[SAtalk] [PATCH] DCC Support for SA

Sun, 28 Apr 2002 08:09:06 -0700 

Hi,

attached is a patch which adds support for the Distributed Checksum Clearinghouse 
(DCC) System to spamassassin. As discussed earlier on this list, DCC is a system 
similar to Razor, which supports fuzzy checksums.

Please note: I did some tests with the patch and it *appears* to work. But I never 
trust things I hacked in only one afternoon, so it would be nice if some of you could 
test it. When you run spamassassin with the -D option, you'll get some useful debug 
information.

The installation of DCC itself is quite easy:
1. Get http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z
2. tar xfvz, ./configure, make, make install
3. As root:
     # cdcc 'new map'
     # cdcc 'add dcc.rhyolite.com'
     # cdcc 'info'
   The last command should report something like that:
        # 04/28/02 16:53:08 CEST  /var/dcc/map
        # Will re-resolve names after 17:30:51
        #  117.31 ms chosen delay  4 total addresses  2 working
        IPv6 off

        dcc.rhyolite.com,-         anon
        #   192.188.61.3,-         calcite.rhyolite.com      
        #      not answering
        # * 195.74.212.70,-                                   wanadoo-be        # 
server-ID 1016
        #     100% of  5 requests ok  116.67 ms RTT              0 ms           # 
queue wait
        #   207.8.219.218,-        irc-ssl.sackheads.org      sackHeads          # 
server-ID 1012
        #      50% of  2 requests ok  191.22 ms RTT              3 ms           # 
queue wait
        #   216.158.54.132,-       dcc.etherboy.com          
        #      not answering
4. Add the following two rules to your 
   /usr/share/spamassassin/20_body_tests.cf:
        full DCC_CHECK          eval:check_dcc()
        describe DCC_CHECK          Listed in DCC, see
        http://www.rhyolite.com/anti-spam/dcc/dcc-tree/dcc.html
5. Add a score for the DCC_CHECK to your user_prefs or 50_scores.cf
   file:
        score DCC_CHECK         2.0

   That's it. DCC checking should work now.

However, I see some problems with DCC:
* The DCC client reports the checksum *by default*. That means nearly   
  every mail that is distributed via one of the big mailinglist gets a
  very high count in DCC (i.e. MANY).
  That is why I added the config options 'dcc_body_max', 'dcc_fuz1_max'    and 
'dcc_fuz2_max'. See the Mail::SpamAssassin::Conf man page for a
  description.
  I disabled this auto-reporting feature of DCC for SpamAssassin by
  default.

* The DCC client is setuid-root by default, because they're doing some  
  mmap() trick with the /var/dcc/map file. I don't think this is 
  neccessary and hope this will be made optional in a future version  
  (?).

cu,
tobias 
tvk@IRCNet
--
..deSecure Digital Security
www.desecure.de

Attachment: DCC-SpamAssassin-Patch-0.1.diff
Description: Binary data

Reply via email to