Page 1 of 1

DCC not answering

Posted: 17 Feb 2020 10:59
by arned
Hello,

I have an error with DCC servers not answering.
I have installed eFa 4.0.2 on a fresh centOS 7 with 4 GB RAM.
Using the command "cdcc info" i get the following:

Code: Select all

# 02/17/20 11:42:08 CET  /var/dcc/map
# Re-resolve names after 12:46:21
# 12 total, 0 working servers
# continue not asking DCC server 32 seconds after 1 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

dcc.nova53.net,-            RTT+0 ms    anon
#  173.71.176.215,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-
#      not answering
#  137.208.8.63,-
#      not answering

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  192.84.137.21,-
#      not answering
#  195.20.8.232,-
#      not answering

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  209.169.14.27,-
#      not answering
#  212.223.102.90,-
#      not answering

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  69.171.29.33,-
#      not answering
#  192.135.10.194,-
#      not answering

dcc5.dcc-servers.net,-      RTT+0 ms    anon
# *136.199.199.160,-
#      not answering
#  157.131.0.46,-
#      not answering

################
# 02/17/20 11:42:08 CET  greylist /var/dcc/map
# Re-resolve names after 13:42:08
# 1 total, 0 working servers
# continue not asking greylist server 32 seconds after 1 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering

When i enter the command "tail -f /var/log/maillog" I get this output:

Code: Select all

Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Starting up MailWatch SQL Blacklist
Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Read 0 blacklist entries
Feb 17 11:48:21 cas1 MailScanner[31902]: Config: calling custom init function MailWatchLogging
Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Started MailWatch SQL Logging child
Feb 17 11:48:21 cas1 MailScanner[31902]: Config: calling custom init function SQLWhitelist
Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Starting up MailWatch SQL Whitelist
Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Read 2 whitelist entries
Feb 17 11:48:21 cas1 MailScanner[31902]: Using SpamAssassin results cache
Feb 17 11:48:21 cas1 MailScanner[31902]: Connected to SpamAssassin cache database
Feb 17 11:48:21 cas1 MailScanner[31902]: Enabling SpamAssassin auto-whitelist functionality...
Feb 17 11:48:22 cas1 dccifd[2556]: no working DCC servers @ dcc.nova53.net dcc1.dcc-servers.net ... at 127.0.0.1 173.71.176.215 173.71.176.215 ...
Feb 17 11:48:22 cas1 dccifd[2556]: continue not asking DCC 32 seconds after 1 failures
Feb 17 11:48:26 cas1 MailScanner[31910]: MailScanner Email Processor version 5.2.2 starting...
Feb 17 11:48:26 cas1 MailScanner[31910]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 17 11:48:26 cas1 MailScanner[31910]: Reading configuration file /etc/MailScanner/conf.d/README
Feb 17 11:48:26 cas1 MailScanner[31910]: Read 868 hostnames from the phishing whitelist
Feb 17 11:48:26 cas1 MailScanner[31910]: Read 5807 hostnames from the phishing blacklists
Feb 17 11:48:26 cas1 MailScanner[31910]: Config: calling custom init function SQLBlacklist
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Starting up MailWatch SQL Blacklist
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Read 0 blacklist entries
Feb 17 11:48:26 cas1 MailScanner[31910]: Config: calling custom init function MailWatchLogging
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Started MailWatch SQL Logging child
Feb 17 11:48:26 cas1 MailScanner[31910]: Config: calling custom init function SQLWhitelist
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Starting up MailWatch SQL Whitelist
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Read 2 whitelist entries
Feb 17 11:48:26 cas1 MailScanner[31910]: Using SpamAssassin results cache
Feb 17 11:48:26 cas1 MailScanner[31910]: Connected to SpamAssassin cache database
Feb 17 11:48:26 cas1 MailScanner[31910]: Enabling SpamAssassin auto-whitelist functionality...
Feb 17 11:48:27 cas1 dccifd[2556]: continue not asking DCC 27 seconds after 1 failures

It just keeps on repeating and at a certain point stops retrying.
Does anyone have a solution with this problem?

