![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2018-01-22
Public DCC servers
Your firewalls must allow responses to requests from dccproc or dccifd on your system to come from UDP port 6277 at the public servers.
If your mail system processes more than 100,000 messages per day, you should use your own, probably private DCC server connected to the global network of DCC servers.
When using someone else's server, you must either contact them for a DCC client-ID and corresponding password.
IP addresses of the public DCC servers define the DNS names
dcc1.dcc-servers.net, dcc2.dcc-servers.net ............
HomePage
dccifd
Distributed Checksum Clearinghouse Interface Daemon
dccproc
dcc client
Install
yum install xz
wget https://www.dcc-servers.net/dcc/source/dcc.tar.Z
gzip -d dcc.tar.Z
tar -xf dcc.tar
cd dcc-*
PREFIX=/opt/dcc
./configure --bindir=$PREFIX/bin \
--libexecdir=$PREFIX/lib/dcc \
--mandir=$PREFIX/man \
--homedir=/var/lib/dcc \
--with-uid=mail --with-gid=mail \
--disable-IPv6make
make install # 獲得: cdcc dccif-test dccproc
chown -R mail. /var/lib/dcc
spamassassin config
/etc/mail/spamassassin/v310.pre
# DCC is disabled by default in v310.pre loadplugin Mail::SpamAssassin::Plugin::DCC
/etc/mail/spamassassin/local.cf
#### dcc # default: 1 use_dcc 1 # default: 8 dcc_timeout 8 dcc_home /var/lib/dcc dcc_path /opt/dcc/bin/dccproc add_header all DCC _DCCB_: _DCCR_ # Score (中左 DCC 的 Mail 會被加幾多分) score DCC_CHECK 4.0 # The default is 999999 for all these options. # If the the count is above 999999, then 4.0 points will be added to the spamassassin score. dcc_body_max 50 dcc_fuz1_max 50 dcc_fuz2_max 50 # Report messages with total scores this much larger than the SpamAssassin spam threshold to DCC as spam (default: undef) dcc_learn_score n
make sure spamassassin is using dccifd and not dccproc as the former is much more efficient
spamassassin will use dccifd if it can find the socket (typically /var/dcc/dccifd)
cdcc
Control Distributed Checksum Clearinghouse
displays information about the connections to DCC servers.
The currently preferred IP address is indicated by an asterisk.
cdcc info
# 01/16/18 11:45:20 HKT /var/lib/dcc/map # Re-resolve names after 13:33:08 Check RTTs after 12:00:06 # 1386.81 ms threshold, 1386.78 ms average 12 total, 11 working servers IPv6 off version=3 dcc1.dcc-servers.net,- RTT+1000 ms anon # 69.171.29.33,- ID 1102 # 100% of 1 requests ok 341.84+1000 ms RTT 100 ms queue wait # 74.92.232.243,- Etherboy ID 1002 # 100% of 1 requests ok 363.78+1000 ms RTT 100 ms queue wait # *209.169.14.27,- x.dcc-servers ID 104 # 100% of 1 requests ok 286.78+1000 ms RTT 100 ms queue wait dcc2.dcc-servers.net,- RTT+1000 ms anon # 67.66.138.141,- ID 1356 # 100% of 1 requests ok 330.78+1000 ms RTT 100 ms queue wait # 69.12.208.70,- sonic.net ID 1156 # 100% of 1 requests ok 286.83+1000 ms RTT 100 ms queue wait
dccproc
-C outputs only the X-DCC header and the checksums for the message.
-H outputs only the X-DCC header.
-Q only queries the DCC server about the checksums of messages instead of reporting.
Example:
dccproc -H < good1.eml
X-DCC-x.dcc-servers-Metrics: my_mx_server 104; Body=1 Fuz1=1 Fuz2=1
dccproc -H < spam1.eml
X-DCC-x.dcc-servers-Metrics: my_mx_server 104; Body=1 Fuz1=260 Fuz2=many
# rejects mail with total counts of 10 or larger
dccproc -ERw whiteclnt -ccmn,10 < mail.eml
Opts:
-c type,[log-thold,]rej-thold
checksum types
IP, env_From, From, Message-ID, substitute, Received, Body, Fuz1, Fuz2, rep-total, and rep
cmn
specifies the commonly used checksums: Body, Fuz1, and Fuz2.
rep
DCC Reputation thresholds in the commercial version of DCC
-w whiteclnt
file containing SMTP client IP addresses and SMTP headers of mail that do not need X-DCC headers and
whose checksums should not be reported to the DCC server.
If the pathname is not absolute, it is relative to the DCC home directory.
Header (X-DCC-?)
X-DCC-x.dcc-servers-Metrics: my_mx_server 104; Body=5 Fuz1=302 Fuz2=many
Format
X-DCC-brand-Metrics: client; whitelist
X-DCC-brand-Metrics: client server-ID; bulk cknm1=count cknm2=count ...
brand is the "brand name" of the DCC server, such as "RHYOLITE".
client is the name or IP address of the DCC client that added the header line to the SMTP message.
whitelist appears if the global /var/dcc/whiteclnt or per-user file marks the message as good.
server-ID is the numeric ID of the DCC server that the DCC client contacted.
判斷
bulk is present if one or more checksum counts exceeded the DCC client's thresholds to make the message "bulky."
bulk rep is present if the DCC reputation of the IP address of the sender is bad.
cknm1,cknm2,... are types of checksums:
IP address of SMTP client
env_From SMTP envelope value
From SMTP header line
Message-ID SMTP header line
Received last Received: header line in the SMTP message
substitute SMTP header line chosen by the DCC client, prefixed with the name of the header
Body SMTP body ignoring white-space
Fuz1 filtered or "fuzzy" body checksum
Fuz2 another filtered or "fuzzy" body checksum
rep DCC reputation of the mail sender or the estimated probability that the message is bulk.
Counts for IP, env_From, From, Message-Id, Received, and substitute checksums are omitted by the DCC client if the server says it has no information.
Counts for Fuz1 and Fuz2 are omitted if the message body is empty or contains too little of the right kind of information for the checksum to be computed.
count
It is the total number of recipients of messages with that checksum reported directly or indirectly to the DCC server.
The special count "MANY" means that DCC client have claimed that the message is directed at millions of recipients.
"MANY" imples the message is definitely bulk, but not necessarily unsolicited.
The special counts "OK" and "OK2" mean the checksum has been marked "good" or "half-good" by DCC servers.
i.e.
X-DCC-MGTINTERNET-Metrics: my_mx_server 1170; Body=1
