I think my pf / spamd config is correct and running well, but I'm not entirely sure and would appreciate any suggestions, corrections or optimizations.
/var/log/spamd shows activity of hosts being grey-trapped, marked as (BLACK) or (GREY); spamdb shows trapped and white hosts. However, 'pfctl -t spamd -T show' shows nothing in the <spamd> table (<spamd-white> is being populated), and 'pfctl -sT -vv' shows that <spamd> has had no addresses and no matches. 209.210.237.2 is hitting spamd constantly, and I would expect it to be blacklisted into <spamd> at the least. Given that, does my pf.conf seem correct? ================================================= Relevant portions of my pf.conf: table <spamd> persist table <spamd-white> persist table <spamd-my-whitelist> persist file "/etc/mail/spamd-my-whitelist.txt" rdr on $ext_if inet proto tcp from <spamd-my-whitelist> to \ { $ext_if, $localnet, $dmznet } port smtp -> $mailserver port smtp rdr pass on $ext_if inet proto tcp from <spamd> to \ { $ext_if, $localnet, $dmznet } port smtp -> 127.0.0.1 port spamd rdr pass on $ext_if inet proto tcp from !<spamd-white> to \ { $ext_if, $localnet, $dmznet } port smtp -> 127.0.0.1 port spamd rdr on $ext_if inet proto tcp from <spamd-white> to \ { $ext_if, $localnet, $dmznet } port smtp -> $mailserver port smtp # Enable logging of certain SMTP transactions so spamlogd can # update <spamd-white>. Connections from MTAs in my custom # <spamd-my-whitelist> don't need to be logged. pass in quick on $ext_if inet proto tcp from <spamd-my-whitelist> \ to any port smtp synproxy state pass in log (to pflog1) quick on $ext_if inet proto tcp from <spamd-white> \ to any port smtp synproxy state pass out log (to pflog1) quick on $ext_if inet proto tcp from $mailserver \ to any port smtp synproxy state ================================================= The man page for spamd says: >> When a host that is currently greylisted attempts to send mail to a spamtrap address, it is blacklisted for 24 hours by adding the host to the spamd blacklist <spamd-greytrap>. << Should I also have an rdr rule for <spamd-greytrap>? ================================================= I'm using OpenBSD 4.2's default /etc/mail/spamd.conf. I have created the pflog1 interface, tcpdump shows traffic occasionally being logged to it, and spamlogd is listening to pflog1. '/usr/libexec/spamd-setup' is uncommented in root's crontab, and runs hourly. My /etc/rc.conf.local: spamd_flags="-v -G 15:4:864 -l 127.0.0.1 -h host.example.com -n Postfix" spamd_black=NO spamd_grey=YES spamlogd_flags="-l pflog1" ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