Thanks in advance!

Re: DCC not answering

Posted: 17 Feb 2020 11:16
by henk
Did you read? viewtopic.php?t=3354

Can be a DNS / Firewall issue

Re: DCC not answering

Posted: 17 Feb 2020 13:54
by arned
Thank you for the quick reply.

Just to be sure i dissabled the firewall so it wouldn't block anything (with no success).
I also checked the dns configuration, i can ping 8.8.8.8 and www.google.com.
However, i can access mailscanner with the set ip-address(192.168.x.x), but can't use the localhost name (hostname.domain.com).
Could this be an issue with the dns configuration?

Re: DCC not answering

Posted: 20 Feb 2020 10:33
by arned
Update: We are 2 interns that are assigned to start up a eFa server in the most recent version so we have little to no experience. :D
After some searching we discovered that the eFa 3.0.0.8 server that is running right now has the same public IP as the eFa server that is deployed.
Could this possibly be the issue? This still doesn't explain why we can't reach the eFa mailscanner with my hostname (possible with IP)

Thanks in advance!

Kind regards, 2 students

Re: DCC not answering

Posted: 20 May 2020 20:49
by TFNcap
I have the same problem, is there any improvement?

up

Re: DCC not answering

Posted: 21 May 2020 09:37
by henk
Hi arned,

You did mention the install of eFa 4.0.2 on a fresh centOS 7 with 4 GB RAM.

Can you explain how you added dcc.nova53.net?

Think about this:
eFa 3.0.0.8 server that is running right now has the same public IP as the eFa server that is deployed.
:doh:

Got the feeling you need to learn some basic things first. :think:

To check your dns:

Code: Select all

ping dcc4.dcc-servers.net

Re: DCC not answering

Posted: 21 May 2020 20:18
by TFNcap
henk wrote: 21 May 2020 09:37 Hi arned,

You did mention the install of eFa 4.0.2 on a fresh centOS 7 with 4 GB RAM.

Can you explain how you added dcc.nova53.net?

Think about this:
eFa 3.0.0.8 server that is running right now has the same public IP as the eFa server that is deployed.
:doh:

Got the feeling you need to learn some basic things first. :think:

To check your dns:

Code: Select all

ping dcc4.dcc-servers.net
maybe you give me an idea :whistle:

Code: Select all

PING dcc1.dcc-servers.net (137.208.8.63) 56(84) bytes of data.
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=1 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=2 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=3 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=4 ttl=48 time=66.4 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=5 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=6 ttl=48 time=66.7 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=7 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=8 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=9 ttl=48 time=66.4 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=10 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=11 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=12 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=13 ttl=48 time=66.5 ms
^C
--- dcc1.dcc-servers.net ping statistics ---
13 packets transmitted, 13 received, 0% packet loss, time 12019ms
rtt min/avg/max/mdev = 66.427/66.553/66.726/0.186 ms
--------------------------------------------------------------------
command : cdcc info

Code: Select all

# 05/21/20 23:11:57 +03  /var/dcc/map
# Re-resolve names after 00:37:01
# 12 total, 0 working servers
# continue not asking DCC server 63 seconds after 2 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-
#      not answering
#  137.208.8.63,-
#      not answering

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  157.131.0.46,-
#      not answering
#  192.84.137.21,-
#      not answering

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  209.169.14.27,-
#      not answering
#  212.223.102.90,-
#      not answering

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  184.23.168.46,-
#      not answering
#  192.135.10.194,-
#      not answering

dcc5.dcc-servers.net,-      RTT+0 ms    anon
#  204.90.71.235,-
#      not answering
# *209.169.14.26,-
#      not answering
#  212.223.15.198,-
#      not answering

################
# 05/21/20 23:11:57 +03  greylist /var/dcc/map
# Re-resolve names after 01:11:23
# 1 total, 0 working servers
# continue not asking greylist server 64 seconds after 2 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering
Can you explain how you added dcc.nova53.net?
I don't have this
eFa 3.0.0.8 server that is running right now has the same public IP as the eFa server that is deployed.
I don't understand what you mean by that :cry:

maybe a necessary information : GreyList OFF i dont use..

