• DCC is not installed by default because of licensing restrictions but is still hightly recommended. Before enabling this plugin, make sure to review the DCC license terms on the DCC website.
• DCC requires that port 6277 UDP OUT be opened if you are using a firewall.
• DCC detects if a message is bulk mail only. It does not determine if the message itself is spam.
The DCC or Distributed Checksum Clearinghouse is a system of servers collecting and counting checksums of millions of mail messages. The counts can be used by SpamAssassin to detect and reject or filter spam. Because simplistic checksums of spam can be easily defeated, the main DCC checksums are fuzzy and ignore aspects of messages. The fuzzy checksums are changed as spam evolves. You can view the DCC changelog here.
If you previously compiled DCC we recommend compiling it again using the
amavisuser instead of the oldpopuser. This allows admins to set more strict permissions on the DCC socket.
// RHEL / Centos / CloudLinux / AlmaLinux
yum install gcc make
// Debian / Ubuntu
apt-get install gcc make
// Important: remove the old dcc directory if you've previously built it with a different user
rm -rf /var/lib/dcc
// download and build dcc
wget https://www.dcc-servers.net/dcc/source/dcc.tar.Z
tar xzvf dcc.tar.Z
cd dcc-*
./configure --disable-dccm --bindir=/usr/bin --libexecdir=/usr/libexec/dcc --homedir=/var/lib/dcc -with-uid=amavis
make
make install
// update the DCC server list
cdcc rtt
// AlmaLinux/RHEL/RockyLinux - Apply selinux security labels to new files
restorecon -Rv /usr/bin/cdcc
restorecon -Rv /usr/bin/dcc*
restorecon -Rv /var/lib/dcc/
restorecon -Rv /usr/libexec/dcc/
// Test the DCC Servers
cdcc infoUsing the DCC interface deamon (dccifd) is recommended because it provdes quicker DCC checks compared to calling the DCC binary. Amavis will try to connect the deamon socket located at
/var/lib/dcc/dccifdfirst then fall back to using the DCC binary/usr/bin/dccproc.
To enable the DCC interface deamon create the systemd unit file /usr/lib/systemd/system/dccifd.service with the following:
[Unit]
Description=DCC (Distributed Checksum Clearinghouses) interface daemon
After=network.target
[Service]
Type=forking
PermissionsStartOnly=true
RuntimeDirectory=dcc
ExecStart=/usr/libexec/dcc/rcDCC start
ExecStop=/usr/libexec/dcc/rcDCC stop
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=null
StandardError=null
Restart=always
User=amavis
Group=amavis
Nice=1
[Install]
WantedBy=multi-user.targetEnable the DCC Interface Daemon Service
systemctl enable --now dccifd.serviceViewing the DCC Interface Daemon Status
You can view the deamon status with the command systemctl status dccifd.service
# systemctl status dccifd.service
● dccifd.service - DCC (Distributed Checksum Clearinghouses) interface daemon
Loaded: loaded (/lib/systemd/system/dccifd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-06-19 04:55:29 MDT; 2min 17s ago
Process: 2224364 ExecStart=/usr/libexec/dcc/rcDCC start (code=exited, status=0/SUCCESS)
Main PID: 2224411 (dccifd)
Tasks: 4 (limit: 4407)
Memory: 1.9M
CPU: 63ms
CGroup: /system.slice/dccifd.service
├─2224411 /usr/libexec/dcc/dccifd -tREP,20 -tCMN,5, "-lD?log" -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
└─2224412 /usr/libexec/dcc/dccifd -tREP,20 -tCMN,5, "-lD?log" -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
Jun 19 04:55:29 web0.danami.com systemd[1]: Starting DCC (Distributed Checksum Clearinghouses) interface daemon...
Jun 19 04:55:29 web0.danami.com systemd[1]: Started DCC (Distributed Checksum Clearinghouses) interface daemon.
Jun 19 04:55:29 web0.danami.com dccifd[2224412]: 2.3.169 listening to /var/lib/dcc/dccifd for ASCII protocolLogin to Plesk and go to Warden Anti-spam and Virus Protection -> Settings -> Plugin Settings -> Check DCC then save. You should see DCC Server running under the Services widget on the Warden Dashboard. You can see DCC rules being triggered under the Warden -> Logs -> Press the plus
icon next to a log entry. You should see DCC_CHECK and DCC_REPUT_ rules in the Tests: line.
| Area | Test name | Description | Default scores |
|---|---|---|---|
| full | DCC_CHECK |
Listed in DCC (https://rhyolite.com/dcc/) | 0 1.1 0 1.1 |
| full | DCC_REPUT_00_12 |
DCC reputation between 0 and 12 % (mostly ham) | 0 -0.8 0 -0.4 |
| full | DCC_REPUT_13_19 |
DCC reputation between 13 and 19 % | 0 -0.1 0 -0.1 |
| full | DCC_REPUT_70_89 |
DCC reputation between 70 and 89 % | 0 0.1 0 0.1 |
| full | DCC_REPUT_90_94 |
DCC reputation between 90 and 94 % | 0 0.4 0 0.6 |
| full | DCC_REPUT_95_98 |
DCC reputation between 95 and 98 % (mostly spam) | 0 0.7 0 1.0 |
| full | DCC_REPUT_99_100 |
DCC reputation between 99 % or higher (spam) | 0 1.2 0 1.4 |