Vernon Schryver wrote:
From: Daniel Gehriger
I had to go back to dcc 1.3.45 to fix my problem. Simply replacing the
binaries fixes everything.
How do you build dccifd? Do you specify any compiler options?
Only ./configure --with-uid=vscan
I found another problem, btw: in 1.3.51 and 1.3.52, specifying
-Bsbl-xbl.spamhaus.org,any
results in a message
"DNSBL name "sbl-xbl.spamhaus.org,any" too long".
The workaround is to use
-Bsbl.spamhaus.org,any -Bxbl.spamhaus.org,any
Something is odd there, and not just because I use sbl-xbl.spamhaus.org,any
on more than one system or because I cannot reproduce what should be
an obvious problem with 1.3.52.
For that "too long" complaint to appear, the size of the
"sbl-xbl.spamhaus.org" string plus the worst case size of the
probe address in ASCII (e.g. "2.1.168.192") must be greater than 256.
With "any", that worst case is 46, because it might be an IPv6 address.
Could you send the dcc_conf file that causes the "name too long" complaint?
Yep, I was surprised, too. I attached the config file. Note that the
exact same config file doesn't produce the error in 1.3.45.
] From: Daniel Gehriger
] > library. Does it have the "improved" Linux version?
] I have bind 9.2.2:
] Name : bind
] Version : 9.2.2
] Vendor : SuSE Linux AG, Nuernberg, Germany
That looks like it might be Linux Improved instead of the real thing.
The standard BIND resolver variables and functions including _res,
res_init(), and dn_expand() are #define'd in the Linux /usr/include/resolv.h
to other things, which is a pain for ./configure scripts.
Today I tried DCC version 2.3.52 on installed-from-scratch-today
SUSE 2.6.11.4-21.2-default.
It seems that the resolver timeout control is not working.
Thank you for your efforts !!
- Daniel
#! /bin/sh
# set parameters for DCC start and cron scripts
# from Rhyolite Software DCC 1.3.51-1.57 $Revision$
DCC_CONF_VERSION=3
# don't set DCC_HOMEDIR since if we got here, it must be set
DCC_LIBEXEC=/var/dcc/libexec
DCC_RUNDIR=/var/run/dcc
# DCC user name
DCCUID=vscan
DCCD_ENABLE=off
# DCC server-IDs must be globally unique.
SRVR_ID=
# BRAND can be any short alphanumeric string that hints about the identity
# of the server.
BRAND=
# args used to start dccd such as -6
DCCD_ARGS=
# GREY_CLIENT_ARGS contains "on", "-GnoIP", etc. to turn on greylisting
# in the dccm and dccifd DCC clients.
# Also turns on the local greylist dccd server unless GREY_ENABLE=off
GREY_CLIENT_ARGS=-GIPmask/24
# GREY_ENABLE turns local greylist server 'on' or 'off',
# but does not effect dccm, dccifd
GREY_ENABLE=on
# GREY_SRVR_ID DCC server-IDs must be globally unique, but greylisting dccd
# servers are usually isolated. If you have more than one greylist server,
# ensure that they use distinct server-IDs and that they flood each other
# with entries in /var/dcc/flod
GREY_SRVR_ID=$SRVR_ID
# Start dccd for grey listing or set server options such as -Gweak-IP.
# See also GREY_ENABLE.
GREY_DCCD_ARGS=
# dccm and dccifd client reputation parameters such as -tREP,20
REP_ARGS="-tREP,10"
# DNS blacklist -B parameters for dccifd and dccm
# For example
DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 mail %s from %s rejected; see
http://www.spamhaus.org/xbl/' -Bsbl-xbl.spamhaus.org,any"
DCCM_ENABLE=off
# used to start dccm
# a common value is
# DCCM_ARGS="-SHELO -Smail_host -SSender -SList-ID"
# Note the use of single quotes in
# DCCM_ARGS="-SHELO '-r5.7.1 550 mail %s from %s rejected with DCC'"
DCCM_ARGS="-SHELO -Smail_host -SSender -SList-ID"
