dccm default to reject when servers can't be contacted?

Vernon Schryver vjs@calcite.rhyolite.com
Sat Nov 9 02:04:48 UTC 2002

> From: Chris Gleba <chris@soma.978.org>

> FEATURE(dccdnsbl, `relays.ordb.org', `"Mail from " $`'&{client_addr}
> "reject to DCC - see http://www.ordb.org/faq/"')

I rebuilt my sendmail.cf with that line in the .mc file.  That
resulted in these additional lines:

 # DNS based IP address spam list relays.ordb.org connected to DCCM
 R$*			$: $&{client_addr}
 R::ffff:$-.$-.$-.$-	$: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
 R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
 R<?>OK			$: OKSOFAR
 R<?>$+			$@ $(macro {dcc_isspam} $@ "Mail from " $&{client_addr} "reject to DCC - see http://www.ordb.org/faq/" $) REJECT

> ...
> To test whether mail gets rejected when dcc servers could not be
> contacted I created a phony domain in my name server for
> dcc.dcc-servers.net:

I can't easily do that, because my DNS server is a secondary for
dcc-servers.net.  Instead I used cdcc to switch to a non-existent DCC

> ...
> Tested it with nslookup as well as cdcc and it worked --
> dcc.dcc-servers.net could not be resolved while everything else resolved
> fine.

I didn't send from hotmail, but from z.dcc-servers.net.  With a working
DCC server, things worked fine.

> Then I sent a mail to myself from hotmail -- maillog said as follows:

When I used the non-existent DCC server, things worked also fine.
The only differences in my tests were that no X-DCC header was added
to the message and there were some complaints from dccm in the system
log aobut the bad DCC server.

> ...
> sendmail.cf-->{dcc_isspam}: "Mail from reject to DCC -
> see http://www.ordb.org/faq/"

I don't see how that message could have been generated unless sendmail
set the ${dcc_isspam} macro.  How else could dccm have found that text?
(I checked the source for uninitialized variables, but found none.)

> X-DCC-wanadoo-be-Metrics: harp 1016; bulk Body=many Fuz1=many Fuz2=many

That X-DCC header should not have been generated unless that DCC server
answered.  But I see no sign that dccm heard from a DCC server in the
list of checksums.

All I can see to do is to check more things:

  - does that "reject to DCC - see http://www.ordb.org/faq/" appear
      anywhere else in your sendmail.cf file?  (not .mc file)

  - what happens if you delete that line from your sendmail.cf file?
      My guess is that dccm won't reject the message.  If that's right,
      then we'll know that dccm is doing as it's told, but being told
      the wrong thing.

  - what version of sendmail are you using?  8.12.5?  If so, that ought
      to be similar to what I'm using.  Which version of the DCC source
      are you using?

   - I copied the lines generated by FEATURE(dccdnsbl) from some version
      of sendmail's DNSBL support.  I see they've changed things in
      or before 8.12.7, and so I'll change misc/dccdnsbl.m4 in the
      next version of the DCC source to match.  It might be interesting
      to try that version:

*** 41,49 ****
  # DNS based IP address spam list _DCCDNSBL_SRV_ connected to DCCM
  R$*			$: $&{client_addr}
- R::ffff:$-.$-.$-.$-	$: <?> $(host $4.$3.$2.$1._DCCDNSBL_SRV_. $: OK $)
  R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1._DCCDNSBL_SRV_. $: OK $)
  R<?>OK			$: OKSOFAR
  R<?>$+			$@ $(macro {dcc_isspam} $@ _DCCDNSBL_MSG_ $) REJECT
--- 41,49 ----
  # DNS based IP address spam list _DCCDNSBL_SRV_ connected to DCCM
  R$*			$: $&{client_addr}
  R$-.$-.$-.$-		$: <?> $(host $4.$3.$2.$1._DCCDNSBL_SRV_. $: OK $)
  R<?>OK			$: OKSOFAR
+ R<?>$+<TMP>		$: TMPOK
  R<?>$+			$@ $(macro {dcc_isspam} $@ _DCCDNSBL_MSG_ $) REJECT

As far as I can see, they've changed tactics for IPv6 and are doing 
something for temporary failures by the DNS blacklist.
If somehow the change to your DNS server caused temporary DNS failures in
asking relays.ordb.org, then most of the mysteries would be explained.

Vernon Schryver    vjs@rhyolite.com

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.