On Sun, Apr 21, 2019 at 09:53:52AM +0000, Mik J wrote:
> Hello,
> I read the man but it's not so clear to me
> https://man.openbsd.org/spamd#SYNCHRONISATION
> a) I chose unicast synchronisation but I don't know which port should I open
> on the firewall ?
> Is it going to use the spamd-cfg service ?
It will use spamd-sync (udp port 8025)
>
> b) The synchronisation section mention a key and there's an option -K
> regarding that key but in the example the -K option is not used. So it's not
> clear.
-K is optional. BUt if you use it, all instances syncing should use
the same key.
>
> c) It's not clear which instance is going to contact which. Is there a
> master/slave relationship ? What if one IP is WHITELIST on one instance and
> BLACKLIST on the other.
> Also should I use the -Y option on both instances ? Both are going to try to
> start a tcp session ?
It's symmetrical. All spamd's send updates to each other. No tcp
involved, only udp. Specify A's IP on B and vice-versa.
>
> d) The message digest is calculated in md5 ?
It uses a sha1 hmac message authentication code, so no md5 digest.
>
> e) Should I specify the -M option on all instance or just on the low priority
> MX, which IP adress should I specify the one on that host or the remote MX
>
> Thank you
Never used -M myself, but reading spamd.conf it looks like you only
specify an -M IP on the host serving that IP. Note that -M is
optional.
-Otto
