DCC version 1.3.141/2.3.141 released

Version 1.3.141 of the DCC source is in
http://www.dcc-servers.net/dcc/source/dcc.tar.Z  and
http://www.rhyolite.com/dcc/source/dcc.tar.Z

Commercial version 2.3.141 of the DCC Reputation code is in the usual place.

The CHANGES file in
http://www.dcc-servers.net/dcc/dcc-tree/CHANGES and
http://www.rhyolite.com/dcc/dcc-tree/CHANGES and
starts with
    Fix "MTA-last" in dcc man page as suggested by Bram Grietens.
    Fix no_forced-discard typo reported by Bram Grietens.
    Fix dccm to honor `hackmc -R` and discard relay attacks.
    misc/DCC.pm, which is generated from misc/DCC.pm.in, is now very
	similar to what will probably be in SpamAssassin 3.4.
    Fix problems finding native milter library for dccm pointed out by
	Kevin A. McGrail.
    Improve documentation or help output from the nagios plugin,
	/var/dcc/libexec/dcc-nagios
    Fix bug in misc/DCC.pm in dealing with mail that already has an
	X-DCC header found and diagnosed by Herbert J. Skuhra.

dcc_learn_score probably would not help sites that have set their
DCC threshold below "many", but it seems to help the many
DCC+SpamAssassin installations that use the default "many" thresholds.
Late last year sites in Germany using SpamAssassin with DCC switched
to that new version of DCC.pm and turned on dcc_learn_score to
report mail declared spam by SpamAssassin to DCC.  Immediately after
that, server graphs for some other German DCC installations suggested
significantly improved DCC hit rates.  I theorize that there is

DCC and SpamAssassin

For the last 18 months, the DCC source has included a new version of
the SpamAssassin DCC plugin.  As far as I know, it is completely upward
compatible.  Besides a general clean up of the Perl source and a bunch
of changes that should make DCC.pm faster and more robust, it includes
a mechanism that reports message detected as spam by SpamAssassin to DCC
with target counts of 'many'.

Two or three months ago a DCC installation started using that mechanism
on its incoming 750K messages/day.  The effect is to increase DCC
target counts for messages considered spam by SpamAssassin to 'many'.
That should have little effect on DCC installations that set DCC
thresholds to values below 1000.  750K messages/day is too few to
support certain conclusions, but judging from the DCC server graphs,
it has noticable effects on the majority of other DCC installatios
that use the DCC.pm default synonym of 9999999 for 'many'.

That increased target count of 'many' can not only help other DCC
installations, but also sites using the mechanism with the default
DCC.pm threshold of 999999.  For example, a message from an SMTP
client (mail sender) at an IP address in a DNS blacklist (DNSBLs)
can get a DCC target count of 'many'.  A later copy received via
an address not in a DNSBL can trigger a SpamAssassin+DCC rule.

To try the mechanism, make a copy of your current DCC.pm file and
install the DCC.pm file in your SpamAssassin installation from the
misc directory of your DCC build/installation tree.  (I would use
a symbolic link.)  If you have used /var/dcc/libexec/updatedcc,
look in /var/dcc/build/dcc/misc/DCC.pm
At worst, check the current DCC source tree at
http://www.dcc-servers.net/dcc/dcc-tree/misc/DCC.pm

open(/var/dcc/map): Permission denied

Hi,

does anyone know why the following would appear in the logs:
dccproc[2304]: open(/var/dcc/map): Permission denied

I'm using last version (dcc-1.3.140) on Scientific Linux release 6.1
and when spamassassin (ver 3.3.1) process an e-mail I get that message.

The same configuration on Scientific Linux CERN SLC release 5.7
and DCC version 1.3.134 works without that message:
DCCD_ENABLE=off
DCCM_ENABLE=off
DCCIFD_ENABLE=on

thanks,
Aldo Necci

-----------------------------------------
This email was sent using SquirrelMail.
https://email.dia.uniroma3.it
Web Site: http://www.squirrelmail.org

Using "ok env_From" to whitelist mail from whole domain

The FAQ at http://www.rhyolite.com/dcc/FAQ.htm has an entry about
whitelisting incoming email FROM a whole domain saying:-

>To whitelist all mail sent from a domain, add a line like the following
>to the global /var/dcc/whiteclnt file or a per-user whiteclnt file: 
>
>OK      env_From	example.com

My tests indicate that this does not work as described.  Whereras:-

OK      env_From	test@...

in the global whiteclnt file does cause both greylisting and checking to be
bypassed, a similar entry for the whole domain seems to be completely
ignored.

Should this feature work, or is the FAQ somehow mistaken?

I am using DCC 1.3.134 with Postfix using DCCM as a milter.

With many thanks.

