Provided by: dcc-client_1.2.74-2_i386
dccifd - Distributed Checksum Clearinghouse Program Interface
dccifd [-VdbxANQ] [-G on | off | noIP | IPmask/xx] [-h homedir]
[-p /sock | host,port,rhost/bits] [-o /sock | host,port]
[-D local-domain] [-r rejection-msg] [-m map] [-w whiteclnt]
[-U userdirs] [-a IGNORE|REJECT] [-t type,[log-thold,]rej-thold]
[-g [not-]type] [-S header] [-l logdir] [-R rundir] [-T tmpdir]
[-j maxjobs] [-B dnsbl-option] [-L ltype,facility.level]
Dccifd is a daemon intended to connect spam filters such as SpamAssasin
and mail transfer agents (MTAs) other than sendmail to DCC servers. The
MTA or filter dccifd which in turn reports related checksums to the
nearest DCC server. DCCIFD then adds an X-DCC SMTP header line to the
message. The MTA is told to reject the message if it is unsolicited
Dccifd is similar to the DCC sendmail milter interface, dccm(8) and the
DCC Procmail interface, dccproc(8). dccifd is more efficient than
dccproc but not restricted to use with sendmail. All three send reports
of checksums related to mail received by DCC clients and queries about
the total number of reports of particular checksums.
MTA programs generally use a simple ASCII protocol to send a mail message
including its SMTP envelope to the daemon. Dccifd responds with an
indication of whether the message is unsolicited bulk and an optional
copy of the message with an X-DCC header added. The protocol is
described below and in the include/dccif.h file in the DCC source. There
is a sample C interface routine in the dcclib/dccif.c file in the DCC
source and the dcclib.a library generated from the source. A Perl
version of the interface routine is in dccifd/dccif.pl. Test or
demonstration programs in the style of dccproc(8) that use those
interface routines are in dccifd/dccif-test.
A subset of ESMTP can be used instead of the ASCII protocol to connect
dccifd to postfix as a "Before-Queue Content Filter." See the -o flag.
Since the checksums of messages that are whitelisted locally by the -w
whiteclnt file are not reported to the DCC server, dccifd knows nothing
about the total recipient counts for their checksums and so cannot add
X-DCC header lines to such messages.
The list of servers that dccifd contacts is in a memory mapped file
shared by local DCC clients. The file is maintained with cdcc(8). Turn
on the daemon and put its parameters in the dcc_conf. Start the daemon
with the start-dccifd script.
The following options are available:
-V displays the version of the DCC program interface.
-d enables debugging output from the DCC client library. Additional -d
options increase the number of messages. A single -d causes aborted
SMTP transactions to be logged.
-b causes the daemon to not detach itself from the controlling tty and
put itself into the background.
-x causes the daemon to try "extra hard" to contact a DCC server.
Since it is usually more important to deliver mail than to report
its checksums, dccifd normally does not delay too long while trying
to contact a DCC server. It also will not try again for several
seconds after a failure. With -x, it will always try to contact the
DCC server and it will tell the MTA to answer the DATA command with
a 4yz temporary failure.
-A adds to existing X-DCC headers in the message instead of replacing
existing headers of the brand of the current server.
-N neither adds, deletes, nor replaces existing X-DCC headers in the
message. Each message is logged, rejected, and otherwise handled
-Q only queries the DCC server about the checksums of messages instead
of reporting and querying. This is useful when dccifd is used to
filter mail that has already been reported to a DCC server by
another DCC client. This can also be useful when applying a private
white or black list to mail that has already been reported to a DCC
server. No single mail message should be reported to a DCC server
more than once per recipient, because each report will increase the
apparent "bulkness" of the message.
-G on | off | noIP | IPmask/xx
controls greylisting. At least one working greylist server must be
listed in the map file in the DCC home directory. If more than one
is named, they must "flood" or change checksums and they must use
the same -G parameters. See dccd(8). Usually all DCC client
processes of dccm or dccifd should use the same -G parameters.
IPmask/xx and noIP remove part or all of the IP address from the
greylist triple. The CIDR block size, xx, must be between 1 and
128. 96 is added to block sizes smaller than 33 to make them
appropriate for the IPv6 addresses used by the DCC. IPmask/96
differs from noIP because the former retains the IPv4 to IPv6
-W turns off DCC filtering by default to ease managing systems where
only a minority of users want unsolicited bulk mail to be rejected.
