On 2022-04-15, alejan...@rogue-research.com <alejan...@rogue-research.com> wrote: > Hi Mr Hansteen, > > Thanks for the reply, I started my journey with OpenBSD this week and I > decided to buy your book to help me understand its PF system, it's been > very helpful. I've been reading man pages from pf,spamd,opensmtpd and > sysctl, perhaps I just need more reading and time to fully understand > what is wrong with my setup. > > Since I am using 2 hosts (1 antispamer, 1 smtp server) on the same LAN, > I thought `rdr-to` would not work as stated on: ><https://www.openbsd.org/faq/pf/rdr.html>, under the section > "Redirection and Reflection" which is why I used `divert-to`. But > neither work, thus, I am left with no ideas as of how to forward the > emails from the antispam machine to the email server. > > What's different from all the docs and examples I've found is that I'm > trying to use two hosts, and everything I've seen seems to assume spamd > and the smtp server are on the same host. If `rdr-to` is not the way to > go, how must I overcome this challenge?
spamd expects to either be on the same host as the real SMTP service, or on a router/firewall in front of that host. the only way to do proxy like this on a host in a subnet alongside the smtp server (with another firewall "in front") is to rdr *and* nat. but for obvious reasons you really want the SMTP service to see the original source IP so nat isn't much help...
