Reason for rejected message ?

Daniel Gehriger daniel.gehriger@linkcad.com
Thu, 01 Mar 2007 08:51:28 +0100 

This is a multi-part message in MIME format.
--------------010605070404030506050701
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Vernon Schryver wrote:
>> From: Daniel Gehriger 
> 
>> I had to go back to dcc 1.3.45 to fix my problem. Simply replacing the 
>> binaries fixes everything.
> 
> How do you build dccifd?  Do you specify any compiler options?

Only ./configure  --with-uid=vscan

> 
> 
>> I found another problem, btw: in 1.3.51 and 1.3.52, specifying
>>   -Bsbl-xbl.spamhaus.org,any
>> results in a message
>>   "DNSBL name "sbl-xbl.spamhaus.org,any" too long".
>> The workaround is to use
>>   -Bsbl.spamhaus.org,any -Bxbl.spamhaus.org,any
> 
> Something is odd there, and not just because I use sbl-xbl.spamhaus.org,any
> on more than one system or because I cannot reproduce what should be
> an obvious problem with 1.3.52.
> For that "too long" complaint to appear, the size of the
> "sbl-xbl.spamhaus.org" string plus the worst case size of the 
> probe address in ASCII (e.g. "2.1.168.192") must be greater than 256.
> With "any", that worst case is 46, because it might be an IPv6 address.
> 
> Could you send the dcc_conf file that causes the "name too long" complaint?

Yep, I was surprised, too. I attached the config file. Note that the 
exact same config file doesn't produce the error in 1.3.45.

> ] From: Daniel Gehriger 
> 
> ] > library.  Does it have the "improved" Linux version?
> ] I have bind 9.2.2:
> ] Name        : bind
> ] Version     : 9.2.2
> ] Vendor      : SuSE Linux AG, Nuernberg, Germany
> 
> That looks like it might be Linux Improved instead of the real thing.
> The standard BIND resolver variables and functions including _res,
> res_init(), and dn_expand() are #define'd in the Linux /usr/include/resolv.h
> to other things, which is a pain for ./configure scripts.
> 
> Today I tried DCC version 2.3.52 on installed-from-scratch-today
> SUSE 2.6.11.4-21.2-default.
> It seems that the resolver timeout control is not working.

Thank you for your efforts !!

- Daniel

--------------010605070404030506050701
Content-Type: text/plain;
 name="dcc_conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="dcc_conf"

#! /bin/sh

# set parameters for DCC start and cron scripts

# from Rhyolite Software DCC 1.3.51-1.57 $Revision$
DCC_CONF_VERSION=3

# don't set DCC_HOMEDIR since if we got here, it must be set
DCC_LIBEXEC=/var/dcc/libexec
DCC_RUNDIR=/var/run/dcc

# DCC user name
DCCUID=vscan


DCCD_ENABLE=off
# DCC server-IDs must be globally unique.
SRVR_ID=
# BRAND can be any short alphanumeric string that hints about the identity
#   of the server.
BRAND=
# args used to start dccd such as -6
DCCD_ARGS=


# GREY_CLIENT_ARGS contains "on", "-GnoIP", etc. to turn on greylisting 
#	in the dccm and dccifd DCC clients.
#   Also turns on the local greylist dccd server unless GREY_ENABLE=off
GREY_CLIENT_ARGS=-GIPmask/24
# GREY_ENABLE turns local greylist server 'on' or 'off',
#	but does not effect dccm, dccifd
GREY_ENABLE=on

# GREY_SRVR_ID DCC server-IDs must be globally unique, but greylisting dccd
#   servers are usually isolated.  If you have more than one greylist server,
#   ensure that they use distinct server-IDs and that they flood each other
#   with entries in /var/dcc/flod
GREY_SRVR_ID=$SRVR_ID
# Start dccd for grey listing or set server options such as -Gweak-IP.
#   See also GREY_ENABLE.
GREY_DCCD_ARGS=

# dccm and dccifd client reputation parameters such as -tREP,20
REP_ARGS="-tREP,10"

# DNS blacklist -B parameters for dccifd and dccm
#   For example
DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 mail %s from %s rejected; see http://www.spamhaus.org/xbl/' -Bsbl-xbl.spamhaus.org,any"

