Will H. Backman wrote:
Is this a sane minimum configuration for "spamd -g" on a transparent
bridge? Is it unwise to only greylist?
----
1. Create bridge with no IP's.
2. pf=YES and spamd_flags="-g" in /etc/rc.conf.local
3. Simple three line /etc/pf.conf:
ext_if="xl0"
rdr pass inet proto tcp from !<spamd-white> to any \
port smtp -> 127.0.0.1 port spamd
pass in on $ext_if route-to lo0 proto tcp from any to 127.0.0.1 port
spamd
----
The third line of pf.conf was inspired by the example given here:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=108089194621750&w=2
I'm not sure if my modifications for this situation are correct.
Replying to myself:
Would the above rules also trap outbound connections from my MTA?
I would want my MTA to be able to make outbound connections through the
bridge.
Should I add something to the rdr line to only redirect connections
coming into the bridge?
Maybe "rdr on $ext_if pass inet..."
