Central whitelist questions

Vernon Schryver vjs@calcite.rhyolite.com
Mon Oct 14 02:40:09 UTC 2002

> From: Gary Mills <mills@cc.UManitoba.CA>
> Subject: Central whitelist questions

> I'm setting up a procedure so that users can nominate bulk mail for
> inclusion in a central whitelist.  They will provide the name of a
> DCC log file.  A script will then extract the appropriate information
> from the collected log files to build a file in whitelist format.

What is the appropriate information and how do you determine it
automatically?  Adding white list entries for all checksums of a sample
message might too quickly exhaust the 80,000 limit on the size of the
client white list hash tables.  As people have pointed out in the DCC
mailing list, there are sources of solicited bulk mail that do not
use constant envelope Mail_From values but must be white-listed by
other characteristics.

> ...
> 1) Should the new whitelist file be included in `whitelist' or in
>    `whiteclnt'?  The `whiteclnt' file is only used by dccm.

Dccm is told which main white list file to use with `dccm -w`
That file can contain "include" lines naming other files.  The value
used in the distributed dcc_conf file for DCCM_WHITECLNT is whiteclnt.
If you have not changed that value, then it might be good to add something
like the following line to /var/dcc/whiteclnt:

   include /some/where/your/whitefile

> 2) A typical DCC log file header looks like this, spam in this case:

> ...
>         env_From: <xbncmdkfb@aol.com>  mail_host=aol.com.

>    To fill in `ok env_from' lines in the whitelist file, do I strip
>    the angle brackets from the envelope address shown above, or leave
>    it exactly as is?

An optional matching pair of <> brackets are ignored on white list

] From: Gary Mills <mills@cc.UManitoba.CA>
] Subject: dccm refusing connections

] ...
] Oct 13 19:39:44 electra sm-mta[25435]: [ID 801593 mail.error] g9E0dinp025435: Milter (dcc): error connecting to filter: Connection refused by /var/run/dcc/dccm
] Oct 13 19:39:44 electra sm-mta[25435]: [ID 801593 mail.info] g9E0dinp025435: Milter (dcc): to error state

That implies that dccm is not answering.

] `dccm' was running, and was working correctly.  The mail server was
] lightly loaded at the time.  What's wrong?  Hmm, something is wrong
] with `dccm'.  I can't truss it.  A DCC restart had trouble killing the
] process, but it finally succeeded.  The logs look normal now.
] I also notice that `dccm' is using an aweful lot of file descriptors,
] and sometimes runs out of them.  It currently has a limit of 472 file
] descriptors, and is using 469 of them.  Is this normal?  The bulk of
] them look like this in `lsof':
] dccm    9413 daemon  468u  IPv4 0x30004a04f88      0t0    UDP electra.cc.umanitoba.ca:38953 (Wait_Data_Xfr)
] or like this in `pfiles':
]  468: S_IFSOCK mode:0666 dev:220,0 ino:61111 uid:0 gid:0 size:0
]         sockname: AF_INET  port: 38953
]         peername: AF_INET  port: 6277

If all of the file descriptors look like that, then my second guess
is that your DCC servers are not answering, and that dccm is stuck
waiting for answers.  If that is the case, then it might help to ensure
that the cron jobs for your dcc servers are not both running at the
same time.  If that is already fixed, then it might be good to use
   cdcc "add dcc.dcc-servers.net RTT+1000"
to add some backup DCC servers.
I am assuming that `cdcc info` says that both of your dcc servers
are already known to your dccm process(es).

My first guess is that fairly old version of dccm is in use.  Problems
with dccm running out of file descriptors on Solaris were reported
and fixed several months ago.  Dccm puts its version number into the
log when it starts.

Vernon Schryver    vjs@rhyolite.com

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.