This is equivalent to a option dcc-off line in the main -w whiteclnt
file. When DCC filtering is off, the DCC server is queried and the
X-DCC header is added but the message is marked to be delivered
regardless of target counts and thresholds.
DCC filtering is enabled for a mailbox when -W is not used and there
is no option dcc-off line in the main or per-user whiteclnt file or
there is a option dcc-on pine in the per-user whiteclnt file for the
mailbox. DCC filtering can also be enabled with an "OK2" entry for
the fully qualified mailbox in the main or per-user whiteclnt file.
Messages sent only to target addresses that are listed in the global
or relevant per-user -w whiteclnt file with "OK" are not reported to
the DCC server and so are not rejected and do not receive X-DCC
overrides the default DCC home directory, which is often /var/dcc.
-p /sock/name | host,port,rhost/bits
overrides the default address at which programs contact dccifd. The
default is a UNIX domain socket named dccifd in the DCC home
The second form specifies a local host name or IP address, a local
TCP port number, and the host names or IP addresses of computers
that can use dccifd. 127.0.0.1 or localhost are common choices for
host. The string @ specifies IN_ADDRANY or all local IP addresses.
127.0.0.0/8 is a common choice for rhost/bits.
-o /sock | host,port
enables SMTP proxy mode instead of the ASCII protocol and specifies
the address of the SMTP server for which dccifd acts as SMTP client.
When /sock is /var/null, dccifd acts as if there were downstream
SMTP server that always answers "250 ok". The string @ specifies
the same IP address as the incoming TCP connection.
See below concerning the subset of ESMTP used in this mode.
specifies a name or path of the memory mapped parameter file instead
of the default map in the DCC home directory. It should be created
with the cdcc(8) command.
specifies an optional file containing SMTP client IP addresses, SMTP
envelope values, and header values of mail that is not spam, does
not need a X-DCC header, and whose checksums should not be reported
to the DCC server. Local whitelist env_To values are handy for
whitelisting or exempting destination addresses such as Postmaster
from filtering and for blacklisting or marking addresses that should
never receive mail. Mail sent to blacklisted addresses or with
other blacklisted values such as From or env_From values is reported
to the DCC server as spam or with target counts of millions.
If the pathname whiteclnt is not absolute, it is relative to the DCC
home directory. The format of the dccifd whiteclnt file is the same
as the whitelist files used by dbclean(8) and the whiteclnt file
used by dccproc(8). See dcc(8) for a description of DCC white and
blacklists. Because the contents of the whiteclnt file are used
frequently, a companion file is automatically created and
maintained. It has the same pathname but with an added suffix of
.dccw and contains a memory mapped hash table of the main file.
A local whitelist entry ("OK") or two or more semi-white listings
("OK2") for one of the message’s checksums prevents all of the
message’s checksums from being reported to the DCC server and the
addition of a X-DCC header line by dccifd (except for env_To
checksums or when -W is used). A local whitelist entry for a
checksum also prevents rejecting the message based on DCC recipient
counts as specified by -t. Otherwise, one or more checksums with
blacklisting entries ("MANY") cause all of the message’s checksums
to be reported to the server with an addressee count of "MANY".
If the message has a single recipient, an env_To local whiteclnt
entry of "OK" for the checksum of its recipient address acts like
any other whiteclnt entry of "OK." When the SMTP message has more
than one recipient, the effects can be complicated. When a message
has several recipients with some but not all listed in the whiteclnt
file, dccifd tries comply with the wishes of the users who want
filtering as well as those who don’t by silently not delivering the
message to those who want filtering (i.e. are not whitelisted) and
delivering the message to don’t want filtering.
Consider the -W option for implicitly or by default whitelisting
enables private whitelists and log files. Each target of a message
can have a directory of log files named userdirs/addr/log where addr
is the local user or mailbox name computed by the MTA. The name of
each user’s log directory must be log. If it is not absolute,
userdirs is relative to the DCC home directory. The sub-directory
prefixes for -l logdir are not honored. The directory containing
the log files must be named log and it must be writable by the
dccifd process. Each log directory must exist or logging for the
corresponding is silently disabled. The files created in the log
directory are owned by the UID of the dccifd process, but they have
group and other read and write permissions copied from the
corresponding log directory. To ensure the privacy of mail, it may
be good to make the directories readable only by owner and group,
and to use a cron script that changes the owner of each file to
match the grandparent addr directory.