DCCM_ENABLE=off
# used to start dccm
#   a common value is
#	DCCM_ARGS="-SHELO -Smail_host -SSender -SList-ID"
#   Note the use of single quotes in
#	DCCM_ARGS="-SHELO '-r5.7.1 550 mail %s from %s rejected with DCC'"
DCCM_ARGS="-SHELO -Smail_host -SSender -SList-ID"
DCCM_LOGDIR=log
DCCM_WHITECLNT=whiteclnt
DCCM_USERDIRS=userdirs
# set DCCM_LOG_AT to a number that determines "bulk mail" for your situation.
#   50 is a typical value.
# Leave DCCM_REJECT_AT blank until you are confident that most sources of
#   solicited bulk mail have been white-listed.  Then set it to the number
#   that defines "bulk mail" for your site.  This rejection or "bulk" threshold
#   does not affect the blacklisting of the DCCM_WHITECLNT whitelist file.
# Add '-aIGNORE' to DCCM_ARGS to ignore the bulkiness of mail except to
#   add X-DCC headers.
DCCM_LOG_AT=50
DCCM_REJECT_AT=50
# override basic list of DCC server checksums controlling rejections or logging
DCCM_CKSUMS=
# additional DCC server checksums worthy of rejections or logging
DCCM_XTRA_CKSUMS=


DCCIFD_ENABLE=on
# used to start dccifd
#   a common value is
#   DCCIFD_ARGS="-SHELO -Smail_host -SSender -SList-ID"
DCCIFD_ARGS="-p 127.0.0.1,10023,127.0.0.1/32 -o 127.0.0.1,10026 -SHELO -Smail_host -SSender -SList-ID '-r5.7.1 550 Service unavailable; Mail rejected as SPAM' '-r4.2.1 452 Mail temporarily blocked; Please resend in ten minutes'"
DCCIFD_LOGDIR="$DCCM_LOGDIR"
DCCIFD_WHITECLNT="$DCCM_WHITECLNT"
DCCIFD_USERDIRS="$DCCM_USERDIRS"
DCCIFD_LOG_AT="$DCCM_LOG_AT"
DCCIFD_REJECT_AT="$DCCM_REJECT_AT"
# override basic list of checksums controlling rejections or logging
DCCIFD_CKSUMS="$DCCM_CKSUMS"
# additional DCC server checksums worthy of rejections or logging
DCCIFD_XTRA_CKSUMS="$DCCM_XTRA_CKSUMS"

# days to keep files in DCC log directories
DBCLEAN_LOGDAYS=2
# used to start dbclean, including -e and -E
DBCLEAN_ARGS=


# optionally set to something like "local5" or "local5.notice" for
#   dccd, dbclean, and dccm
DCC_INFO_LOG_FACILITY=
DCC_ERROR_LOG_FACILITY=


# ensure that the log facilities include levels and that $DCC_LOGGER
#   has a default.
if test -n "$DCC_INFO_LOG_FACILITY"; then
    if expr "X$DCC_INFO_LOG_FACILITY" : 'X.*\..*' >/dev/null; then
	:
    else
	DCC_INFO_LOG_FACILITY="$DCC_INFO_LOG_FACILITY.notice"
    fi
    DCC_LOG_ARGS="$DCC_LOG_ARGS -Linfo,$DCC_INFO_LOG_FACILITY"
fi
if test -z "$DCC_ERROR_LOG_FACILITY"; then
    # for $DCC_LOGGER
    DCC_ERROR_LOG_FACILITY=mail.err
else
    if expr "X$DCC_ERROR_LOG_FACILITY" : 'X.*\..*' >/dev/null; then
	:
    else
	DCC_ERROR_LOG_FACILITY="$DCC_ERROR_LOG_FACILITY.err"
    fi
    DCC_LOG_ARGS="$DCC_LOG_ARGS -Lerror,$DCC_ERROR_LOG_FACILITY"
fi
DCC_LOGGER="logger -s -p ${DCC_ERROR_LOG_FACILITY-mail.err} -t  ${LOGGER_TAG-DCC}"


# do not change the following lines which capture ./configure values
#	for make-dcc_conf
Configure_DCC_LIBEXEC=/var/dcc/libexec
Configure_DCC_RUNDIR=/var/run/dcc
Configure_DCCUID=vscan
Configure_DCC_LOGGER="logger -s -p ${DCC_ERROR_LOG_FACILITY-mail.err} -t  ${LOGGER_TAG-DCC}"

--------------010605070404030506050701--