</B></A>
The following options are available:
<A NAME="OPTION-V"><B>-V</B></A> displays the version of the DCC Milter interface.
<A NAME="OPTION-d"><B>-d</B></A> enables debugging output from the DCC client library. Additional <B>-d</B>
options increase the number of messages. A single <B>-d</B>
aborted SMTP transactions including those from some "dictionary
attacks."
<A NAME="OPTION-b"><B>-b</B></A> causes the daemon to not detach itself from the controlling tty and
put itself into the background.
<A NAME="OPTION-x"><B>-x</B></A> causes the daemon to try "extra hard" to contact a DCC server.
Since it is usually more important to deliver mail than to report
its checksums, <B>dccm</B> normally does not delay too long while trying to
contact a DCC server. It will not try again for several seconds
after a failure. With <B>-x</B>, unresponsive DCC servers cause mail to be
temporarily rejected with <I>4.7.1</I> <I>451</I> <I>DCC</I> <I>failure</I>
<A NAME="OPTION-A"><B>-A</B></A> adds to existing X-DCC headers in the message instead of replacing
existing headers of the brand of the current server.
<A NAME="OPTION-N"><B>-N</B></A> neither adds, deletes, nor replaces existing X-DCC headers in the
message. Each message is logged, rejected, and otherwise handled
the same.
<A NAME="OPTION-Q"><B>-Q</B></A> only queries the DCC server about the checksums of messages instead
of reporting and querying. This is useful when <B>dccm</B> is used to fil-
ter mail that has already been reported to a DCC server by another
DCC client. This can also be useful when applying a private white
or black list to mail that has already been reported to a DCC
server. No single mail message should be reported to a DCC server
more than once per recipient, because each report will increase the
apparent "bulkness" of the message.
<A NAME="OPTION-G"><B>-G</B></A> <I>on</I> | <I>off</I> | <I>noIP</I> | <I>IPmask/xx</I>
controls <I>greylisting</I>. At least one working greylist server must be
listed in the <I>map</I> file in the DCC home directory. If more than one
is named, they must "flood" or change checksums and they must use
the same <B>-G</B> parameters. See <B><A HREF="dccd.html">dccd(8)</A></B>. Usually all DCC client pro-
cesses of dccm or dccifd should use the same <B>-G</B> parameters.
<I>IPmask/xx</I> and <I>noIP</I> remove part or all of the IP address from the
greylist triple. The CIDR block size, <I>xx</I>, must be between 1 and
128. 96 is added to block sizes smaller than 33 to make them appro-
priate for the IPv6 addresses used by the DCC. <I>IPmask/96</I> differs
from <I>noIP</I> because the former retains the IPv4 to IPv6 mapping pre-
fix.
<A NAME="OPTION-W"><B>-W</B></A> turns off DCC filtering by default to ease managing systems where
only a minority of users want unsolicited bulk mail to be rejected
or discarded. This is equivalent to a <I>option</I> <I>dcc-off</I> line in the
main <B>-w</B> <I>whiteclnt</I> file. When DCC filtering is off, mail is handled
as if <B>-a</B> <I>IGNORE</I> were in use. The DCC server is queried and the
<I>X-DCC</I> header is added but the message is delivered regardless of
target counts and thresholds.
DCC filtering is enabled for a mailbox when <B>-W</B> is not used and there
is no <I>option</I> <I>dcc-off</I> line in the main or per-user <I>whiteclnt</I> file or
there is a <I>option</I> <I>dcc-on</I> pine in the per-user <I>whiteclnt</I> file for the
mailbox. DCC filtering can also be enabled with an "OK2" entry for
the fully qualified mailbox in the main or per-user <I>whiteclnt</I> file.
Messages sent <I>only</I> to target addresses that are listed in the global
or relevant per-user <B>-w</B> <I>whiteclnt</I> file with "OK" are not reported to
the DCC server and so are not rejected or discarded and do not
receive <I>X-DCC</I> headers.
