Juliano - USP - DCC greylist and plugin SA

Juliano Alves Guidini jguidini@usp.br
Mon Apr 27 14:47:34 UTC 2015


Hi Mr Schryver, thanks for reply! 

My sequence of filtering in postfix is: 

Before-queue ( postfix ): 
- badmailfrom ( postfix ) 
- regex ( postfix ) 
- CIDR ( postfix ) 
- badrcptto ( postfix ) 
- Greylist ( dccifd smtp proxy ) 
- Clamav-milter ( postfix ) 

After-queue 
- Amavid-new + SA + antivirus entreprise 

Greylisting is working very good in this sequence. 

I enable -a IGNORE suggested. My confs for DCC are ( ignore debug, its a dev system ): 

dccifd -I998 -llog -wwhiteclnt -dd -S mail_host -G on -p 127.0.0.1,10025,127.0.0.1/32 -o 127.0.0.1,10026 -a IGNORE 

And on messages the headers X-DCC--Metrics: fspam3 1050; Body=many Fuz1=many are add for a GTUBE example, by dccifd in greylist mode. 

But when a message enters amavid-new, see debug output ( commented by me ): 

Apr 27 11:02:40 fspam3 amavis[31148]: (31148-01) SA dbg: dcc: dccifd is not available; no r/w socket at /usr/local/dccdir/dccifd < ---- Yes, not have socket using SMTP proxy 

Apr 27 11:02:40 fspam3 amavis[31148]: (31148-01) SA dbg: check: create_fulltext_tmpfile, written 1015 bytes to file /var/amavis/tmp/.spamassassin31148Kr14Cxtmp 
Apr 27 11:02:40 fspam3 amavis[31148]: (31148-01) SA dbg: dcc: opening pipe to /usr/local/bin/dccproc -C -x 0 -Q -a 143.107.71.114 -w whiteclnt </var/amavis/tmp/.spamassassin31148Kr14Cxtmp <-- Using dccproc! I don't want this.. 
Apr 27 11:02:40 fspam3 amavis[31165]: (31148-01) SA dbg: util: setuid: ruid=997 euid=997 
Apr 27 11:02:40 fspam3 amavis[31148]: (31148-01) SA dbg: dns: leaving helper-app run mode 
Apr 27 11:02:40 fspam3 amavis[31148]: (31148-01) SA dbg: dcc: dccproc responded with 'X-DCC--Metrics: fspam3 1050; Body=many Fuz1=many' <-- The headers already on message, dccproc classify them. 
Apr 27 11:02:40 fspam3 amavis[31148]: (31148-01) SA dbg: check: tagrun - tag DCCB is now ready, value: 
Apr 27 11:02:40 fspam3 amavis[31148]: (31148-01) SA dbg: check: tagrun - tag DCCR is now ready, value: fspam3 1050; Body=many Fuz1=many 
Apr 27 11:02:40 fspam3 amavis[31148]: (31148-01) SA dbg: dcc: listed: BODY=999999/9 FUZ1=999999/8 FUZ2=0/999999 REP=0/90 
Apr 27 11:02:40 fspam3 amavis[31148]: (31148-01) SA dbg: rules: ran eval rule DCC_CHECK ======> got hit (1) 

SA does the work again, instead parse header on message. 
If I disable DCC plugin the headers are not parsed by SA. 

Best Regards, 

Juliano Alves Guidini 
Analista de Sistemas 
CeTI-SP - DVD - SCSC 

----- Original Message -----

> From: "Vernon Schryver" <vjs@rhyolite.com>
> To: dcc@calcite.rhyolite.com
> Cc: jguidini@usp.br
> Sent: Friday, April 24, 2015 10:56:30 PM
> Subject: re: Juliano - USP - DCC greylist and plugin SA

> > From: Juliano Alves Guidini <jguidini@usp.br>

> > I'm configuring our MX to use DCC as greylist using dccifd as a
> > before-queue content filter and I want to pass the messages
> > filtered by greylist in a amavisd-new + SA in the same machine.
> > Dccifd can work inet or socket and SA use dccifd as socket or
> > inet but not SMTP proxy, used in smtpd_proxy_filter ( postfix ),
> > in other words, without -o parameter.
> >
> > As you suggest to use both, greylist client and SA DCC plugin in
> > same machine?

> What software will do greylisting, dccifd, amavisd-new, postfix,
> or something else?

> Whatever does greylisting must be applied during the SMTP
> transaction,
> and so must at least as much of an SMTP proxy as any postfix
> before-queue
> filter.

> I've tried postfix a few times, but I don't remember enough about it
> to do better than quote manual and web pages. For example I thought
> that one almost always needs some -o parameters in
> /etc/postfix/master.cf
> and so do not understand "without -o parameter".

> Perhaps some other reader of this mailing list can help.

> My general non-answer based on my guesses about the question is
> that I would run dccifd as a postfix before-queue filter as described
> in `man dccifd`. I would configure dccifd to do greylisting DCC
> checks without action by `dccifd -G on -a IGNORE`.
> "-a IGNORE" would add X-DCC headers to messages that get past
> greylisting. SpamAssassin would notice the DCC counts in the
> X-DCC headers and apply the configured DCC.pm thresholds to
> adjust the SpamAssassin total score.

> The computer running dccd for DCC could be the same or different
> from the computer running `dccd -G on` for the greylist database.
> You might want separate computers. However, there are computers that
> for years have been both `dccd` and `dccd -G on` for 25 to 30 million
> mail
> messages per day per computer.

> Vernon Schryver vjs@rhyolite.com

> P.S. most subscribers did not receive copies of Juliano Alves
> Guidini's
> message because of my error in the /var/dcc/whiteclnt file. I hope I
> have fixed that error.

> I suspect that most copies of a previous message to this mailing list
> announcing the availability of verisons 1.3.158 and 2.3.158 of the
> DCC
> software were also lost. It was the usual form letter advocating
> the use of /var/dcc/libexec/updatedcc to fetch, ./configure, compile,
> install and restart the daemons with the current version.



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.