OT: Using DCC for greylisting

Philip Hachey phachey at CITY.CORNWALL.ON.CA
Thu Oct 20 17:40:00 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

For anyone else that would also like to run DCC at the MTA (sendmail) level
using the dccm milter instead of having SpamAssassin call dccifd and/or
would like to use dccm as their greylist milter, the below account of what I
did to achieve this should help.  Note that dccm is a sendmail milter, and
so this is not applicable to other MTAs.

I'm not about to argue the merits of doing this beyond my intentions stated
in my previous email (see botoom).  This is merely to assist those who've
already decided for themselves that this is what they want.  As an added
bonus, the "broken pipe" messages in my maillog that were common with SA's
use of dccifd have disappeared.

Starting System
WhiteBox 3 (clone of RedHat Enterprise 3)
dcc-1.3.20 (Original installation of dcc only had dccifd enabled, which was
used by SA's DCC plugin to trigger DCC_CHECK scores)

Disable DCC in SA
- In /etc/mail/spamassassin/v310.pre:
* Comment out ^Óloadplugin Mail::SpamAssassin::Plugin::DCC^Ô

- In /etc/MailScanner/spam.assassin.prefs.conf:
* Comment out or remove the 'dcc_' lines (which, I know, isn't strictly
necessary since the plugin is disabled)

- Stop dcc service ('ps -e' should no longer show dccifd running)

SpamAssassin Rules
Now that SA's DCC plugin is disabled, prepare SpamAssassin to recognize and
score DCC based on the headers that will be added by dccm:

Create a file called dccm_header.cf in your custom rules folder containing
the following lines (or just add these lines to the end of your

# This ruleset created to detect and use DCCM milter inserted headers
# instead of the SpamAssassin DCC plugin

full     DCC_CHECK_HDR /^X-DCC-(?:[^:]{1,80}-)?Metrics:.*bulk/m
describe DCC_CHECK_HDR Use of 'dccm' header to mimic DCC_CHECK
score    DCC_CHECK_HDR 0 1.37 0 2.17

Make and Install DCC
- Fetch and unpack the dcc source from http://www.rhyolite.com/anti-spam/dcc/

**I installed DCC in /usr/local/dcc.  You may wish to retain the default
path of /var/dcc**

- Where <sendmail-build-path> is the build path from your installation of
sendmail 8.13, run:
# ./configure --homedir=/usr/local/dcc --with-sendmail=<sendmail-build-path>
# make
# make install

# cp -p misc/dcc.m4 /usr/share/sendmail-cf/feature/
[IMPORTANT: make sure the date stamp of the above
/usr/share/sendmail-cf/feature/dcc.m4 in the sendmail feature directory
corresponds with the build time]

- In /usr/local/dcc/dcc_conf:
* Change ^ÓDCCM_ENABLE^Ô to ^Óon^Ô
* Change ^ÓDCCM_ARGS^Ô FROM [blank] TO ^Ó-aIGNORE^Ô
* Change ^ÓDCCM_REJECT_AT^Ô FROM [blank] TO 999999
* Change ^ÓDCCIFD_ENABLE^Ô to ^Óoff^Ô
- If you want to use dccm to do greylisting, then also:
* Change ^ÓGREY_ENABLE^Ô from [blank] to ^Óon^Ô
* Change ^ÓGREY_CLIENT_ARGS^Ô from [blank] to ^Óon^Ô

- Optionally, in /usr/local/dcc/whiteclnt add "ok  env_to" lines for your
local domain postmaster(s)

Start DCC

- Start the dcc service.  'ps -e' should show dccm.  dccd will also be
present if you have enabled greylisting.

- If using greylisting, then run:
# cdcc info
If the greylist server is listed as not responding, then run
# cdcc "add localhost greylist 32768 <secret>"
where <secret> can be found in /usr/local/dcc/ids
and restart dcc

Reconfigure Sendmail to use dccm
- Insert before ^ÓMAILER^Ô lines in /etc/mail/sendmail.mc:

- Run 'make -C /etc/mail' or whatever you use to update sendmail.cf from

- Restart MailScanner and sendmail

- Monitor your maillog for a while to verify that greylisting is happening
(if enabled), that X-DCC headers are being added by dccm and DCC_CHECK_HDR
is being triggered in SA by bulk mail

OPTIONAL: Add Logwatch filters
For this, I'm using logwatch-7.0-2:

Create a file called /etc/logwatch/conf/services/sendmail.conf containing:
$Sendmail_Detail = 5

$Sendmail_MatchFilter = "                                            \
   # Filter and count how many times a DCC header is added by 'dccm' \
   if ($ThisLine =~ /Milter change \(add\): header: X-DCC-/) {       \
      $MilterHeaderCount{"X-DCC: total"}++;                          \
      if ($ThisLine =~ /bulk/) {                                     \
          $MilterHeaderCount{"X-DCC: bulk"}++;                       \
      }                                                              \
      $ThisLine = "DEBUG: ";                                         \
   }                                                                 \
   # Filter and count how many messages were greylist embargoed            
   if ($ThisLine =~ /stat=mail .{14} from (\d{1,3}\.){1,3}\d{1,3} temporary
greylist embargoed/) { \
      $ThisLine = "DEBUG: ";                                               

All done,
Philip J. Hachey

On Fri, 7 Oct 2005 15:12:31 -0400, Philip Hachey
<PHachey at CITY.CORNWALL.ON.CA> wrote:

>I'm about to go ahead and reconfigure DCC so that 1) it runs at the MTA
>level and 2) acts as greylist milter for Sendmail.
>Running DCC at the MTA level (as a daemon) should be more efficient than
>having SpamAssassin call dccifd -- and I still plan on SpamAssassin using
>DCC in it's scoring which is fine, since SA looks for the presence of  a
>DCC added header (basing it's scores on that) and only queries dccifd if
>there isn't one (or for reporting).
>My main motivation for running DCC at MTA is to use it's greylisting.  If
>there's anyone here who has some experience with DCC greylist features,
>would you be so kind as to share your experience?  Were there any issues
>with SpamAssassin or MailScanner?  How does it compare with other greylist
>Philip J. Hachey, BCS(High Hons)
>City of Cornwall

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list