<A NAME="OPTION-h"><B>-h</B></A> <I>homedir</I>
overrides the default DCC home directory, which is often /var/dcc.
<A NAME="OPTION-p"><B>-p</B></A> <I>protocol:filename</I> | <I>protocol:port@host</I>
specifies the protocol and address by which sendmail will contact
<B>dccm</B>. The default is a UNIX domain socket in the "run" directory,
often <I>/var/run/dcc/dccm</I>. (See also <B>-R)</B> This protocol and address
must match the value in <I>sendmail.cf</I>. This mechanism can be used to
connect <B>dccm</B> on one computer to sendmail on another computer when a
port and host name or IP address are used.
<A NAME="OPTION-m"><B>-m</B></A> <I>map</I>
specifies a name or path of the memory mapped parameter file instead
of the default <I>map</I> file in the DCC home directory. It should be
created with the <B><A HREF="cdcc.html">cdcc(8)</A></B> command.
<A NAME="OPTION-w"><B>-w</B></A> <I>whiteclnt</I>
specifies an optional file containing SMTP client IP addresses, SMTP
envelope values, and header values of mail that is spam or is not
spam and does not need a <I>X-DCC</I> header, and whose checksums should
not be reported to the DCC server.
If the pathname <I>whiteclnt</I> is not absolute, it is relative to the DCC
home directory. The format of the <B>dccm</B> whiteclnt file is the same
as the <I>whitelist</I> files used by <B><A HREF="dbclean.html">dbclean(8)</A></B> and the <I>whiteclnt</I> file
used by <B><A HREF="dccproc.html">dccproc(8)</A></B>. See <B><A HREF="dcc.html">dcc(8)</A></B> for a description of DCC white and
blacklists. Because the contents of the <I>whiteclnt</I> file are used
frequently, a companion file is automatically created and main-
tained. It has the same pathname but with an added suffix of <I>.dccw</I>
and contains a memory mapped hash table of the main file.
A white-list entry ("OK") or two or more semi-white-listings ("OK2")
for the message's checksums prevents all of the message's checksums
from being reported to the DCC server and the addition of a <I>X-DCC</I>
header line by <B>dccm</B> (except for env_To checksums or when <B>-W</B> is
used). A white-listing entry for a checksum also prevents rejecting
or discarding the message based on DCC recipient counts as specified
by <B>-a</B> and <B>-t</B>. Otherwise, one or more checksums with blacklisting
entries ("MANY") cause all of the message's checksums to be reported
to the server with an addressee count of "MANY".
White-list <I>env</I><B>_</B><I>To</I> values are handy for white-listing or exempting
destination addresses such as Postmaster from filtering and for mak-
ing "spam traps" of addresses that should never receive mail. First
an entry for the official envelope <I>Rcpt</I> <I>To</I> value is sought. If that
is not found, <B>dccm</B> looks for an entry for the sendmail "user"
string. Mail sent to blacklisted addresses or with other black-
listed values such as From or env_From values is reported to the DCC
server as spam or with target counts of millions.
If the message has a single recipient, an <I>env</I><B>_</B><I>To</I> <I>whiteclnt</I> entry of
"OK" for the checksum of its recipient address acts like any other
<I>whiteclnt</I> entry of "OK." When the SMTP message has more than one
recipient, the effects can be complicated. When a message has sev-
eral recipients with some but not all listed in the <I>whiteclnt</I> file,
<B>dccm</B> tries comply with the wishes of the users who want filtering as
well as those who don't by silently not delivering the message to
those who want filtering (i.e. are not white-listed) and delivering
the message to don't want filtering.
Consider <B>-W</B> or a <I>option</I> <I>dcc-off</I> line in whitelist files to turn off
DCC filtering.
