On Thu, 22 Dec 2005, Moritz Grimm wrote:
rdr pass on $EXT_IF inet proto tcp from <spamd-mywhite> to any port 25 ->
127.0.0.1 port smtp <== add this line
rdr pass on $EXT_IF inet proto tcp from <spamd> to any port 25 ->
127.0.0.1 port 8025
rdr pass on $EXT_IF inet proto tcp from !<spamd-white> to any port smtp ->
127.0.0.1 port 8025
Instead, I suggest to use a ``no rdr'' line after rdr'ing those in the
blacklists to spamd.
Actually, yes, because it makes your filter rulesets easier to
parse visually, but you want the "no rdr" *first*. This is the
configuration that we are using.
From pf.conf(8):
"For each packet processed by the translator, the translation rules are
evaluated in sequential order, from first to last. The first matching
rule decides what action is taken."
This gets also gets you the added bonus of being able to whitelist
something that has ended up in <spamd> that shouldn't be there
due to parts of a RBL being excessively lame, like spews1, for example.
--
Signing off,
Joseph C. Bender
<[EMAIL PROTECTED]>
"Does the government fear us? Or do we fear the government? When the
people fear the government, tyranny has found victory. The federal
government is our servant, not our master." ---Thomas Jefferson
