hello misc.
I have spamd before mail server. and it's work nice with liberal setting like
this:
spamd_flags="-v -l 127.0.0.1 -G 10:4:864 -h mail.server"
pf.conf:
table <spamd-white> persist
table <spamd-bypass> file "/etc/mail/spamd.bypass"
table <spamd-black> file "/etc/mail/spamd.black"
match in on $ext_if_a inet proto tcp from { <spamd-bypass>, <spamd-white> } to
$ext_if_a port { smtp, smtps } rdr-to <mail>
match in on $ext_if_a inet proto tcp from { !<spamd-bypass>, !<spamd-white> }
to $ext_if_a port { smtp, smtps } tag MAIL_A rdr-to 127.0.0.1 port spamd
block in log quick on { $ext_if_a, $ext_if_b } from { <bruteforce>, <private>,
<spamd-black> } to any
pass in on $ext_if_a inet proto tcp from any to <mail> port { smtp, smtps }
synproxy state reply-to ($ext_if_a $ext_gw_a)
pass in quick reply-to ($ext_if_a $ext_gw_a) tagged MAIL_A
Periodically I receive mail from spammers throuch spamd and antispam setting on
mail server.
Then I copy-paste IP-adress of spam-sender from field "Received" to
spam.txt file on router and do something like this:
#cat spam.txt | uniq | sort > /etc/mail/spamd.black
or
#sort -u spam.txt > /etc/mail/spamd.black
and
#pfctl -f /etc/pf.conf
but I won't want to reload all rules. In best way I want to add in pf
<spamd-black> table
only new IP, that I past in the top of spam.txt file.
Also I try to use
pfctl -t spamd-black -T flush
pfctl -t spamd-black -T add -f /etc/mail/spamd.black
to do not touch all pf.conf, but I think when spamd.black table will have big
size,
the better way is add a new IP in table without reloading or loading big table.