Best wishes,
Matthew

[PATCH] Parsing clientwhitelist: unrecognized "option no-forced-discard"

There appears to be a typo in the parsing of the clientwhitelist file.
When  option no-forced-discard is added then it produces the message:

'unrecognized "option no-forced-discard"'

- "no-forced-discard" is used 13 times in the package
- "no_forced-discard" is used 1 time in the package

=> I'm guessing this is a typo, a patch (against dcc-1.3.140) for this  
is attached.

Best regards,

Bram

There appears to be a typo in the parsing of the clientwhitelist file.
When  option no-forced-discard is added then it produces the message:

'unrecognized "option no-forced-discard"'

- "no-forced-discard" is used 13 times in the package
- "no_forced-discard" is used 1 time in the package

=> I'm guessing this is a typo, a patch (against dcc-1.3.140) for this  
is attached.

Best regards,

[DOC-PATCH] Error in man page

There appears to be an error in the dcc manpage:

Quote from man dcc:
"
                ....
                option MTA-first
                option MTA-last
                    consider MTA determinations of spam or not-spam  
first so they can be overridden by whiteclnt files, or last so that  
they can override whiteclnt files.
                ...
              In the absence of explicit settings, the default in the  
main whiteclnt file is equivalent to
                  option log-normal
                  option dcc-on
                  option greylist-on
                  option greylist-ignore-spam-off
                  option greylist-log-on
                  option DCC-rep-off
                  option DNSBL1-off
                  option DNSBL2-off
                  option DNSBL3-off
                  option DNSBL4-off
                  MTA-last
"

The last line should read "option MTA-last" instead of "MTA-last"

=> Patch (against dcc-1.3.140) attached.

[PATCH] Create the socket of dccifd in the rundir

Configure/the documentation suggest that the pid file and the sockets  
are created in the run directory:

 From ./Configure --help:
   --with-rundir=DIR	    for PID files and milter socket

This however is not the case for dccifd.
It creates the socket in the homedir and not the run directory.

Attached is a patch (against dcc-1.3.140) that creates the socket for  
dccifd in the run directory and not in the homedir.

Best regards,

Bram

Configure/the documentation suggest that the pid file and the sockets  
are created in the run directory:

 From ./Configure --help:
   --with-rundir=DIR	    for PID files and milter socket

This however is not the case for dccifd.
It creates the socket in the homedir and not the run directory.

Attached is a patch (against dcc-1.3.140) that creates the socket for  
dccifd in the run directory and not in the homedir.

errors in mail log

Good morning all.

does anyone know why the following would appear in the logs

dccifd[29182]: impossible pkt_vers 0 for  <at>  (127.0.0.1,6277)

thanks

Tom

completely disable logging

Morning List.

Is there a way to completely disable logging.

My /var/dcc/log directory fills up extremely quickly with message.

Thanks in advance.
Apologies for the stupid question.

Tom

DCC version 1.3.140/2.3.140 released

Version 1.3.140 of the DCC source is in
http://www.dcc-servers.net/dcc/source/dcc.tar.Z  and
http://www.rhyolite.com/dcc/source/dcc.tar.Z

Commercial version 2.3.140 of the DCC Reputation code is in the usual place.

The CHANGES file in
http://www.dcc-servers.net/dcc/dcc-tree/CHANGES and
http://www.rhyolite.com/dcc/dcc-tree/CHANGES and
starts with
    tweak some HTML in the whiteclnt proof-of-concept pages
    Fix bug in `wlist` display of address blocks reported by Rob McMahon.
    Fix missing IP address in log files for mail from (as opposed to
	relayed by) MX relays.

/var/dcc/libexec/updatedcc should automagically fetch, build, and
install the commercial or free version, depending on the .updatedcc_pfile
file, unless you have installed a version of Linux with the broken
default `sort` collating sequence since last upgrading.  If so, an
easy way to get the old updatedcc script working is to delete the
entire /var/dcc/build/dcc directory before running updatedcc.

Vernon Schryver    vjs@...

Whitelisting a range of addresses, except these ...

I meant to ask this before,

Is there a way in the whitelists to have exceptions to an address 
range.  I.e. a way to say "this range of addresses should have SUBMIT 
semantics, except for these four which should have MXDCC semantics, and 
these two which should have MX semantics" ?  A naive attempt to override 
the range gives:

dccm[27193]: [ID 702911 mail.error] "mxdcc" in line 96 of whiteclnt 
conflicts with "submit" in line 269 of whitecommon

I'm not sure which of the two it takes.

Rob

--

-- 
E-Mail:	Rob.McMahon@...		PHONE:  +44 24 7652 3037
Rob McMahon, IT Services, Warwick University, Coventry, CV4 7AL, England