Dean Maluski
dmaluski@n1ety.com
Sat Jan 14 14:28:05 UTC 2006
I failed to mention that greylist does seem to work. New messages get tagged like this and I think get held for about 5 minutes. _______________________________________________________________ Jan 14 09:24:38 punk sendmail[28665]: k0EEOcFd028665: from=<nahant-beta- list-bounces@redhat.com>, size=1958, class=-60, nrcpts=1, msgid=<mailman.0.1137248674.17184.nahant-beta-list@redhat.com>, proto=ESMTP, daemon=MTA, relay=hormel.redhat.com [209.132.177.30] Jan 14 09:24:39 punk sendmail[28665]: k0EEOcFd028665: Milter: data, reject=452 4.2.1 mail k0EEOcFd028665 from 209.132.177.30 temporary greylist embargoed ________________________________________________________________ On Sat, 2006-01-14 at 09:18 -0500, Dean Maluski wrote: > I'm running RedHat Linux Enterprise Server 4.0. > Running the latest version of MailScanner, > SpamAssassin version 3.1.0 > running on Perl version 5.8.5 > I discovered DCC back in late October but after reading documentation > decided that I was very confused and decided to wait until I thought I > understood it well enough before deploying. > Finally about a week ago I came across a document in MailScannerf wiki > that I felt would guide me through getting DCC up and running properly. > Here is the link to document. > http://wiki.mailscanner.info/doku.php? > id=documentation:anti_spam:spamassassin:plugins:dcc:dccm_instead&s=Spamassassin > I setup DCC following this document. > One thing that I cheated on is I downloaded RedHat sendmail sources, > compiled sendmail, then configured DCC with-sendmail against the > sendmail sources. I did not re-install sendmail > since there were a long list of patches in the redhat sources that I was > afraid hadn't gotten properly compiled and I'm a true newbie to > C++ (G++?). > Now here is the questions I have. > When I bring up mailwatch and view mail headers there is a line in > header like this. > ____________________________________________________________ > X-DCC-EATSERVER-Metrics: punk.n1ety.com 1166; bulk Body=1 Fuz1=1 > Fuz2=many > ____________________________________________________________ > and in the breakdown of spamassassin rules I have this. > _________________________________________________________ > 2.17 DCC_CHECK_HDR Use of 'dccm' header to mimic DCC_CHECK > _________________________________________________________ > It's telling me I think that it thinks the header in spam message is a > spoof or mimic scoring always 2.17 on spam. Legitimate email looks like > this. > __________________________________________________________ > X-DCC-EATSERVER-Metrics: punk.n1ety.com 1166; Body=39 Fuz1=39 Fuz2=39 > __________________________________________________________ > and in breakdown of spam rules I have no listing of DCC mentioned. > > Also in my dcc subdirectory there is no dcc_db except when I created a > file of such name thinking that perhaps if it's found it will start to > build. > Also the timestamp on grey_db and grey_db.hash never change and their > byte size remain the same. It seems they get rebuilt within about a half > hour after I rename them. > I'll just attach a listing of /var/dcc, do the files timestamps look > correct? > Perhaps I have attributes incorrectly set. > ____________________________________________________________ > drwxr-xr-x 3 root root 4096 Jan 13 09:04 build > drwxr-xr-x 2 bin bin 4096 Jan 13 09:23 cgi-bin > -rw-r--r-- 1 root bin 4246 Jan 13 17:35 dcc_conf > -rw-r--r-- 1 root root 4246 Jan 13 09:04 dcc_conf-new > -rw-r--r-- 1 root root 4297 Jan 12 19:02 dcc_conf.old > -rw-r--r-- 1 root root 0 Jan 13 08:35 dcc_db > -rw-r--r-- 1 root bin 825 Dec 30 08:34 flod > -rw-r--r-- 1 root root 86016 Jan 13 09:32 grey_db > -rw-r--r-- 1 root root 86016 Jan 13 09:32 grey_db.hash > -rw-r--r-- 1 root root 86016 Jan 12 00:12 grey_db.hash.old > -rw-r--r-- 1 root root 0 Jan 13 09:32 grey_db-old > -rw-r--r-- 1 root root 86016 Jan 12 00:12 grey_db.old > -rw-r--r-- 1 root bin 561 Dec 30 08:34 grey_flod > -rw-r--r-- 1 root root 8532 Jan 13 17:35 grey_flod.map > -rw-r--r-- 1 root bin 496 Dec 30 08:34 grey_whitelist > -rw------- 1 root root 2548 Dec 30 08:34 ids > drwxr-xr-x 2 bin bin 4096 Jan 13 09:04 libexec > drwx--x--- 2 root bin 36864 Jan 14 09:09 log > -rw------- 1 root root 4492 Jan 14 08:09 map > -rw------- 1 root root 1105 Dec 30 08:34 map.txt > -rw-r--r-- 1 root root 9864 Jan 13 09:28 testmsg-whitelist > -rw-r--r-- 1 root root 215 Jan 13 09:28 testmsg-whitelist.log > -rw-r--r-- 1 root bin 3489 Dec 30 08:34 whiteclnt > -rw-r--r-- 1 root root 69140 Jan 14 09:09 whiteclnt.dccw > -rw-r--r-- 1 root bin 1813 Dec 30 08:34 whitecommon > -rw-r--r-- 1 root bin 482 Dec 30 08:34 whitelist > [root@punk dcc]# > __________________________________________________________ > Sorry for all the newbie questions, I seem to be obsessed with getting > DCC functioning as it seems like the coolest creation since sliced > bread. > Dean > > > ( > > > Unsure if I'm setup correctly? > Below is a shot of processes. > > _____________________________________________________________ > root 5365 0.0 0.0 4124 1012 ? Ss Jan13 > 0:00 /var/dcc/libexec/dccd -Gon -i 32702 > root 5411 0.0 0.0 2824 520 ? Ss Jan13 > 0:00 /var/dcc/libexec/dccm -tCMN,5,999999 -wwhiteclnt -llog -Uuserdroot > 5412 0.0 0.1 59872 1680 ? Sl Jan13 > 0:01 /var/dcc/libexec/dccm -tCMN,5,999999 -wwhiteclnt -llog -Uuserd > ______________________________________________________________ > > > Below is a shot from maillog. > __________________________________________________________________ > Message k0EDXuwR022284 from 66.7.129.38 (8-13065107-n1ety.com? > dmaluski@old.primethecolors.com) to n1ety.com is spam, SpamAssassin > (score=20.065, required 4, autolearn=spam, BAYES_99 3.50, DCC_CHECK_HDR > 2.17, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RATWARE_EFROM 3.60, > RCVD_IN_BL_SPAMCOP_NET 1.56, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, > URIBL_WS_SURBL 2.14) > _________________________________________________________________ >
More information about the DCC
mailing list