what do you think? :snooty:

information
note: I use this
ISO image

It is also possible to install eFa4 from ISO image, this combines CentOS 7 with the install script in one single instance.
You can download the ISO from: https://mirrors.efa-project.org/images/ ... 0/eFa4.iso (1.1GB)(MD5)
4cpu 8gb ram
all updates are done
  • efa
  • webmin
  • yum
I think DCC was working 30 days ago
yum I feel like it's broken after the update
I noticed it wasn't working 10 days ago
this is all i know

Best regards

Re: DCC not answering

Posted: 22 May 2020 22:22
by TFNcap
source: https://support.configserver.com/en/kno ... -front-end
Ensure that the following ports are open in any software or hardware firewalls:

DCC - out-bound UDP port 6277
DCC - out-bound TCP port 587 (for reporting spam)
Razor - out-bound TCP port 2703
I tried from this website : https://www.yougetsignal.com/tools/open-ports/

Port 6277 is closed
Port 587 is open
Port 2703 is closed


and
razor also fails in my system :idea:
  • Are these ports closed?
  • what do you think?
  • how can i open these ports
Best regards

Re: DCC not answering

Posted: 23 May 2020 10:14
by TFNcap
I tested 30 seconds ago (cdcc info)

Code: Select all

# 05/23/20 13:10:39 +03  /var/dcc/map
# Re-resolve names after 14:07:28  Check RTTs after 13:25:38
# 1 total, 0 working servers
# continue not asking DCC server 437 seconds after 5 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
# *127.0.0.1,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

dcc5.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

################
# 05/23/20 13:10:39 +03  greylist /var/dcc/map
# Re-resolve names after 14:58:40
# 1 total, 0 working servers
# continue not asking greylist server 32 seconds after 1 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering

Re: DCC not answering

Posted: 23 May 2020 14:31
by shawniverson
There's chatter on spamassasin forums about the dcc servers not working anywhere right now.

Re: DCC not answering

Posted: 23 May 2020 16:02
by TFNcap
shawniverson wrote: 23 May 2020 14:31 There's chatter on spamassasin forums about the dcc servers not working anywhere right now.
himmmmmm.... pending/follow :shifty:

Re: DCC not answering

Posted: 24 May 2020 22:09
by TFNcap
servers active again but my problem still continues

Code: Select all

# 05/21/20 23:11:57 +03  /var/dcc/map
# Re-resolve names after 00:37:01
# 12 total, 0 working servers
# continue not asking DCC server 63 seconds after 2 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-
#      not answering
#  137.208.8.63,-
#      not answering

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  157.131.0.46,-
#      not answering
#  192.84.137.21,-
#      not answering

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  209.169.14.27,-
#      not answering
#  212.223.102.90,-
#      not answering

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  184.23.168.46,-
#      not answering
#  192.135.10.194,-
#      not answering

dcc5.dcc-servers.net,-      RTT+0 ms    anon
#  204.90.71.235,-
#      not answering
# *209.169.14.26,-
#      not answering
#  212.223.15.198,-
#      not answering

################
# 05/21/20 23:11:57 +03  greylist /var/dcc/map
# Re-resolve names after 01:11:23
# 1 total, 0 working servers
# continue not asking greylist server 64 seconds after 2 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering
my new research

something caught my attention
I did port query with nmap and the result is
all ports are closed
I don't know if I'm making the right searches
I will have a request
can you run the cdcc info command
Does your DCC work?


