dccm and dccd (greylist) - Another newbie-

Dean Maluski dmaluski@n1ety.com
Sat Jan 14 14:28:05 UTC 2006


I failed to mention that greylist does seem to work.
New messages get tagged like this and I think get held for about 5
minutes.
_______________________________________________________________
Jan 14 09:24:38 punk sendmail[28665]: k0EEOcFd028665: from=<nahant-beta-
list-bounces@redhat.com>, size=1958, class=-60, nrcpts=1,
msgid=<mailman.0.1137248674.17184.nahant-beta-list@redhat.com>,
proto=ESMTP, daemon=MTA, relay=hormel.redhat.com [209.132.177.30]
Jan 14 09:24:39 punk sendmail[28665]: k0EEOcFd028665: Milter: data,
reject=452 4.2.1 mail k0EEOcFd028665 from 209.132.177.30 temporary
greylist embargoed
________________________________________________________________


On Sat, 2006-01-14 at 09:18 -0500, Dean Maluski wrote:
> I'm running RedHat Linux Enterprise Server 4.0.
> Running the latest version of MailScanner,
> SpamAssassin version 3.1.0
>   running on Perl version 5.8.5
> I discovered DCC back in late October but after reading documentation
> decided that I was very confused and decided to wait until I thought I
> understood it well enough before deploying.
> Finally about a week ago I came across a document in MailScannerf wiki
> that I felt would guide me through getting DCC up and running properly.
> Here is the link to document.
> http://wiki.mailscanner.info/doku.php?
> id=documentation:anti_spam:spamassassin:plugins:dcc:dccm_instead&s=Spamassassin
> I setup DCC following this document.
> One thing that I cheated on is I downloaded RedHat sendmail sources,
> compiled sendmail, then configured DCC with-sendmail against the
> sendmail sources. I did not re-install sendmail
> since there were a long list of patches in the redhat sources that I was
> afraid hadn't gotten properly compiled and I'm a true newbie to 
> C++ (G++?).
> Now here is the questions I have.
> When I bring up mailwatch and view mail headers there is a line in
> header like this.
> ____________________________________________________________
> X-DCC-EATSERVER-Metrics: punk.n1ety.com 1166; bulk Body=1 Fuz1=1
> Fuz2=many
> ____________________________________________________________
> and in the breakdown of spamassassin rules I have this.
> _________________________________________________________
> 2.17	DCC_CHECK_HDR	Use of 'dccm' header to mimic DCC_CHECK
> _________________________________________________________
> It's telling me I think that it thinks the header in spam message is a
> spoof or mimic scoring always 2.17 on spam. Legitimate email looks like
> this.
> __________________________________________________________
> X-DCC-EATSERVER-Metrics: punk.n1ety.com 1166; Body=39 Fuz1=39 Fuz2=39
> __________________________________________________________
> and in breakdown of spam rules I have no listing of DCC mentioned.
> 
> Also in my dcc subdirectory there is no dcc_db except when I created a
> file of such name thinking that perhaps if it's found it will start to
> build.
> Also the timestamp on grey_db and grey_db.hash never change and their
> byte size remain the same. It seems they get rebuilt within about a half
> hour after I rename them.
> I'll just attach a listing of /var/dcc, do the files timestamps look
> correct?
> Perhaps I have attributes incorrectly set.
> ____________________________________________________________
> drwxr-xr-x  3 root root  4096 Jan 13 09:04 build
> drwxr-xr-x  2 bin  bin   4096 Jan 13 09:23 cgi-bin
> -rw-r--r--  1 root bin   4246 Jan 13 17:35 dcc_conf
> -rw-r--r--  1 root root  4246 Jan 13 09:04 dcc_conf-new
> -rw-r--r--  1 root root  4297 Jan 12 19:02 dcc_conf.old
> -rw-r--r--  1 root root     0 Jan 13 08:35 dcc_db
> -rw-r--r--  1 root bin    825 Dec 30 08:34 flod
> -rw-r--r--  1 root root 86016 Jan 13 09:32 grey_db
> -rw-r--r--  1 root root 86016 Jan 13 09:32 grey_db.hash
> -rw-r--r--  1 root root 86016 Jan 12 00:12 grey_db.hash.old
> -rw-r--r--  1 root root     0 Jan 13 09:32 grey_db-old
> -rw-r--r--  1 root root 86016 Jan 12 00:12 grey_db.old
> -rw-r--r--  1 root bin    561 Dec 30 08:34 grey_flod
> -rw-r--r--  1 root root  8532 Jan 13 17:35 grey_flod.map
> -rw-r--r--  1 root bin    496 Dec 30 08:34 grey_whitelist
> -rw-------  1 root root  2548 Dec 30 08:34 ids
> drwxr-xr-x  2 bin  bin   4096 Jan 13 09:04 libexec
> drwx--x---  2 root bin  36864 Jan 14 09:09 log
> -rw-------  1 root root  4492 Jan 14 08:09 map
> -rw-------  1 root root  1105 Dec 30 08:34 map.txt
> -rw-r--r--  1 root root  9864 Jan 13 09:28 testmsg-whitelist
> -rw-r--r--  1 root root   215 Jan 13 09:28 testmsg-whitelist.log
> -rw-r--r--  1 root bin   3489 Dec 30 08:34 whiteclnt
> -rw-r--r--  1 root root 69140 Jan 14 09:09 whiteclnt.dccw
> -rw-r--r--  1 root bin   1813 Dec 30 08:34 whitecommon
> -rw-r--r--  1 root bin    482 Dec 30 08:34 whitelist
> [root@punk dcc]#
> __________________________________________________________
> Sorry for all the newbie questions, I seem to be obsessed with getting
> DCC functioning as it seems like the coolest creation since sliced
> bread.
> Dean
> 
> 
> (
>  
> 
> Unsure if I'm setup correctly?
> Below is a shot of processes.
> 
> _____________________________________________________________
> root      5365  0.0  0.0  4124 1012 ?        Ss   Jan13
> 0:00 /var/dcc/libexec/dccd -Gon -i 32702
> root      5411  0.0  0.0  2824  520 ?        Ss   Jan13
> 0:00 /var/dcc/libexec/dccm -tCMN,5,999999 -wwhiteclnt -llog -Uuserdroot
> 5412  0.0  0.1 59872 1680 ?        Sl   Jan13
> 0:01 /var/dcc/libexec/dccm -tCMN,5,999999 -wwhiteclnt -llog -Uuserd
> ______________________________________________________________
> 
> 
> Below is a shot from maillog.
> __________________________________________________________________
> Message k0EDXuwR022284 from 66.7.129.38 (8-13065107-n1ety.com?
> dmaluski@old.primethecolors.com) to n1ety.com is spam, SpamAssassin
> (score=20.065, required 4, autolearn=spam, BAYES_99 3.50, DCC_CHECK_HDR
> 2.17, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RATWARE_EFROM 3.60,
> RCVD_IN_BL_SPAMCOP_NET 1.56, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01,
> URIBL_WS_SURBL 2.14)
> _________________________________________________________________
> 




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.