<A NAME="OPTION-U"><B>-U</B></A> <I>userdirs</I>
enables private whitelist and log files. Each target of a message
can have a directory of log files named <I>usedirs/${dcc</I><B>_</B><I>userdir}/log</I>
where <I>${dcc</I><B>_</B><I>userdir}</I> is the <I>sendmail.cf</I> macro described below. If
<I>${dcc</I><B>_</B><I>userdir}</I> is not set, <I>userdirs/${rcpt</I><B>_</B><I>mailer}/${rcpt</I><B>_</B><I>addr}/log</I>
is used. If it is not absolute, <I>userdirs</I> is relative to the DCC
home directory. The sub-directory prefixes for <B>-l</B> <I>logdir</I> are not
honored. The directory containing the log files must be named <I>log</I>
and it must be writable by the <B>dccm</B> process. Each log directory
must exist or logging for the corresponding is silently disabled.
The files created in the log directory are owned by the UID of the
<B>dccm</B> process, but they have <I>group</I> and <I>other</I> read and write permis-
sions copied from the corresponding <I>log</I> directory. To ensure the
privacy of mail, it may be good to make the directories readable
only by <I>owner</I> and <I>group</I>, and to use a cron script that changes the
owner of each file to match the grandparent <I>addr</I> directory.
There can also be <I>userdirs/${dcc</I><B>_</B><I>userdir}/whiteclnt</I>, or if
<I>${dcc</I><B>_</B><I>userdir}</I> is not set, <I>userdirs/${rcpt</I><B>_</B><I>mailer}/${rcpt</I><B>_</B><I>addr}</I> per-
user whitelist files. The name of each file must be <I>whiteclnt</I>.
Every checksum including the <I>env</I><B>_</B><I>to</I> and sendmail "user" values are
looked for first in the userdirs/mailer/addr/whiteclnt and list then
in the global <B>-w</B> <I>whiteclnt</I> list. A missing per-address <I>whiteclnt</I>
file is the same as an empty file. Relative paths for whitelists
included in per-address whiteclnt are resolved in the DCC home
directory. The <I>whiteclnt</I> files and the <I>addr</I> directories containing
them must be writable by the <B>dccm</B> process.
The most likely value of <I>mailer</I> is <I>local</I>. Appropriate values for
both <I>mailer</I> and <I>addr</I> can be seen by examining <I>env</I><B>_</B><I>To</I> lines in <B>-l</B>
<I>logdir</I> files.
<A NAME="OPTION-a"><B>-a</B></A> <I>IGNORE</I> | <I>REJECT</I> | <I>DISCARD</I>
specifies the action taken when DCC server counts or <B>-t</B> thresholds
say that a message is unsolicited bulk. <I>IGNORE</I> causes the message
to be unaffected except for adding the <I>X-DCC</I> header line to the mes-
sage. This turns off DCC filtering.
Spam can also be <I>REJECT</I>ed, or accepted and silently <I>DISCARD</I>ed with-
out being delivered to local mailboxes. The default is <I>REJECT</I>.
With an action of <I>REJECT</I> or <I>DISCARD</I>, spam sent to both white-listed
targets and non-white-listed targets is delivered to white-listed
targets and if possible, silently discarded for non-white-listed
targets. This is not possible if there are too many non-white-
listed targets to be saved in a buffer of about 500 bytes.
Determinations that mail is or is not spam from sendmail via
<I>${dcc</I><B>_</B><I>isspam}</I> or <I>${dcc</I><B>_</B><I>notspam}</I> macros override <B>-a</B>. The effects of
the <B>-w</B> <I>whiteclnt</I> are also not affected by <B>-a</B>.
<A NAME="OPTION-t"><B>-t</B></A> <I>type,</I>[<I>log-thold,</I>]<I>rej-thold</I>
sets logging and "spam" thresholds for checksum <I>type</I>. The checksum
types are <I>IP</I>, <I>env</I><B>_</B><I>From</I>, <I>From</I>, <I>Message-ID</I>, <I>Received</I>, <I>Body</I>, <I>Fuz1</I>, and
<I>Fuz2</I>. The string <I>ALL</I> sets thresholds for all types, but is unlikely
to be useful except for setting logging thresholds. The string <I>CMN</I>
specifies the commonly used checksums <I>Body</I>, <I>Fuz1</I>, and <I>Fuz2</I>.
