I think my pf / spamd config is correct and running
well, but I'm not entirely sure and would appreciate
any suggestions, corrections or optimizations.
/var/log/spamd shows activity of hosts being
grey-trapped, marked as (BLACK) or (GREY); spamdb
shows trapped and white hosts.
However, 'pfctl -t spamd -T show' shows nothing in the
<spamd> table (<spamd-white> is being populated), and
'pfctl -sT -vv' shows that <spamd> has had no
addresses and no matches. 209.210.237.2 is hitting
spamd constantly, and I would expect it to be
blacklisted into <spamd> at the least. Given that,
does my pf.conf seem correct?
=================================================
Relevant portions of my pf.conf:
table <spamd> persist
table <spamd-white> persist
table <spamd-my-whitelist> persist file
"/etc/mail/spamd-my-whitelist.txt"
rdr on $ext_if inet proto tcp from
<spamd-my-whitelist> to \
{ $ext_if, $localnet, $dmznet } port smtp ->
$mailserver port smtp
rdr pass on $ext_if inet proto tcp from <spamd> to \
{ $ext_if, $localnet, $dmznet } port smtp ->
127.0.0.1 port spamd
rdr pass on $ext_if inet proto tcp from !<spamd-white>
to \
{ $ext_if, $localnet, $dmznet } port smtp ->
127.0.0.1 port spamd
rdr on $ext_if inet proto tcp from <spamd-white> to \
{ $ext_if, $localnet, $dmznet } port smtp ->
$mailserver port smtp
# Enable logging of certain SMTP transactions so
spamlogd can
# update <spamd-white>. Connections from MTAs in my
custom
# <spamd-my-whitelist> don't need to be logged.
pass in quick on $ext_if inet proto tcp from
<spamd-my-whitelist> \
to any port smtp synproxy state
pass in log (to pflog1) quick on $ext_if inet proto
tcp from <spamd-white> \
to any port smtp synproxy state
pass out log (to pflog1) quick on $ext_if inet proto
tcp from $mailserver \
to any port smtp synproxy state
=================================================
The man page for spamd says:
>>
When a host that is currently greylisted
attempts to send mail to a spamtrap address, it
is blacklisted for 24
hours by adding the host to the spamd blacklist
<spamd-greytrap>.
<<
Should I also have an rdr rule for <spamd-greytrap>?
=================================================
I'm using OpenBSD 4.2's default /etc/mail/spamd.conf.
I have created the pflog1 interface, tcpdump shows
traffic occasionally being logged to it, and spamlogd
is listening to pflog1. '/usr/libexec/spamd-setup' is
uncommented in root's crontab, and runs hourly.
My /etc/rc.conf.local:
spamd_flags="-v -G 15:4:864 -l 127.0.0.1 -h
host.example.com -n Postfix"
spamd_black=NO
spamd_grey=YES
spamlogd_flags="-l pflog1"
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
