Log message from WLIST tracing

Vernon Schryver vjs@calcite.rhyolite.com
Thu Mar 25 19:35:15 UTC 2010


> From: Gary Mills 

> I see that a log message like this is now the default:

unless you run dccd with -Tno-wlist

>     Mar 23 11:33:51 setup01 dccd[8625]: [ID 702911 mail.notice] REPORT whitelisted IP 28855f6f 882a9a62 5dea098c 544d7fd9 from ID 32769 at 130.179.16.64,49357
>
> Could it include the sendmail queue ID?  Otherwise, it's difficult to
> correlate this with a specific message.  Since it's not written by the
> milter, I suppose the queue ID is not available.

Dccd knows nothing about sendmail, milters, or anything beyond the
client-ID, transaction IDs, and checksums in the DCC client-server
protocol.  Those messages can be provoked by dccproc, dccifd, and
even dccsight as well as the sendmail milter, dccm.

To find the cause of those messages, first search for the checksum
"28855f6f 882a9a62 5dea098c 544d7fd9" in the DCC client log files in
/var/dcc/log on 130.179.16.64.

If that does not discover the cause, then determine the IP address that
corresponds to the checksum by feeding IP addresses that are in dccd's
/var/dcc/whitelist or any included files such as whitecommon, as in

    dccproc -QC -a 130.179.16.34 <<EOF
    header:asdf

    asdf
    EOF 

That gives me:

    X-DCC-Rhyolite-Metrics: calcite.rhyolite.com 101; Body=0 rep=20%
				reported: 0               checksum  server
			   IP: 28855f6f 882a9a62 5dea098c 544d7fd9
		   Message-ID: d41d8cd9 8f00b204 e9800998 ecf8427e
		    rep-total: 28855f6f 882a9a62 5dea098c 544d7fd9     491
			  rep: 28855f6f 882a9a62 5dea098c 544d7fd9     102

So it seems that 130.179.16.34 needs to be added to /var/dcc/whiteclnt
(or perhaps an included file such as /var/dcc/whitecommon) on
130.179.16.64


In 1.2.123 I will release /var/dcc/libexec/ck2ip but not bother to
write a manual page.  The usage message is:

    -C required except with -N (new cache)
    usage: [-vN] [-D cachedir] [-B IPv4-begin] [-E IPv4-end] [-C 'h1 h2 h3 h4]'

`c2kip -N -D /cache-dir` can be used to build 16 GByte cache that makes
it quick to find an IPv4 that correspondes to a given DCC checksum of an IPv4.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.