Re: Spamd as a proxy

Fri, 15 Apr 2022 14:21:47 -0700 

Hi Mr Hansteen,
Thanks for the reply, I started my journey with OpenBSD this week and I decided to buy your book to help me understand its PF system, it's been very helpful. I've been reading man pages from pf,spamd,opensmtpd and sysctl, perhaps I just need more reading and time to fully understand what is wrong with my setup. 


Since I am using 2 hosts (1 antispamer, 1 smtp server) on the same LAN, 
I thought `rdr-to` would not work as stated on: 
<https://www.openbsd.org/faq/pf/rdr.html>, under the section 
"Redirection and Reflection" which is why I used `divert-to`. But 
neither work, thus, I am left with no ideas as of how to forward the 
emails from the antispam machine to the email server.



What's different from all the docs and examples I've found is that I'm 
trying to use two hosts, and everything I've seen seems to assume spamd 
and the smtp server are on the same host. If `rdr-to` is not the way to 
go, how must I overcome this challenge?




On 2022-04-15 14:11, Peter Nicolai Mathias Hansteen wrote:

15. apr. 2022 kl. 19:56 skrev alejan...@rogue-research.com:

Greetings everyone,
First time posting here and so bear with me please :)

I have a mail server I don't want to touch; I want to set up another 
machine in front of it running spamd.
I have tried using `rdr-to` instead of `divert-to` but neither seem to 
work

This is what my pf rules look like in "/etc/pf.conf"
```
table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"


# Incoming connections that are whitelisted/nospamd go directly to the 
smtp server
pass in quick log (all, to pflog0) on egress proto tcp from { 
<nospamd> <spamd-white> } \

to any port smtp divert-to mailserver.domain.com port smtp


No. Please read the man page. You do not need divert-to here. If you
do need it, your network design is wrong.

Try looking up http://home.nuug.no/~peter/pftutorial/#52
<http://home.nuug.no/~peter/pftutorial/#52> (or better yet for me, buy
the book :))

All the best,
Peter

—
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
























					Reply via email to