<I>Rej-thold</I> and <I>log-thold</I> must be numbers, the string <I>NEVER</I>, or the
string <I>MANY</I> indicating millions of targets. Counts from the DCC
server as large as the threshold for any single type are taken as
sufficient evidence that the message should be logged or rejected.
<I>Log-thold</I> is the threshold at which messages are logged. It can be
handy to log messages at a lower threshold to find solicited bulk
mail sources such as mailing lists. If no logging threshold is set,
only rejected mail and messages with complicated combinations of
white and blacklisting are logged. Messages that reach at least one
of their rejection thresholds are logged regardless of logging
thresholds.
<I>Rej-thold</I> is the threshold at which messages are considered "bulk,"
and so should be rejected or discard if not white-listed. Use <B>-a</B>
<I>REJECT</I> or <B>-a</B> <I>Discard</I> to reject or discard bulk mail that is not
white-listed. Use <B>-a</B> <I>IGNORE</I> <I>to</I> only add X-DCC headers with the
"bulk" string.
The checksums of locally white-listed messages are not checked with
the DCC server and so only the number of targets of the current
instance of a white-listed message are compared against the thresh-
olds.
The default is <B>-t</B> <I>ALL,NEVER</I>, so that nothing is discarded or logged.
A common choice is <B>-t</B> <I>CMN,25,50</I> to reject or discard mail with com-
mon bodies except as overridden by the whitelist of the DCC server,
the sendmail <I>${dcc</I><B>_</B><I>isspam}</I> and <I>${dcc</I><B>_</B><I>notspam}</I> macros, and <B>-g</B>, and
<B>-w</B>.
<A NAME="OPTION-g"><B>-g</B></A> [<I>not-</I>]<I>type</I>
indicates that white-listed, <I>OK</I> or <I>OK2</I>, counts from the DCC server
for a type of checksum are to be believed. They should be ignored
if prefixed with <I>not-</I>. <I>Type</I> is one of the same set of strings as
for <B>-t</B>. Only <I>IP</I>, <I>env</I><B>_</B><I>From</I>, and <I>From</I> are likely choices. By default
all three are honored, and hence the need for <I>not-</I>.
<A NAME="OPTION-S"><B>-S</B></A> <I>hdr</I>
adds to the list of substitute or locally chosen headers that are
checked with the <B>-w</B> <I>whiteclnt</I> file and sent to the DCC server. The
checksum of the last header of type <I>hdr</I> found in the message is
checked. <I>Hdr</I> can be <I>HELO</I> to specify the SMTP envelope HELO value.
<I>Hdr</I> can also be <I>mail</I><B>_</B><I>host</I> to specify the sendmail "resolved" host
name from the Mail_from value in the SMTP envelope. As many as 6
different substitute headers can be specified, but only the checksum
of the first of the six will be sent to the DCC server.
<A NAME="OPTION-l"><B>-l</B></A> <I>logdir</I>
specifies a directory in which files containing copies of messages
processed by <B>dccm</B> are kept. All messages logged are copied to the
<B>-l</B> <I>logdir</I> directory. They can also be copied to per-user directo-
ries specified with <B>-U</B>. Information about other recipients of a
message is deleted from the per-user copies.
If <I>logdir</I> starts with <I>D?</I>, log files are put into subdirectories of
the form <I>logdir/JJJ</I> where <I>JJJ</I> is the current julian day. <I>H?logdir</I>
puts logs files into subdirectories of the form <I>logdir/JJJ/HH</I> where
<I>HH</I> is the current hour. <I>M?logdir</I> puts log files into subdirectories
of the form <I>logdir/JJJ/HH/MM</I> where <I>MM</I> is the current minute. See
the FILES section below concerning the contents of the files.
The directory is relative to the DCC home directory if it is not
absolute
<A NAME="OPTION-R"><B>-R</B></A> <I>rundir</I>
specifies the "run" directory where the UNIX domain socket and file
containing the daemon's process ID are stored. The default value is
often /var/run/dcc.
