hello misc. I have spamd before mail server. and it's work nice with liberal setting like this: spamd_flags="-v -l 127.0.0.1 -G 10:4:864 -h mail.server"
pf.conf: table <spamd-white> persist table <spamd-bypass> file "/etc/mail/spamd.bypass" table <spamd-black> file "/etc/mail/spamd.black" match in on $ext_if_a inet proto tcp from { <spamd-bypass>, <spamd-white> } to $ext_if_a port { smtp, smtps } rdr-to <mail> match in on $ext_if_a inet proto tcp from { !<spamd-bypass>, !<spamd-white> } to $ext_if_a port { smtp, smtps } tag MAIL_A rdr-to 127.0.0.1 port spamd block in log quick on { $ext_if_a, $ext_if_b } from { <bruteforce>, <private>, <spamd-black> } to any pass in on $ext_if_a inet proto tcp from any to <mail> port { smtp, smtps } synproxy state reply-to ($ext_if_a $ext_gw_a) pass in quick reply-to ($ext_if_a $ext_gw_a) tagged MAIL_A Periodically I receive mail from spammers throuch spamd and antispam setting on mail server. Then I copy-paste IP-adress of spam-sender from field "Received" to spam.txt file on router and do something like this: #cat spam.txt | uniq | sort > /etc/mail/spamd.black or #sort -u spam.txt > /etc/mail/spamd.black and #pfctl -f /etc/pf.conf but I won't want to reload all rules. In best way I want to add in pf <spamd-black> table only new IP, that I past in the top of spam.txt file. Also I try to use pfctl -t spamd-black -T flush pfctl -t spamd-black -T add -f /etc/mail/spamd.black to do not touch all pf.conf, but I think when spamd.black table will have big size, the better way is add a new IP in table without reloading or loading big table.