Image

Re: DCC not answering

Posted: 25 May 2020 14:21
by smyers119
You must have a dns issue then here's my results:

Code: Select all

[user@host ~]$ cdcc info
# 05/25/20 10:18:57 EDT  /var/dcc/map
# Re-resolve names after 11:30:37  Check RTTs after 10:33:56
# 266.09 ms threshold, 220.97 ms average    12 total, 10 working servers
IPv6 on   version=3

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-                                          Etherboy ID 1002
#      88% of 32 requests ok  341.31+0 ms RTT          100 ms queue wait
#  137.208.8.63,-                                             wuwien ID 1290
#     100% of 32 requests ok  208.54+0 ms RTT          100 ms queue wait
#  209.169.14.29,-                                     x.dcc-servers ID 104
#     100% of 32 requests ok  167.06+0 ms RTT          100 ms queue wait

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  157.131.0.46,-                                              sonic ID 1255
#     100% of 32 requests ok  185.95+0 ms RTT          100 ms queue wait
#  192.84.137.21,-                                           INFN-TO ID 1233
#     100% of 32 requests ok  222.63+0 ms RTT          100 ms queue wait

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  54.156.255.136,-
#      not answering
#  209.169.14.27,-                                     x.dcc-servers ID 104
#     100% of 32 requests ok  166.09+0 ms RTT          100 ms queue wait

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  192.135.10.194,-                                           debian ID 1169
#     100% of 32 requests ok  227.45+0 ms RTT          100 ms queue wait
#  212.223.102.90,-                                                  ID 1480
#     100% of 32 requests ok  208.04+0 ms RTT          100 ms queue wait

dcc5.dcc-servers.net,-      RTT+0 ms    anon
# *204.90.71.235,-                                       MGTINTERNET ID 1170
#     100% of 32 requests ok  121.92+0 ms RTT          100 ms queue wait
#  212.223.15.198,-                                                  ID 1481
#     100% of 32 requests ok  208.81+0 ms RTT          100 ms queue wait

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

################
# 05/25/20 10:18:57 EDT  greylist /var/dcc/map
# Re-resolve names after 12:18:56
# 1 total, 0 working servers
# continue not asking greylist server 32 seconds after 1 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering


Re: DCC not answering

Posted: 25 May 2020 15:27
by pdwalker
I get similar results to smyers119.

Re: DCC not answering

Posted: 26 May 2020 21:21
by TFNcap
smyers119 wrote: 25 May 2020 14:21 You must have a dns issue then here's my results:
Current IP settings for ens160 are:
1) BOOTPROTO : none
2) IPV6_AUTOCONF : no
3) IP : 1xx.2x.2xx.1xx
4) Netmask : 255.255.255.248
5) Gateway : 1xx.2x.2xx.1xx
6) Use IPv6 DNS : no
7) IPv6 IP :
8) IPv6 Prefix :
9) IPv6 Gateway :
10) DNS Recursion : DISABLED
11) Primary DNS : 208.67.222.222
12) Secondary DNS : 208.67.220.220
13) Hostname : anxxxxam
14) Domain Name : txxxxxt.com

Re: DCC not answering

Posted: 26 May 2020 23:59
by smyers119
Yea, it's not going to work while using public dns. you need to use recursion or the dcc, rbi, and other services will not work (they limit the amount of querys per day/month per ip

Re: DCC not answering

Posted: 27 May 2020 04:42
by pdwalker
smyers119 is correct.

You will need to enable option 10, DNS recursion, and not have a primary and secondary DNS configured.

The DCC services don't support requests from public DNS servers, but they will support small amounts of requests from non public DNS servers.

The same thing applies to the RBLs used by postfix to help determine if a message is spam nor not.

Is there a reason why you have not enabled recursion?

[edit] more info here: viewtopic.php?f=5&t=4291

Re: DCC not answering

Posted: 27 May 2020 15:35
by TFNcap
smyers119 wrote: 26 May 2020 23:59 Yea, it's not going to work while using public dns. you need to use recursion or the dcc, rbi, and other services will not work (they limit the amount of querys per day/month per ip
pdwalker wrote: 27 May 2020 04:42 smyers119 is correct.

You will need to enable option 10, DNS recursion, and not have a primary and secondary DNS configured.

The DCC services don't support requests from public DNS servers, but they will support small amounts of requests from non public DNS servers.

The same thing applies to the RBLs used by postfix to help determine if a message is spam nor not.