<A NAME="OPTION-r"><B>-r</B></A> <I>rejection-msg</I>
specifies the rejection message for unsolicited bulk mail or for
mail temporarily blocked by <I>greylisting</I> when <B>-G</B> is specified. The
first <I>rejection-msg</I> replaces the default bulk mail rejection mes-
sage, "5.7.1 550 mail %s from %s rejected by DCC". The second
replaces "4.2.1 452 mail %s from %s greylist temporary embargoed".
There can be zero, one, or two "%s" strings. The first is replaced
by the sendmail queue ID and the second is replaced by the IP
address of the SMTP client.
A common alternate for the bulk mail rejection message is "4.7.1 451
Access denied by DCC" to tell the sender to continue trying. Use a
4yz response with caution, because it is likely to delay for days a
delivery failure message for false positives. If the bulk mail
rejection message does not start with a recognized error type and
number, type 5.7.1 and 550 or 4.2.1 and 452 are used.
<A NAME="OPTION-j"><B>-j</B></A> <I>maxjobs</I>
limits the number of simultaneous requests from sendmail that will
be processed. The default value is the maximum number that seems to
be possible given the number of open files, select() bit masks, and
so forth that are available.
<A NAME="OPTION-B"><B>-B</B></A> <I>dnsbl-option</I>
enables DNS blacklist checks of the SMTP client IP address, SMTP
envelope Mail_From sender domain name, and of host names in URLs in
the message body. Body URL blacklisting has far too many false pos-
itives to use on abuse mailboxes. It is less effective than
greylisting with <B><A HREF="dccm.html">dccm(8)</A></B> or <B><A HREF="dccifd.html">dccifd(8)</A></B> but can be useful in situa-
tions where greylisting cannot be used.
<I>Dnsbl-option</I> is either of the form <I>set:option</I> or of the form
<I>domain</I>[<I>,IPaddr</I>[<I>,bltype</I>]]. <I>Domain</I> is a DNS blacklist domain such as
example.com that will be searched. <I>IPaddr</I> is the IP address in the
DNS blacklist that indicates that the mail message is spam.
127.0.0.1 is assumed if <I>IPaddr</I> is absent. IPv6 addresses can be
specified with the usual colon (:) notation. Names can be used
instead of numeric addresses. The type of DNS blacklist is speci-
fied by <I>bltype</I> as <I>name</I>, <I>IPv4</I>, or <I>IPv6</I>. Given an envelope sender
domain name or a domain name in a URL of spam.domain.org and a
blacklist of type <I>name</I>, spam.domain.org.example.com will be tried.
Blacklist types of <I>IPv4</I> and <I>IPv6</I> require that the domain name in a
URL be resolved into an IPv4 or IPv6 address. The address is then
written as a reversed string of decimal octets to check the DNS
blacklist, as in 2.0.0.127.example.com,
More than one blacklist can be specified. They are searched in
order. All searching is stopped at the first positive result. Pos-
itive results are ignored after being logged unless an <I>option</I>
<I>DNSBL-on</I> line appears in the global or per-user <I>whiteclnt</I> file.
<B>-B</B> <I>set:debug</I> sends more messages about all DNS resolutions to the
system log.
<B>-B</B> <I>set:msg-secs=S</I> limits <B>dccm</B> to <I>S</I> seconds total for checking all
DNS blacklists. The default is 20.
<B>-B</B> <I>set:URL-secs=S</I> limits <B>dccm</B> to at most <I>S</I> seconds resolving and
checking any single URL. The default is 5. Some spam contains
dozens of URLs and that some "spamvertised" URLs contain host names
that need minutes to resolve. Busy mail systems cannot afford to
spend minutes checking each incoming mail message. In order to use
typical single-threaded DNS resolver libraries, <B><A HREF="dccm.html">dccm(8)</A></B> and
<B><A HREF="dccifd.html">dccifd(8)</A></B> use fleets of helper processes.
