Postfix/DCC

The Distributed Checksum Clearinghouses (or DCC) is an anti-spam content filter based upon the exchange between mail servers of fuzzy checksums identifying message content and the number of such messages received. The checksums are constant across common variations in bulk messages, including "personalizations." The official project website is at rhyolite.com/dcc/.

DCC detects bulk mail. It cannot distinguish between solicited and unsolicited bulk mail. This is the biggest drawback to DCC, and the main mitigation is manual whitelisting.

Background
The idea of DCC is that if mail recipients could compare the mail they receive, they could recognize unsolicited bulk mail. A DCC server totals reports of checksums of messages from clients and answers queries about the total counts for checksums of mail messages. A DCC client reports the checksums for a mail message to a server and is told the total number of recipients of mail with each checksum. If one of the totals is higher than a threshold set by the client and according to local whitelists the message is unsolicited, the DCC client can log, discard, or reject the message.

Because simplistic checksums of spam would not be effective, the main DCC checksums are fuzzy and ignore aspects of messages. The fuzzy checksums are changed as spam evolves. Since DCC started being used in late 2000, the fuzzy checksums have been modified several times.

Normal users only run the client.

DCC traffic is DNS-like but appears on UDP port 6276 (greylisting traffic) and 6277 (normal DCC traffic). Inbound and outbound firewall rules should be set to allow this traffic.

Installation
First, you probably do not want to enable  support for DCC, so disable that   flag as follows.

Next, emerge the package. This should not pull in the  library.

Because the ebuild currently installs everything to run as  we are going to do some permissions cleanup.

Client only (normal scenario)
The most important binaries installed by the package are  (Control Distributed Checksum Clearinghouse) and   (Distributed Checksum Clearinghouse Interface Daemon), which is the preferred interface between postfix and DCC.

We want to add  as a Before-Queue Content Filter.

First, verify that  in the   file.

Next, we explicitly specify paths to the sockets that the daemon will create and use to communicate. For more information on this, see.

Next, add the following values to.

Server (only if you run a big mailserver)
Before continuing, see Do I need to run a server? in the DCC FAQ. Probably not.

The server binary is called. Please contribute documentation regarding configuration here. At a guess, probably the process is basically as follows.

It will now be necessary to connect postfix to the DCC server in some DCC-server specific way, please refer to the DCC documentation for this. There is a start within the server section of. Finally...

Deployment
To make your changes take effect, reload the postfix configuration.