On 25.05.2016 15:01, Jeff Ross wrote: > Hi all, > > I am incrementally bringing my server up to date. I was on 5.5-current so > following the instructions I upgraded to 5.6 stable. > > I re-wrote my pf.conf to remove the oldqueue rules and to simplify the > rule set. > > Checks okay for syntax but it doesn't seem to be redirecting mail to > spamd. If I telnet to my server on port 25 I do not see the stutter of the > banner at all. > > Here's my current pf.conf for other eyes--maybe I've made a thinko in these > new ruless > > # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $ > # > # See pf.conf(5) for syntax and examples. > # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 > # in /etc/sysctl.conf if packets are to be forwarded between interfaces. > ext_if="re0" # External Public Interface > tcp_services = "{ 22,53,113,25,993,465,80,443 }" > udp_services = "{ domain, ntp, 1194 }" > icmp_types = "{ echoreq, unreach }" > table <spamd> persist > table <zombies> persist > set block-policy return > set loginterface $ext_if > set skip on { lo, tun } > match on $ext_if inet all scrub (no-df max-mss 1398) > > # filter rules and anchor for ftp-proxy(8) > anchor "ftp-proxy/*" > pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 > > # anchor for relayd(8) > block log all > block in log quick proto tcp from <zombies> to any > # rules for spamd(8) > table <spamd-white> persist > table <nospamd> persist file "/etc/mail/nospamd" > pass in log on egress proto tcp from any to any port smtp \ > rdr-to 127.0.0.1 port spamd > pass in log on egress proto tcp from <nospamd> to any port smtp > pass in log on egress proto tcp from <spamd-white> to any port smtp > pass out log on egress proto tcp to any port smtp > > pass in log quick on egress proto tcp to port $tcp_services > pass in log quick on egress proto udp to port $udp_services > pass out log quick on egress from any to any > > Thanks! > > Jeff Ross >
Hi Your tcp_services variable includes port 25, which is smtp, and you have a rule to pass in quick all tcp_services. That one will precede your spamd rules if I got that right. So, by removing port 25 from tcp_services, your setup should work. -- Unix _IS_ user friendly - it's just selective about who its friends are!