<B>-B</B> <I>set:no-envelope</I> says that SMTP client IP addresses and sender
Mail_From domain names should not be checked in the following black-
lists. <B>-B</B> <I>set:envelope</I> restores the default for subsequently named
blacklists.
<B>-B</B> <I>set:no-body</I> says that URLs in the message body should not be
checked in the in the following blacklists. <B>-B</B> <I>set:body</I> restores
the default for later blacklists.
<B>-B</B> <I>set:no-MX</I> says MX servers of sender Mail_From domain names and
host names in URLs should not be checked in the following black-
lists. <B>-B</B> <I>set:MX</I> restores the default.
<A NAME="OPTION-L"><B>-L</B></A> <I>ltype,facility.level</I>
specifies how messages should be logged. <I>Ltype</I> must be <I>error</I> or
<I>info</I> to indicate which of the two types of messages are being con-
trolled. <I>Level</I> must be a <B>syslog(3)</B> level among <I>EMERG</I>, <I>ALERT</I>, <I>CRIT</I>,
<I>ERR</I>, <I>WARNING</I>, <I>NOTICE</I>, <I>INFO</I>, and <I>DEBUG</I>. <I>Facility</I> must be among <I>AUTH</I>,
<I>AUTHPRIV</I>, <I>CRON</I>, <I>DAEMON</I>, <I>FTP</I>, <I>KERN</I>, <I>LPR</I>, <I>MAIL</I>, <I>NEWS</I>, <I>USER</I>, <I>UUCP</I>, and
<I>LOCAL0</I> through <I>LOCAL7</I>. The default is equivalent to
<B>-L</B> <I>info,MAIL.NOTICE</I> <B>-L</B> <I>error,MAIL.ERR</I>
<B>dccm</B> normally sends counts of mail rejected and so forth the system log
at midnight. The SIGUSR1 signal sends an immediate report to the system
log. They will be repeated every 24 hours instead of at midnight.
</PRE>
<H2><A NAME="SENDMAIL-MACROS">SENDMAIL MACROS</A></H2><PRE>
Sendmail can affect <B>dccm</B> with the values of some <I>sendmail.cf</I> macros.
These macro names must be added to the Milter.macros option statements in
<I>sendmail.cf</I> as in the example "Feature" file dcc.m4.
<I>${dcc</I><B>_</B><I>isspam}</I> causes a mail message to be reported to the DCC server as
having been addressed to "MANY" recipients. The
<I>${dcc</I><B>_</B><I>isspam}</I> macro is ignored if the <I>${dcc</I><B>_</B><I>notspam}</I> macro
is set to a non-null string
If the value of the <I>${dcc</I><B>_</B><I>isspam}</I> is null, <B>dccm</B> uses SMTP
rejection messages controlled by <B>-a</B> and <B>-r</B>. If the value
of the <I>${dcc</I><B>_</B><I>isspam}</I> macro starts with "DISCARD", the mail
message is silently discarded as with <B>-a</B> <I>DISCARD.</I> This can
be handy for keeping "spammers" from knowing they are
sending to "spam traps." If value of the macro not null
and does not start with "DISCARD", it is used as the SMTP
error message given to the SMTP client trying to send the
rejected message. The message starts with an optional
SMTP error type and number followed by text.
The <B>-a</B> option does not effect messages marked spam with
<I>${dcc</I><B>_</B><I>isspam}</I>. When the <I>${dcc</I><B>_</B><I>isspam}</I> macro is set, the
message is rejected or discarded despite local or DCC
database white-list entries. The local white-list does
control whether the message's checksums will be reported
to the DCC server and an <I>X-DCC</I> SMTP header line will be
added.
<I>${dcc</I><B>_</B><I>notspam}</I>
causes a message not be considered unsolicited bulk
despite evidence to the contrary. It also prevents <B>dccm</B>
from reporting the checksums of the message to the DCC
server and from adding an <I>X-DCC</I> header line.