There can also be a whitelist named userdirs/addr/whiteclnt for each
address addr. The name of the file must be whiteclnt. Any checksum
that is not white- or blacklisted by an individual addressee’s
whitelist is checked in the -w -whiteclnt list. A missing per-
address whiteclnt file is the same as an empty file. Relative paths
for whitelists included in per-address files are resolved in the DCC
home directory. The whiteclnt files and the addr directories
containing them must be writable by the dccifd process.
-a IGNORE | REJECT
specifies the action taken when dccifd is in proxy mode with -o and
the DCC server counts or -t thresholds say that a message is
unsolicited bulk. IGNORE causes the message to be unaffected except
for adding the X-DCC header line to the message. This turns off DCC
Spam can also be REJECTed. The default is REJECT.
With an action of REJECT, spam sent to both white-listed targets and
non-white-listed targets is delivered to white-listed targets and if
possible, silently discarded for non-white-listed targets. This is
not possible if there are too many non-white-listed targets to be
saved in a buffer of about 500 bytes.
The effects of the -w whiteclnt are not affected by -a.
sets logging and "spam" thresholds for checksum type. The checksum
types are IP, env_From, From, Message-ID, Received, Body, Fuz1, and
Fuz2. The string ALL sets thresholds for all types, but is unlikely
to be useful except for setting logging thresholds. The string CMN
specifies the commonly used checksums Body, Fuz1, and Fuz2.
Rej-thold and log-thold must be numbers, the string NEVER, or the
string MANY indicating millions of targets. Counts from the DCC
server as large as the threshold for any single type are taken as
sufficient evidence that the message should be logged or rejected.
Log-thold is the threshold at which messages are logged. It can be
handy to log messages at a lower threshold to find solicited bulk
mail sources such as mailing lists. If no logging threshold is set,
only rejected mail and messages with complicated combinations of
white and blacklisting are logged. Messages that reach at least one
of their rejection thresholds are logged regardless of logging
Rej-thold is the threshold at which messages are considered "bulk,"
and so should be rejected if not whitelisted.
The checksums of locally whitelisted messages are not checked with
the DCC server and so only the number of targets of the current
instance of a whitelisted message are compared against the
The default is -t ALL,NEVER, so that nothing is rejected or logged.
A common choice is -t CMN,25,50 to reject mail with common bodies
except as overridden by the whitelist of the DCC server and local
-g, and -w.
indicates that whitelisted, OK or OK2, counts from the DCC server
for a type of checksum are to be believed. They should be ignored
if prefixed with not-. Type is one of the same set of strings as
for -t. Only IP, env_From, and From are likely choices. By default
all three are honored, and hence the need for not-.
adds to the list of substitute or locally chosen headers that are
checked with the -w whiteclnt file and sent to the DCC server. The
checksum of the last header of type hdr found in the message is
checked. Hdr can be HELO to specify the SMTP envelope HELO value.
Hdr can also be mail_host to specify the host name from the
Mail_from value in the SMTP envelope. As many as 6 different
substitute headers can be specified, but only the checksum of the
first of the 6 will be sent to the DCC server.
specifies a directory in which files containing copies of messages
processed by dccifd are kept. All messages logged are copied to the
-l logdir directory. They can also be copied to per-user
directories specified with -U. Information about other recipients
of a message is deleted from the per-user copies.
If logdir starts with D?, log files are put into subdirectories of
the form logdir/JJJ where JJJ is the current julian day. H?logdir
puts logs files into subdirectories of the form logdir/JJJ/HH where
HH is the current hour. M?logdir puts log files into subdirectories
of the form logdir/JJJ/HH/MM where MM is the current minute. See
the FILES section below concerning the contents of the files.
The directory is relative to the DCC home directory if it is not
specifies the "run" directory where the UNIX domain socket and file
containing the daemon’s process ID are stored. The default value is
changes the default directory for temporary files from the default.
The default is the directory specified with -l or the system default
if there -l is not used. The system default is often /tmp.
specifies a host name by which the system is known. There can be
several -D settings.
To find the per-user log directory and whitelist for each mail
recipient, dccifd must know each recipient’s user name. The default
ASCII protocol includes an optional user name with each recipient
SMTP address. When that user name is absent or when the subset of
ESMTP enabled with -o is used, each mail address is checked against
the list of -D local-domains. If there is at least one match, the
part of the recipient address remaining after matching the longest
local-domain is taken as the user name. The matching is anchored at
the right or the end of the recipient address. It must start at a
period (.) or at-sign (@) in the domain name part of the address.
specifies the rejection message for unsolicited bulk mail or for
mail temporarily blocked by greylisting when -G is specified. The
first rejection-msg replaces the default bulk mail rejection
message, "5.7.1 550 mail %s from %s rejected by DCC" The second
replaces "4.2.1 452 mail %s from %s greylist temporary embargoed".
