July 26th, 2004, 01:28
So I'm setting up a mail server and I seem to be having a probem getting DCC working. I've looked at everything I can think of but dccproc just isn;t working. I've posted the relevant configs below.


rewrite_subject 1
report_safe 0
use_terse_report 0
use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
skip_rbl_checks 1
razor_config /var/amavis/.razor/razor-agent.conf
use_razor2 1
use_dcc 1
dcc_timeout 10
dcc_path /usr/local/bin/dccproc
dcc_home /usr/local/dcc
use_pyzor 0
dcc_add_header 1
dns_available yes
header LOCAL_RCVD Received =~ /\S+\.angelica\.com\s+\(.*\[.*\]\)/
describe LOCAL_RCVD Received from local machine
#store LOCAL_RCVD -50
## Optional Score Increases
score DCC_CHECK 1.000
score RAZOR2_CHECK 1.000
score BAYES_99 2.500
score BAYES_90 2.000
score BAYES_80 1.500


$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_auto_whitelist = 1; # turn on AWL in SA (default: false)
$sa_tag_level_deflt = 0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.50; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 4.50; # triggers spam evasive actions
$sa_dsn_cutoff_level = 5.50; # spam level beyond which a DSN is not sent,


unix - - n - 6 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restrictions_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=


#! /bin/sh

# set parameters for DCC start and cron scripts

# from Rhyolite Software DCC 1.2.48-1.38 $Revision$

# don't set DCC_HOMEDIR since if we got here, it must be set

# DCC user name

# DCC server-IDs must be globally unique.
# BRAND can be any short alphanumeric string that hints about the identity
# of the server.
# used to start dccd
# A value for `dccd -t` computed from DCCM_REJECT_AT is assumed to set
# default flooding threshold.

# Client greylist parameters such as 'on' or 'noIP'
# GREY_CLIENT_ARGS sets `dccm -G` and `dccifd -G` value
# and turns on the local greylist server unless GREY_ENABLE=off
# turns local greylist server 'on' or 'off', but does not effect dccm, dccifd

# GREY_SRVR_ID DCC server-IDs must be globally unique, but greylisting dccd
# servers are usually isolated. If you have more than one greylist server,
# ensure that they use distinct server-IDs and that they flood each other
# with entries in /var/dcc/flod
# used to start dccd for grey listing; see also GREY_ENABLE

# used to start dccm
# a common value is
# DCCM_ARGS="-SHELO -Smail_host -SSender -SList-ID"
# set DCCM_LOG_AT to a number that determines "bulk mail" for your situation.
# 50 is a typical value.
# Leave DCCM_REJECT_AT blank until you are confident that most sourced of
# solicited bulk mail have been white-listed. Then set it to the number
# that defines "bulk mail" for your site. Note that this rejection
# or "bulk" threshold does not affect the blacklisting effects of the
# DCCM_WHITECLNT white list file.
# Add '-aIGNORE' to DCCM_ARGS to ignore the bulkiness of mail except to
# add X-DCC headers.
# override basic list of DCC server checksums controlling rejections or logging
# additional DCC server checksums worthy of rejections or logging

# used to start dccifd
# a common value is
# DCCIFD_ARGS="-SHELO -Smail_host -SSender -SList-ID"
# override basic list of checksums controlling rejections or logging
# additional DCC server checksums worthy of rejections or logging

# days to keep files in DCC log directories
# used to start dbclean, including -e and -E

# optionally set to something like "local5" or "local5.notice" for
# dccd, dbclean, and dccm

# ensure that the log facilities include levels and that $DCC_LOGGER
# has a default.
if test ! -z "$DCC_INFO_LOG_FACILITY"; then
if expr "X$DCC_INFO_LOG_FACILITY" : 'X.*\..*' >/dev/null; then
if test -z "$DCC_ERROR_LOG_FACILITY"; then
if expr "X$DCC_ERROR_LOG_FACILITY" : 'X.*\..*' >/dev/null; then
DCC_LOGGER="logger -s -p ${DCC_ERROR_LOG_FACILITY-mail.err} -t DCC"

Everything runs as user vscan, all files are owned by vscan. This is not running in a chroot. In addition, if I run this:

cat /var/mail/elmore | spamassassin -D

I get the following output:

debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-SINECTIS-Metrics: atsgate.angelica.com 1114; Body=2 Fuz1=5 Fuz2=2
debug: leaving helper-app run mode
debug: all '*From' addrs: elmore@mail2.angelica.com
debug: all '*To' addrs: root@mail2.angelica.com elmore@mail2.angelica.com
debug: dns_available set to yes in config file, skipping test
debug: is Net::DNS::Resolver available? yes
debug: DNS MX records found: 0
debug: DNS A records found: 1
debug: running meta tests; score so far=8.234
debug: auto-learn? ham=0.1, spam=12, body-hits=7.234, head-hits=1
debug: auto-learn: currently using scoreset 3. recomputing score based on scoreset 1.
debug: Score set 1 chosen.
debug: auto-learn: original score: 8.234, recomputed score: 8.107
debug: Score set 3 chosen.
debug: auto-learn? no: inside auto-learn thresholds
debug: is spam? score=8.235 required=5 tests=BAYES_50,BIZ_TLD,BZ_TLD,LOCAL_RCVD,TRACKER_I D
From elmore@mail2.angelica.com Sat Jul 24 09:53:19 2004
Return-Path: <elmore@mail2.angelica.com>
X-Original-To: root@mail2.angelica.com
Delivered-To: elmore@mail2.angelica.com
Received: from localhost (localhost [])
by mail2.angelica.com (Postfix) with ESMTP id 34A615D44
for <root@mail2.angelica.com>; Sat, 24 Jul 2004 09:53:19 -0400 (EDT)
Received: from mail2.angelica.com ([])
by localhost (atsgate.angelica.com []) (amavisd-new, port 10024)
with ESMTP id 36568-03 for <root@mail2.angelica.com>;
Sat, 24 Jul 2004 09:53:18 -0400 (EDT)
Received: by mail2.angelica.com (Postfix, from userid 1002)
id B5C845D43; Sat, 24 Jul 2004 09:53:18 -0400 (EDT)
To: root@mail2.angelica.com
Subject: *****SPAM***** Mail Stats
Message-Id: <20040724135318.B5C845D43@mail2.angelica.com>
Date: Sat, 24 Jul 2004 09:53:18 -0400 (EDT)
From: elmore@mail2.angelica.com (elmore)
X-Virus-Scanned: by amavis at angelica.com
Status: OR
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on atsgate.angelica.com
X-Spam-DCC: SINECTIS: atsgate.angelica.com 1114; Body=2 Fuz1=5 Fuz2=2
* 1.0 LOCAL_RCVD Received from local machine
* 3.8 TRACKER_ID BODY: Incorporates a tracking ID number
* 0.0 BAYES_50 BODY: Bayesian spam probability is 50 to 56%
* [score: 0.5001]
* 0.1 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
* 3.4 BZ_TLD URI: Contains a URL in the BZ top-level domain
X-Spam-Status: Yes, hits=8.2 required=5.0 tests=BAYES_50,BIZ_TLD,BZ_TLD,
LOCAL_RCVD,TRACKER_ID autolearn=no version=2.63
X-Spam-Level: ********

Running manually dcc runs fine. ANyone have any ideas why when amavis-new calls spamassassin it doesn;t run dcc?

On a side note, anyone here running dspam? It looks intriguing. Krusty pointed it out to me today on the phone. I'm wondering if it's really as good as it claims. If it is I'm wondering if I should just scrap dcc, vipuls and SA. Anyone have thoughts on this?


September 29th, 2004, 14:30
Hey elmore.

Couple things here. I am working on a personal mail server to server family and friends. There are a few things I want to use:


I am very intrigued by dspam. It looks very promissing.
The other thing im trying to figure out is what type of AV I should use (probably clamav) in conjunction with what other software. I see you are using amavisd, which is one I have considered.

Anyway, was just curious how you like amavisd and if you would recommend it?

I'll be looking at dspam here over the next couple of weeks and would be happy to share what I have found.



September 29th, 2004, 19:08
I've tested dspam and while Jonathon's code is brilliant it is a little bit of a pain to integrate with postfix (at least IMHO) plus it doesn;t make calls to other software(s) dcc razor SA etc. very easily. Of course the claim is that you don't need to run those and that in fact running them can be counter-productive with dspam.

I was impressed with initial results though I'm more intrigued with Spam Assassin 3.0 at this point and will most likely stick with that route. In addition Amavisd-new will make all calls to Spam Assassin, DCC, Vipuls etc. and then pass on to your av engine. The framwork is really very robust these days.

September 30th, 2004, 10:35
I looked at dspam in the past but wasn't to impressed with the way it's implemented. I'd still stick with the amavis/SA/DCC/razor combo.

Anyway... your dcc lookups are working elmore:

debug: DCC: got response: X-DCC-SINECTIS-Metrics: atsgate.angelica.com 1114; Body=2 Fuz1=5 Fuz2=2

You looked up the checksums on dcc server 1114. If you do cdcc info from your dcc client box you'll see something like this:

pinky# cdcc info
# 09/30/04 10:17:47 EDT /var/dcc/map
# Re-resolve names after 12:13:55 Check RTTs after 10:28:56
# 209.35 ms threshold, 209.35 ms average 12 total, 11 working servers
IPv6 off

dcc1.dcc-servers.net,- RTT+0 ms anon
#,- dcc.uncw.edu ID 1201
# 88% of 32 requests ok 436.57+0 ms RTT 103 ms queue wait
#,- NIET ID 1080
# 100% of 32 requests ok 426.70+0 ms RTT 171 ms queue wait
#,- SINECTIS ID 1114
# 88% of 32 requests ok 2270.48+0 ms RTT 102 ms queue wait

You can see the SINECTIS ID 1114, that's the server you looked up your hash on.

dccproc is working just fine. DCC looked for dccifd first because it's more efficient, couldn't find it so it used dccproc.

Anyway, you then have the X header added to your email confirming it. What I don't see listed is the DCC_CHECK but that may be in your maillog. Turn up the debugging and you should see very verbose entries in the maillog like this:

Sep 29 14:25:45 pinky amavis[5707]: (05707-02) spam_scan: hits=13.328 tests=AS_SEEN_ON,DCC_CHECK,RCVD_IN_BL_SPAMCOP_NET, RCVD_

September 30th, 2004, 12:07
yeah this thread is fairly old, I just had a typo in one of the conf files and needed to turn up the logging verbosity a bit in amavis.. Thanks.

October 7th, 2004, 22:47
the conffile above has been corrected just in case any needs to know.

October 25th, 2004, 00:15
So what does this gateway accomplish? I am trying to find out some info on an OpenBSD smtp gateway and its benefits, setup, etc... Any info would be appreciated.