Is there a reason why you have not enabled recursion?

[edit] more info here: viewtopic.php?f=5&t=4291
Is there a reason why you have not enabled recursion?
no special reason
I read an article on the internet, so i closed...
Having the DNS Recursion feature turned on means you are exposed to “DNS Amplification Attack” attacks. This attack is also known as DNS-strengthened DDOS attack. Therefore, the DNS Recursion feature needs to be turned off and we will look at how to do this. Assuming you are more or less familiar with the results of the DDOS attack, what is DNS Amplification Attack?...................



anyway ... now my settings are like this

Code: Select all

Current IP settings for ens160 are:
 1) BOOTPROTO            :  none
 2) IPV6_AUTOCONF        :  no
 3) IP                   :  1xx.2x.2xx.1xx
 4) Netmask              :  255.255.255.248
 5) Gateway              :  1xx.2x.2xx.1xx
 6) Use IPv6 DNS         :  no
 7) IPv6 IP              :
 8) IPv6 Prefix          :
 9) IPv6 Gateway         :
10) DNS Recursion        :  ENABLED
11) Primary DNS          :
12) Secondary DNS        :
13) Hostname             :  axxxxxxm
14) Domain Name          :  txxxxxt.com

e) Return to main menu

 Note: Network will reset when changing values.
I changed the settings and rebooted the system
putty + shell + cdcc info !!!???
and...

Code: Select all

# 05/27/20 18:25:28 +03  /var/dcc/map
# Re-resolve names after 19:13:48  Check RTTs after 18:40:23
# 12 total, 0 working servers
# continue not asking DCC server 190 seconds after 5 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-
#      not answering
#  137.208.8.63,-
#      not answering

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  157.131.0.46,-
#      not answering
#  192.84.137.21,-
#      not answering

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  209.169.14.27,-
#      not answering
#  212.223.102.90,-
#      not answering

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  184.23.168.46,-
#      not answering
#  192.135.10.194,-
#      not answering

dcc5.dcc-servers.net,-      RTT+0 ms    anon
#  204.90.71.235,-
#      not answering
# *209.169.14.26,-
#      not answering
#  212.223.15.198,-
#      not answering

################
# 05/27/20 18:25:28 +03  greylist /var/dcc/map
# Re-resolve names after 19:21:11
# 1 total, 0 working servers
# continue not asking greylist server 32 seconds after 1 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering
:cry:
as if something is still missing

Is there anything you want to review in my settings
or should I wait 1 day maybe

Re: DCC not answering

Posted: 27 May 2020 18:00
by smyers119
Its probably cached results. Either wait a day clear dns cache or reboot.

Re: DCC not answering

Posted: 28 May 2020 10:48
by pdwalker
If your eFa box is not exposing the DNS server to the internet, then you are in no danger of being used for DNS amplification attacks.

The only ports exposed to the internet on my machine are mail related only. Everything is blocked and only the mail related services are mapped from the firewall to the eFa box.

So as long as my mail services remain secure (and patched), I should be safe enough.

Only expose the minimum you need to the internet.

Re: DCC not answering

Posted: 29 May 2020 14:36
by TFNcap
yes you are right I will tell you after testing with all the details...

coming soon stay tuned.... :geek:

Re: DCC not answering

Posted: 03 Jun 2020 12:41
by pdwalker
henk wrote: 17 Feb 2020 11:16 Did you read? viewtopic.php?t=3354

Can be a DNS / Firewall issue
I've had a looooong look.

The system is setup correctly. However, the country in question is blocking all direct dns requests except to those of well known public servers.

I assume that they are doing this for censorship purposes.

I was able to get around this from the command line by setting up a dns server that would accept tcp dns requests on a non standard port, and then testing from the computer to see if I could get around the blocks - it worked. Accessing the same dns server via standard ports fails which confirms the block.

What a PITA.

I am going to see if how to configure unbound to use an upstream dns server, using tcp, on a non standard port for anyone else suffering from the "great china firewall problem in my country"

Bah!