There can be zero, one, or two "%s" strings. The first is replaced
an empty string and the second is replaced by the IP address of the
A common alternate for the bulk mail rejection message is "4.7.1 451
Access denied by DCC" to tell the sender to continue trying. Use a
4yz response with caution, because it is likely to delay for days a
delivery failure message for false positives. If the bulk mail
rejection message does not start with a recognized error type and
number, type 5.7.1 and 550 or 4.2.1 and 452 are used.
limits the number of simultaneous requests that will be processed.
The default value is the maximum number that seems to be possible
given the number of open files, select() bit masks, and so forth
that are available.
enables DNS blacklist checks of the SMTP client IP address, SMTP
envelope Mail_From sender domain name, and of host names in URLs in
the message body. Body URL blacklisting has far too many false
positives to use on abuse mailboxes. It is less effective than
greylisting with dccm(8) or dccifd(8) but can be useful in
situations where greylisting cannot be used.
Dnsbl-option is either of the form set:option or of the form
domain[,IPaddr[,bltype]]. Domain is a DNS blacklist domain such as
example.com that will be searched. IPaddr is the IP address in the
DNS blacklist that indicates that the mail message is spam.
127.0.0.1 is assumed if IPaddr is absent. IPv6 addresses can be
specified with the usual colon (:) notation. Names can be used
instead of numeric addresses. The type of DNS blacklist is
specified by bltype as name, IPv4, or IPv6. Given an envelope
sender domain name or a domain name in a URL of spam.domain.org and
a blacklist of type name, spam.domain.org.example.com will be tried.
Blacklist types of IPv4 and IPv6 require that the domain name in a
URL be resolved into an IPv4 or IPv6 address. The address is then
written as a reversed string of decimal octets to check the DNS
blacklist, as in 220.127.116.11.example.com,
More than one blacklist can be specified. They are searched in
order. All searching is stopped at the first positive result.
Positive results are ignored after being logged unless an option
DNSBL-on line appears in the global or per-user whiteclnt file.
-B set:debug sends more messages about all DNS resolutions to the
-B set:msg-secs=S limits dccifd to S seconds total for checking all
DNS blacklists. The default is 20.
-B set:URL-secs=S limits dccifd to at most S seconds resolving and
checking any single URL. The default is 5. Some spam contains
dozens of URLs and that some "spamvertised" URLs contain host names
that need minutes to resolve. Busy mail systems cannot afford to
spend minutes checking each incoming mail message. In order to use
typical single-threaded DNS resolver libraries, dccm(8) and
dccifd(8) use fleets of helper processes.
-B set:no-envelope says that SMTP client IP addresses and sender
Mail_From domain names should not be checked in the following
blacklists. -B set:envelope restores the default for subsequently
-B set:no-body says that URLs in the message body should not be
checked in the in the following blacklists. -B set:body restores
the default for later blacklists.
-B set:no-MX says MX servers of sender Mail_From domain names and
host names in URLs should not be checked in the following
blacklists. -B set:MX restores the default.
specifies how messages should be logged. Ltype must be error or
info to indicate which of the two types of messages are being
controlled. Level must be a syslog(3) level among EMERG, ALERT,
CRIT, ERR, WARNING, NOTICE, INFO, and DEBUG. Facility must be among
AUTH, AUTHPRIV, CRON, DAEMON, FTP, KERN, LPR, MAIL, NEWS, USER,
UUCP, and LOCAL0 through LOCAL7. The default is equivalent to
-L info,MAIL.NOTICE -L error,MAIL.ERR
dccifd normally sends counts of mail rejected and so forth the system log
at midnight. The SIGUSR1 signal sends an immediate report to the system
log. The reports will be repeated every 24 hours at the same minute as
the signal instead of at midnight.
Dccifd uses a simple ASCII protocol to receive mail messages to be
checked and to return results. For each message, the MTA must open a
connection to the interface daemon, send options, envelope recipients,
and the message, receive the results, and close the connection.