DCCM_LOGDIR=log
DCCM_WHITECLNT=whiteclnt
DCCM_USERDIRS=userdirs
# set DCCM_LOG_AT to a number that determines "bulk mail" for your situation.
# 50 is a typical value.
# Leave DCCM_REJECT_AT blank until you are confident that most sources of
# solicited bulk mail have been white-listed. Then set it to the number
# that defines "bulk mail" for your site. This rejection or "bulk" threshold
# does not affect the blacklisting of the DCCM_WHITECLNT whitelist file.
# Add '-aIGNORE' to DCCM_ARGS to ignore the bulkiness of mail except to
# add X-DCC headers.
DCCM_LOG_AT=50
DCCM_REJECT_AT=50
# override basic list of DCC server checksums controlling rejections or logging
DCCM_CKSUMS=
# additional DCC server checksums worthy of rejections or logging
DCCM_XTRA_CKSUMS=
DCCIFD_ENABLE=on
# used to start dccifd
# a common value is
# DCCIFD_ARGS="-SHELO -Smail_host -SSender -SList-ID"
DCCIFD_ARGS="-p 127.0.0.1,10023,127.0.0.1/32 -o 127.0.0.1,10026 -SHELO
-Smail_host -SSender -SList-ID '-r5.7.1 550 Service unavailable; Mail rejected
as SPAM' '-r4.2.1 452 Mail temporarily blocked; Please resend in ten minutes'"
DCCIFD_LOGDIR="$DCCM_LOGDIR"
DCCIFD_WHITECLNT="$DCCM_WHITECLNT"
DCCIFD_USERDIRS="$DCCM_USERDIRS"
DCCIFD_LOG_AT="$DCCM_LOG_AT"
DCCIFD_REJECT_AT="$DCCM_REJECT_AT"
# override basic list of checksums controlling rejections or logging
DCCIFD_CKSUMS="$DCCM_CKSUMS"
# additional DCC server checksums worthy of rejections or logging
DCCIFD_XTRA_CKSUMS="$DCCM_XTRA_CKSUMS"
# days to keep files in DCC log directories
DBCLEAN_LOGDAYS=2
# used to start dbclean, including -e and -E
DBCLEAN_ARGS=
# optionally set to something like "local5" or "local5.notice" for
# dccd, dbclean, and dccm
DCC_INFO_LOG_FACILITY=
DCC_ERROR_LOG_FACILITY=
# ensure that the log facilities include levels and that $DCC_LOGGER
# has a default.
if test -n "$DCC_INFO_LOG_FACILITY"; then
if expr "X$DCC_INFO_LOG_FACILITY" : 'X.*\..*' >/dev/null; then
:
else
DCC_INFO_LOG_FACILITY="$DCC_INFO_LOG_FACILITY.notice"
fi
DCC_LOG_ARGS="$DCC_LOG_ARGS -Linfo,$DCC_INFO_LOG_FACILITY"
fi
if test -z "$DCC_ERROR_LOG_FACILITY"; then
# for $DCC_LOGGER
DCC_ERROR_LOG_FACILITY=mail.err
else
if expr "X$DCC_ERROR_LOG_FACILITY" : 'X.*\..*' >/dev/null; then
:
else
DCC_ERROR_LOG_FACILITY="$DCC_ERROR_LOG_FACILITY.err"
fi
DCC_LOG_ARGS="$DCC_LOG_ARGS -Lerror,$DCC_ERROR_LOG_FACILITY"
fi
DCC_LOGGER="logger -s -p ${DCC_ERROR_LOG_FACILITY-mail.err} -t
${LOGGER_TAG-DCC}"
# do not change the following lines which capture ./configure values
# for make-dcc_conf
Configure_DCC_LIBEXEC=/var/dcc/libexec
Configure_DCC_RUNDIR=/var/run/dcc
Configure_DCCUID=vscan
Configure_DCC_LOGGER="logger -s -p ${DCC_ERROR_LOG_FACILITY-mail.err} -t
${LOGGER_TAG-DCC}"
