DCC

• DCC is not installed by default because of licensing restrictions but is still hightly recommended. Before enabling this plugin, make sure to review the DCC license terms on the DCC website.
• DCC requires that port 6277 UDP OUT be opened if you are using a firewall.
• DCC detects if a message is bulk mail only. It does not determine if the message itself is spam.

The DCC or Distributed Checksum Clearinghouse is a system of servers collecting and counting checksums of millions of mail messages. The counts can be used by SpamAssassin to detect and reject or filter spam. Because simplistic checksums of spam can be easily defeated, the main DCC checksums are fuzzy and ignore aspects of messages. The fuzzy checksums are changed as spam evolves. You can view the DCC changelog here.

Install

If you previously compiled DCC we recommend compiling it again using the amavis user instead of the old popuser. This allows admins to set more strict permissions on the DCC socket.

// RHEL / Centos / CloudLinux / AlmaLinux
yum install gcc make

// Debian / Ubuntu
apt-get install gcc make

wget https://www.dcc-servers.net/dcc/source/dcc.tar.Z
tar xzvf dcc.tar.Z
cd dcc-*
./configure --disable-dccm --bindir=/usr/bin --libexecdir=/usr/libexec/dcc --homedir=/var/lib/dcc -with-uid=amavis
make
make install

// update the DCC server list
cdcc rtt

// AlmaLinux/RHEL/RockyLinux - Apply selinux security labels to new files
restorecon -Rv /usr/bin/cdcc
restorecon -Rv /usr/bin/dcc*
restorecon -Rv /var/lib/dcc/
restorecon -Rv /usr/libexec/dcc/

// Test the DCC Servers
cdcc info

Enable the DCC Interface Daemon

Using the DCC interface deamon (dccifd) is recommended because it provdes quicker DCC checks compared to calling the DCC binary. Amavis will try to connect the deamon socket located at /var/lib/dcc/dccifd first then fall back to using the DCC binary /usr/bin/dccproc.

To enable the DCC interface deamon create the systemd unit file /usr/lib/systemd/system/dccifd.service with the following:

[Unit]
Description=DCC (Distributed Checksum Clearinghouses) interface daemon
After=network.target

[Service]
Type=forking
PermissionsStartOnly=true
RuntimeDirectory=dcc
ExecStart=/usr/libexec/dcc/rcDCC start
ExecStop=/usr/libexec/dcc/rcDCC stop
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=null
StandardError=null
Restart=always
User=amavis 
Group=amavis
Nice=1

[Install]
WantedBy=multi-user.target

Enable the DCC Interface Daemon Service

systemctl enable --now dccifd.service

Viewing the DCC Interface Daemon Status

You can view the deamon status with the command systemctl status dccifd.service

# systemctl status dccifd.service
● dccifd.service - DCC (Distributed Checksum Clearinghouses) interface daemon
     Loaded: loaded (/lib/systemd/system/dccifd.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-06-19 04:55:29 MDT; 2min 17s ago
    Process: 2224364 ExecStart=/usr/libexec/dcc/rcDCC start (code=exited, status=0/SUCCESS)
   Main PID: 2224411 (dccifd)
      Tasks: 4 (limit: 4407)
     Memory: 1.9M
        CPU: 63ms
     CGroup: /system.slice/dccifd.service
             ├─2224411 /usr/libexec/dcc/dccifd -tREP,20 -tCMN,5, "-lD?log" -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
             └─2224412 /usr/libexec/dcc/dccifd -tREP,20 -tCMN,5, "-lD?log" -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID

Jun 19 04:55:29 web0.danami.com systemd[1]: Starting DCC (Distributed Checksum Clearinghouses) interface daemon...
Jun 19 04:55:29 web0.danami.com systemd[1]: Started DCC (Distributed Checksum Clearinghouses) interface daemon.
Jun 19 04:55:29 web0.danami.com dccifd[2224412]: 2.3.169 listening to /var/lib/dcc/dccifd for ASCII protocol

Enable the DCC Spamassassin plugin

Login to Plesk and go to Warden Anti-spam and Virus Protection -> Settings -> Plugin Settings -> Check DCC then save. You should see DCC Server running under the Services widget on the Warden Dashboard. You can see DCC rules being triggered under the Warden -> Logs -> Press the plus icon next to a log entry. You should see DCC_CHECK and DCC_REPUT_ rules in the Tests: line.

Tests

Area Test name Description Default scores
full DCC_CHECK Listed in DCC (https://rhyolite.com/dcc/) 0 1.1 0 1.1
full DCC_REPUT_00_12 DCC reputation between 0 and 12 % (mostly ham) 0 -0.8 0 -0.4
full DCC_REPUT_13_19 DCC reputation between 13 and 19 % 0 -0.1 0 -0.1
full DCC_REPUT_70_89 DCC reputation between 70 and 89 % 0 0.1 0 0.1
full DCC_REPUT_90_94 DCC reputation between 90 and 94 % 0 0.4 0 0.6
full DCC_REPUT_95_98 DCC reputation between 95 and 98 % (mostly spam) 0 0.7 0 1.0
full DCC_REPUT_99_100 DCC reputation between 99 % or higher (spam) 0 1.2 0 1.4

Related Pages