Instead of the ASCII protocol, a subset of ESMTP is enabled by -o. Only
the familiar HELO, EHLO, Mail, Rcpt, DATA, RSET, and QUIT commands and
the Postfix extensions XFORWARD and XCLIENT are honored. Since SMTP has
no provisions for user names, the protocol enabled by -o depends on a
list of local domain names specified with -D to find per-user log
directories and whitelist files. If neither XFORWARD nor XCLIENT are
used, dccifd uses the IP address of the MTA and the value of the HELO
In the ASCII protocol, each of the following lines are sent in order to
dccifd. Each ends with a newline (’\n’) character.
options zero or more blank-separated strings among:
spam the message is already known to be spam
body return all of the headers with the added
X-DCC header line and the body
header return the X-DCC header
query ask the DCC server about the message without
reporting it as if dccifd were running with
grey-query only query the greylist server for this
message. -G on must be in use.
no-reject suppress the overall, one character line ’R’
result. This can be useful when using dccifd
only for greylisting.
client IP address of the SMTP client in a "dotted" or "coloned"
ASCII string and reverse-DNS host name. If the host name
is present, it must follow a carriage return character
(’\r’) after the IP address. The client IP address must be
present and non-null if the host name is present. If the
client IP address is absent, then the IP address and host
name are taken from the first Received header if it has the
standard "name (name [IP address])..." format.
HELO SMTP HELO value or nothing, followed by a newline
sender or SMTP Mail From command value
recipients or SMTP Rcpt To values followed by corresponding local user
names, one pair to a line. Each optional local user name
is separated from the corresponding recipient address by a
carriage return (’\r’). A local user name can be null if
it is not known. Recipients that lack local user names
will lack per-user log files and will not invoke a per-user
The last recipient-user name pair is followed by an empty line and the
headers and body of the message. The end of the body of the mail message
is signaled by the MTA half-closing the connection. See shutdown(2).
Dccifd responds with three things. First is a one character line of the
overall result advising the MTA to
A accept the message for all recipients and answer the SMTP DATA
command with a 2yz result.
G answer with a 4yz result to embargo the message for greylisting.
R reject the message and answer the DATA command with a 5yz result.
S accept the message for some recipients and so answer the DATA
command with a 2yz result.
T temporary failure by the DCC system and so answer with a 4yz
Second is a line of ’A’, ’G’, and ’R’ characters indicating that the
message should be accepted and delivered or discarded for each
corresponding recipient. Limitations in the SMTP protocol allows only a
single result for the DATA command for all recipients that were not
rejected before body of the message was offered with the DATA command.
To accept the message for some recipients and reject it for others, the
MTA must tell the SMTP client it is accepting the message for all
recipients and then discard it for those that would reject it.
Finally, if the body or header strings are in the first line of options
sent by the MTA to the daemon, then the X-DCC header line or the entire
body with the X-DCC header line follows.
/var/dcc is the DCC home directory in which other files are found.
is a script often used to the daemon.
contains parameters used by the scripts to start DCC daemons
and cron jobs.
logdir is an optional directory specified with -l and containing
marked mail. Each file in the directory contains one
message, at least one of whose checksums reached its -t
thresholds or that is interesting for some other reason.
Each file starts with lines containing the date when the
message was received, the IP address of the SMTP client, and
SMTP envelope values. Those lines are followed by the body
of the SMTP message including its header as it was received.
Only approximately the first 32 KBytes of the body are
recorded unless modified by ./configure
--with-max-log-size=xx The checksums for the message follow
the body. They are followed by lines indicate that one of
the checksums is white- or blacklisted by the -w whiteclnt
file. Each file ends with the X-DCC header line added to the
message and the disposition of the message.
map is the memory mapped file of information concerning DCC
servers in the DCC home directory.
whiteclnt contains the client whitelist in the format described in
is a memory mapped hash table of the whiteclnt file.
dccifd.pid in the -R rundir directory contains daemon’s process ID.
cdcc(8), dbclean(8), dcc(8), dccd(8), dblist(8), dccm(8), dccproc(8),
Implementation of dccifd was started at Rhyolite Software in 2002. This
describes version 1.2.74.
dccifd uses -t where dccproc(8) uses -c.
Systems without setrlimit(2) and getrlimit(2) can have problems with the
default limit on the number of simultaneous jobs, the value of -j. Every
job requires four open files. These problems are usually seen with
errors messages that say something like
dccifd: DCC: accept() returned invalid socket
A fix is to use a smaller value for -j or to allow dccifd to open more