When the macro is set by the <I>sendmail.cf</I> rules,
<I>${dcc</I><B>_</B><I>notspam}</I> macros overrides DCC threshlds that say the
message should be rejected as well as the effects of the
<I>${dcc</I><B>_</B><I>isspam}</I> macro.
<I>${dcc</I><B>_</B><I>mail</I><B>_</B><I>host}</I>
specifies the name of the SMTP client that is sending the
message. This macro is usually the same as the <I>mail</I><B>_</B><I>host</I>
macro. They can differ when a sendmail "smart relay" is
involved. The <I>${dcc</I><B>_</B><I>mail</I><B>_</B><I>host}</I> macro does not work if
<I>FEATURE(delay</I><B>_</B><I>checks)</I> is used.
<I>${dcc</I><B>_</B><I>userdir}</I>
is the per-user whitelist and log directory for a recipi-
ent. If the macro is not set in sendmail.cf,
$&{rcpt_mailer}/$&{rcpt_addr} is assumed,but with the
recipient address converted to lower case. Whatever value
is used, the directory name after the last slash (/) char-
acter is converted to lower case. Any value containing
the string "/../" is ignored.
This macro also does not work if <I>FEATURE(delay</I><B>_</B><I>checks)</I> is
used.
The following two lines in a sendmail mc file have the
same effect as not defining the ${dcc_userdir} macro, pro-
vided <I>FEATURE(dcc)</I> is also used and the sendmail
<I>cf/feature</I> directory has a symbolic link to the
<I>misc/dcc.m4</I> file.
SLocal_check_rcpt
R$* $: $1 $(macro {dcc_userdir} $@ $&{rcpt_mailer}/$&{rcpt_addr} $))
</PRE>
<H2><A NAME="FILES">FILES</A></H2><PRE>
<A NAME="FILE-/var/dcc">/var/dcc</A> is the DCC home directory in which other files are found.
<A NAME="FILE-libexec/start">libexec/start</A>-dccm
is a script often used to the daemon.
<A NAME="FILE-dcc/dcc_conf">dcc/dcc_conf</A>
contains parameters used by the scripts to start DCC daemons
and cron jobs.
<A NAME="FILE-logdir">logdir</A> is an optional directory specified with <B>-l</B> and containing
marked mail. Each file in the directory contains one message,
at least one of whose checksums reached its <B>-t</B> thresholds or
that is interesting for some other reason. Each file starts
with lines containing the date when the message was received,
the IP address of the SMTP client, and SMTP envelope values.
Those lines are followed by the body of the SMTP message
including its header as it was received by sendmail and with-
out any new or changed header lines. Only approximately the
first 32 KBytes of the body are recorded unless modified by
<I>./configure</I> <I>--with-max-log-size=xx</I> The checksums for the mes-
sage follow the body. They are followed by lines indicating
that the <I>${dcc</I><B>_</B><I>isspam}</I> or <I>${dcc</I><B>_</B><I>notspam}</I> <I>sendmail.cf</I> macros
were set or one of the checksums is white- or blacklisted by
the <B>-w</B> <I>whiteclnt</I> file. Each file ends with the <I>X-DCC</I> header
line added to the message and the disposition of the message
including SMTP status message if appropriate.
<A NAME="FILE-map">map</A> is the memory mapped file of information concerning DCC
servers in the DCC home directory.
<A NAME="FILE-whiteclnt">whiteclnt</A> contains the client whitelist in the format described in
<B><A HREF="dcc.html">dcc(8)</A></B>.
<A NAME="FILE-whiteclnt.dccw">whiteclnt.dccw</A>
is a memory mapped hash table of the <I>whiteclnt</I> file.
<A NAME="FILE-dccm.pid">dccm.pid</A> in the <B>-R</B> <I>rundir</I> directory contains daemon's process ID. The
string ``dccm'' is replaced by the file name containing the
daemon to facilitate running multiple daemons, probably con-
nected to remote instances of sendmail using TCP/IP instead of
a UNIX domain socket. See also <B>-R</B>.
<A NAME="FILE-/var/run/dcc/dccm">/var/run/dcc/dccm</A>
is the default UNIX domain socket used by the sendmail milter
interface. See also <B>-R</B>.
