dccifd vs greylisting

Vernon Schryver vjs@calcite.rhyolite.com
Sun Dec 21 05:40:53 UTC 2003

> From: "John R Levine" <johnl@iecc.com>

> So I set up a greylist server like this, using the same IP as my main DCC
> server:
>  $ libexec/dccd -b -i 32702 -n IECC -a -I iecc.com -G20 -TALL

-n, -T, and -I are not needed for dccd as a grey list server.
I use -G, -i server-ID

> Looks reasonable, then I restarted dccifd so it'd notice the greylist
> server, and used a little program to send stuff to dccifd which opens the
> socket, copies stdin to it, shutdown(), and then copies back the result.
> No matter what I feed it, all I can get is A responses, not G.  For
> example I feed it this:
> ...

It works for me with both tests programs in dccifd/dccif-test:

    ./dccif-test.pl -o 'header' -f foo@example.com -r bin@rhyolite.com -c -I msg2
    X-DCC-Rhyolite-Metrics: calcite.rhyolite.com 101; Body=4 Fuz1=4 Fuz2=4


    ./dccif-test -o 'header' -f foo@example.com -r bin@rhyolite.com -c -I msg2
    X-DCC-Rhyolite-Metrics: calcite.rhyolite.com 101; Body=4 Fuz1=4 Fuz2=4
    overall result = G
	bin@rhyolite.com : G

msg2 contains a complete SMTP message including headers.

I did have some irrelevant adventures:
  - My build tree does not include a configured version of dccif.pl
      in the dccifd directory.
  - I just assumed that it wouldn't work and so tried to grab the
      dccifd process with gdb so I could watch the request (not)
      arrive.  It seems the gdb in FreeBSD 4.9 consistent core-dumps
      just as it gets a hold of the dccifd process.

> ...
> X-DCC-IECC-Metrics: xuxa.iecc.com 1107; Body=2
> That was the second test, the first one said Body=1. 

That the body counts differ and assuming that the tests were done
within your 20 second embargo is consistent with not talking to
the greylist server.  (A 20 second embargo might leak a little
spam, but should reduce problems with lame SMTP clients.)

What happens if you trace everything that the greylist server sees
with `cdcc "grey on; Id 32702; trace all on"`

Does `cdcc info` run a user that can read /var/dcc/map say that
your map file knows about the grey list server?  For example,
`cdcc info` here finishes with:

    #,-                                        dmv.com ID 1181
    #      84% of 32 requests ok 1080.90+1270 ms RTT       120 ms queue wait

    # 12/20/03 22:24:25 MST  GreyList /var/dcc/map
    # Re-resolve names after 23:29:40  
    # 1 total, 1 working servers

    localhost,-                 Greylist 32769 zzzzzzz
    # *,-                                                   ID 101 
    #     100% of 32 requests ok    5.12 ms RTT              0 ms queue wait

The client-ID and password must be right, because `dccd -G` refuses
anonymous requests.

Are there any complaints from dccifd in the logs?  For example,
in my first attempt I forget a parameter and got

   ...  dccifd[9946]: envelope Mail_From not available for greylisting

] From: "John R Levine" <johnl@iecc.com>

] Minor note, I found and turned on the undocumented -G flag to dccifd but
] it didn't help.

-G is mentioned in the dccifd man page and in the currently sample
/var/dcc/dcc_conf.  In established systems it might be necessary
to look in /var/dcc/dcc_conf*new See
http://www.dcc-servers.net/dcc/dcc-tree/dccifd.html#OPTION-G and
See also http://www.dcc-servers.net/dcc/INSTALL.html#step-greylist

Where else should it be documented?  

Vernon Schryver    vjs@rhyolite.com

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.