Thank you all for the input. jared r r spiegel wrote: > On Tue, Feb 27, 2007 at 05:44:05PM -0700, Bob Beck wrote: >> * Tom Bombadil <[EMAIL PROTECTED]> [2007-02-27 15:09]: >>> Greetings... >>> >>> By any chance, will spamd delete any IPs that I add manually to spamd-white? >>> >> Yes. > > consider the entries in <spamd-white> to be the exclusive stomping > grounds of spamd(8) for the sole purpose for pumping the "WHITE" entries > from /var/db/spamd into pf(4). > > the 'expire' time in the db file is a simple sum of 'now' plus > whatever 'whiteexp' is set to when the entry is written. > > the entry is reapered out later on when that expire time is > <= 'now'. > > since <spamd-white>'s purpose is nothing other than to enumerate > IPs which shall not actually *talk* to spamd(8) at all, it is > perfectly correct to take any IPs you personally want to whitelist > (be it on a permanent basis or whatever) and put them into a > different table that you just use in pf.conf(5) .... > >>> spamd(8) says: >>> "spamd regularly scans the /var/db/spamd database and configures all >>> whitelist addresses as the spamd-white pf(4) table." >>> >>> How exactly does spamd configure spamd-white table? >>> >>> The objective is to safely add my own IPs to the whitelist. >>> >> don't put them in spamd-white: >> >> table <no-spamd> file /etc/mail/nospamd >> ... >> no-rdr proto tcp from <no-spamd> to any port 25 > > ... like beck@ mentions there. > > for instance, i wrote two shell scripts to take care of this for > me. one of them runs against a list of domain names that i know > have SPF records and that i want to whitelist based on them, it > runs some digs, sorts/uniqs them, and writes the results > somefile.spf. > the second script reads the contents of somefile.spf and also > somefile.static and pumps them into a table in pf i call <perma-white>, > who then gets a no-rdr line. > > so i just add things to the list of domains for the SPF lookup > if applicable, and if not applicable or i need something Right Now, > i just add them to the somefile.static. > > this way you keep your "manual" whitelisted entries decoupled > from spamd, spamd-setup, and /var/db/spamd, and it's easy to manage > them on the side.