<A NAME="FILE-sendmail.cf">sendmail.cf</A>
is the <B>sendmail(8)</B> control file.
<A NAME="FILE-misc/dcc.m4">misc/dcc.m4</A>
sendmail mc file that should have a symbolic link in the send-
mail cf/feature directory so that <I>FEATURE(dcc)</I> can be used in
a sendmail mc file.
</PRE>
<H2><A NAME="EXAMPLES">EXAMPLES</A></H2><PRE>
<B>Dccm</B> should be started before sendmail with something like the script
<A NAME="FILE-libexec/start">libexec/start</A>-dccm. It looks for common DCC parameters in the <I>dcc</I><B>_</B><I>conf</I>
<A NAME="FILE-file">file</A> in the DCC home directory.
<A NAME="FILE-Those">Those</A> numbers should modified to fit local conditions. It might be wise
<A NAME="FILE-to">to</A> replace the "100" numbers with much larger values or with "MANY" until
<A NAME="FILE-a">a</A> few weeks of monitoring the log directory show that sources of mailing
<A NAME="FILE-lists">lists</A> are in the server's whitelist file (see <B><A HREF="dccd.html">dccd(8)</A></B>) or the local
<I>whiteclnt</I> file.
<A NAME="FILE-It">It</A> is usually necessary to regularly delete old log files with a script
<A NAME="FILE-like">like</A> libexec/cron-dccd.
<A NAME="FILE-Sendmail">Sendmail</A> must be built with the milter interface, such as by creating a
<I>devtools/Site/site.config.m4</I> or similar file containing something like
<A NAME="FILE-the">the</A> following lines:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_MILTER=1')
APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER=1')
<A NAME="FILE-Appropriate">Appropriate</A> lines invoking the milter interface must be added to
<I>sendmail.cf.</I> It should be sufficient to copy the dcc.m4 file to the send-
<A NAME="FILE-mail">mail</A> 8.11 cf/feature directory and add the line
FEATURE(dcc)
<A NAME="FILE-to">to</A> the local .mc file.
</PRE>
<H2><A NAME="SEE-ALSO">SEE ALSO</A></H2><PRE>
<B><A HREF="cdcc.html">cdcc(8)</A></B>, <B><A HREF="dbclean.html">dbclean(8)</A></B>, <B><A HREF="dcc.html">dcc(8)</A></B>, <B><A HREF="dccd.html">dccd(8)</A></B>, <B><A HREF="dblist.html">dblist(8)</A></B>, <B><A HREF="dccifd.html">dccifd(8)</A></B>, <B><A HREF="dccproc.html">dccproc(8)</A></B>,
<B><A HREF="dccsight.html">dccsight(8)</A></B>, <B>sendmail(8)</B>.
</PRE>
<H2><A NAME="HISTORY">HISTORY</A></H2><PRE>
<A NAME="FILE-Implementation">Implementation</A> of <B>dccm</B> was started at <A HREF="http://www.rhyolite.com/">Rhyolite Software</A> in 2000. This
<A NAME="FILE-describes">describes</A> version 1.2.74.
</PRE>
<H2><A NAME="BUGS">BUGS</A></H2><PRE>
<B>dccm</B> uses <B>-t</B> where <B><A HREF="dccproc.html">dccproc(8)</A></B> uses <B>-c</B>.
<A NAME="FILE-On">On</A> many systems with sendmail 8.11.3 and preceding, a bug in the sendmail
<A NAME="FILE-milter">milter</A> mechanism causes <B>dccm</B> to die with a core file when given a signal.
FreeBSD 4.9 March 20, 2005 FreeBSD 4.9
</PRE>
<HR>
<ADDRESS>
Man(1) output converted with
<a href="http://www.oac.uci.edu/indiv/ehood/man2html.html">man2html</a>
modified for the DCC $Date 2001/04/29 03:22:18 $
</ADDRESS>
</BODY>
</HTML>
|
