Juliano - USP - DCC greylist and plugin SA

Vernon Schryver vjs@rhyolite.com
Sat Apr 25 01:56:30 UTC 2015

> From: Juliano Alves Guidini <jguidini@usp.br>

> I'm configuring our MX to use DCC as greylist using dccifd as a
> before-queue content filter and I want to pass the messages
> filtered by greylist in a amavisd-new + SA in the same machine.
> Dccifd can work inet or socket and SA use dccifd as socket or
> inet but not SMTP proxy, used in smtpd_proxy_filter ( postfix ),
> in other words, without -o parameter.
> As you suggest to use both, greylist client and SA DCC plugin in same machine?

What software will do greylisting, dccifd, amavisd-new, postfix,
or something else?

Whatever does greylisting must be applied during the SMTP transaction,
and so must at least as much of an SMTP proxy as any postfix before-queue

I've tried postfix a few times, but I don't remember enough about it
to do better than quote manual and web pages.  For example I thought
that one almost always needs some -o parameters in /etc/postfix/master.cf
and so do not understand "without -o parameter".

Perhaps some other reader of this mailing list can help.

My general non-answer based on my guesses about the question is
that I would run dccifd as a postfix before-queue filter as described
in `man dccifd`.  I would configure dccifd to do greylisting DCC
checks without action by `dccifd -G on -a IGNORE`.  
"-a IGNORE" would add X-DCC headers to messages that get past 
greylisting.  SpamAssassin would notice the DCC counts in the
X-DCC headers and apply the configured DCC.pm thresholds to 
adjust the SpamAssassin total score.

The computer running dccd for DCC could be the same or different
from the computer running `dccd -G on` for the greylist database.
You might want separate computers.  However, there are computers that
for years have been both `dccd` and `dccd -G on` for 25 to 30 million mail
messages per day per computer.

Vernon Schryver    vjs@rhyolite.com

P.S. most subscribers did not receive copies of Juliano Alves Guidini's
message because of my error in the /var/dcc/whiteclnt file.  I hope I
have fixed that error.

I suspect that most copies of a previous message to this mailing list
announcing the availability of verisons 1.3.158 and 2.3.158 of the DCC
software were also lost.  It was the usual form letter advocating
the use of /var/dcc/libexec/updatedcc to fetch, ./configure, compile,
install and restart the daemons with the current version.

