dccm and dccd (greylist) - Another newbie-

Dean Maluski dmaluski@n1ety.com
Sat Jan 14 14:18:42 UTC 2006 

I'm running RedHat Linux Enterprise Server 4.0.
Running the latest version of MailScanner,
SpamAssassin version 3.1.0
  running on Perl version 5.8.5
I discovered DCC back in late October but after reading documentation
decided that I was very confused and decided to wait until I thought I
understood it well enough before deploying.
Finally about a week ago I came across a document in MailScannerf wiki
that I felt would guide me through getting DCC up and running properly.
Here is the link to document.
http://wiki.mailscanner.info/doku.php?
id=documentation:anti_spam:spamassassin:plugins:dcc:dccm_instead&s=Spamassassin
I setup DCC following this document.
One thing that I cheated on is I downloaded RedHat sendmail sources,
compiled sendmail, then configured DCC with-sendmail against the
sendmail sources. I did not re-install sendmail
since there were a long list of patches in the redhat sources that I was
afraid hadn't gotten properly compiled and I'm a true newbie to 
C++ (G++?).
Now here is the questions I have.
When I bring up mailwatch and view mail headers there is a line in
header like this.
____________________________________________________________
X-DCC-EATSERVER-Metrics: punk.n1ety.com 1166; bulk Body=1 Fuz1=1
Fuz2=many
____________________________________________________________
and in the breakdown of spamassassin rules I have this.
_________________________________________________________
2.17	DCC_CHECK_HDR	Use of 'dccm' header to mimic DCC_CHECK
_________________________________________________________
It's telling me I think that it thinks the header in spam message is a
spoof or mimic scoring always 2.17 on spam. Legitimate email looks like
this.
__________________________________________________________
X-DCC-EATSERVER-Metrics: punk.n1ety.com 1166; Body=39 Fuz1=39 Fuz2=39
__________________________________________________________
and in breakdown of spam rules I have no listing of DCC mentioned.

Also in my dcc subdirectory there is no dcc_db except when I created a
file of such name thinking that perhaps if it's found it will start to
build.
Also the timestamp on grey_db and grey_db.hash never change and their
byte size remain the same. It seems they get rebuilt within about a half
hour after I rename them.
I'll just attach a listing of /var/dcc, do the files timestamps look
correct?
Perhaps I have attributes incorrectly set.
____________________________________________________________
drwxr-xr-x  3 root root  4096 Jan 13 09:04 build
drwxr-xr-x  2 bin  bin   4096 Jan 13 09:23 cgi-bin
-rw-r--r--  1 root bin   4246 Jan 13 17:35 dcc_conf
-rw-r--r--  1 root root  4246 Jan 13 09:04 dcc_conf-new
-rw-r--r--  1 root root  4297 Jan 12 19:02 dcc_conf.old
-rw-r--r--  1 root root     0 Jan 13 08:35 dcc_db
-rw-r--r--  1 root bin    825 Dec 30 08:34 flod
-rw-r--r--  1 root root 86016 Jan 13 09:32 grey_db
-rw-r--r--  1 root root 86016 Jan 13 09:32 grey_db.hash
-rw-r--r--  1 root root 86016 Jan 12 00:12 grey_db.hash.old
-rw-r--r--  1 root root     0 Jan 13 09:32 grey_db-old
-rw-r--r--  1 root root 86016 Jan 12 00:12 grey_db.old
-rw-r--r--  1 root bin    561 Dec 30 08:34 grey_flod
-rw-r--r--  1 root root  8532 Jan 13 17:35 grey_flod.map
-rw-r--r--  1 root bin    496 Dec 30 08:34 grey_whitelist
-rw-------  1 root root  2548 Dec 30 08:34 ids
drwxr-xr-x  2 bin  bin   4096 Jan 13 09:04 libexec
drwx--x---  2 root bin  36864 Jan 14 09:09 log
-rw-------  1 root root  4492 Jan 14 08:09 map
-rw-------  1 root root  1105 Dec 30 08:34 map.txt
-rw-r--r--  1 root root  9864 Jan 13 09:28 testmsg-whitelist
-rw-r--r--  1 root root   215 Jan 13 09:28 testmsg-whitelist.log
-rw-r--r--  1 root bin   3489 Dec 30 08:34 whiteclnt
-rw-r--r--  1 root root 69140 Jan 14 09:09 whiteclnt.dccw
-rw-r--r--  1 root bin   1813 Dec 30 08:34 whitecommon
-rw-r--r--  1 root bin    482 Dec 30 08:34 whitelist
[root@punk dcc]#
__________________________________________________________
Sorry for all the newbie questions, I seem to be obsessed with getting
DCC functioning as it seems like the coolest creation since sliced
bread.
Dean


(
 

Unsure if I'm setup correctly?
Below is a shot of processes.

_____________________________________________________________
root      5365  0.0  0.0  4124 1012 ?        Ss   Jan13
0:00 /var/dcc/libexec/dccd -Gon -i 32702
root      5411  0.0  0.0  2824  520 ?        Ss   Jan13
0:00 /var/dcc/libexec/dccm -tCMN,5,999999 -wwhiteclnt -llog -Uuserdroot
5412  0.0  0.1 59872 1680 ?        Sl   Jan13
0:01 /var/dcc/libexec/dccm -tCMN,5,999999 -wwhiteclnt -llog -Uuserd
______________________________________________________________


Below is a shot from maillog.
__________________________________________________________________
Message k0EDXuwR022284 from 66.7.129.38 (8-13065107-n1ety.com?
dmaluski@old.primethecolors.com) to n1ety.com is spam, SpamAssassin
(score=20.065, required 4, autolearn=spam, BAYES_99 3.50, DCC_CHECK_HDR
2.17, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RATWARE_EFROM 3.60,
RCVD_IN_BL_SPAMCOP_NET 1.56, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01,
URIBL_WS_SURBL 2.14)
_________________________________________________________________

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.