Darrin Chandler wrote:
On Tue, Jan 06, 2009 at 12:58:00PM -0500, Frank Bax wrote:
Today I was having some issues sending mail through a local ISP to my
system (4.4 release). Some investigation showed that spamdb reports the
ip address of the ISP's smtp server as both WHITE and GREY? This should
not be possible, should it?
$ sudo spamdb | grep 64.7.153.18
WHITE|64.7.153.18|||1231252840|1231254379|1234364784|9|0
GREY|64.7.153.18|smarthost1.sentex.ca|<x...@clgw.ca>|<x...@clgw.ca>|1231252840|
1231254390|1231267240|10|0
Is it possible to remove the GREY entry (spamdb -d only removes WHITE
entires)?
WHITE is seen first, so the GREY has no effect. This behavior started a
few releases ago, and it's been discussed several times. There's no need
to remove the GREY entries. They expire on their own in short order.
Ah, my bad; sorry. Thanks for being kind enough to post the same answer
a second time. Now I've done a bit of homework.
http://marc.info/?l=openbsd-misc&m=118755082205516&w=2
http://marc.info/?l=openbsd-misc&m=120033441815022&w=2
http://marc.info/?l=openbsd-misc&m=120507275423154&w=2
The basic response was that this behaviour is normal; but I started to
wonder about this when 2 of 3 posts did not contain a pf.conf file. In
the only thread (first one) where a pf.conf file was included; Edgars
happened to mention:
"I've always had my spamd-white list match on a "no rdr"
before any of the other rules."
I don't have a "no rdr" rule and neither did the OP that included his
pf.conf file.
Going through the changelog for pf.conf, I notice this change Feb.2007:
http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.conf.diff?r1=1.33;r2=1.34
I'm afraid I barely understood how spamd worked when I first did the
setup back in 3.5; and now I don't fully understand the impact of these
changes made to examples in pf.conf; but I do notice a few things.
First, I notice that other people started having soon after this change
was committed. Is it possible that a change to my pf.conf would get rid
of the duplicate ip addresses (once the GREY's had expired)?
I notice that one example line was removed:
table <spamd> persist
I guess I can delete that line from my file too?
I notice that the two example rules that were changed match my 2nd and
4th rules. That cannot be coincidence.
in_mx="127.0.0.1"
rdr pass on $ext_if proto tcp from <spamd-mywhite> to port smtp \
-> $in_mx port smtp
rdr pass on $ext_if proto tcp from <spamd> to port smtp \
-> 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from <spamd-white> to port smtp \
-> $in_mx port smtp
rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
-> 127.0.0.1 port spamd
Should I change my file to:
rdr pass on $ext_if proto tcp from <spamd-mywhite> to port smtp \
-> $in_mx port smtp
no rdr on $ext_if proto tcp from <spamd-white> to any port smtp
rdr pass on $ext_if proto tcp from <spamd-white> to port smtp \
-> $in_mx port smtp
rdr pass on $ext_if proto tcp from any to any port smtp \
-> 127.0.0.1 port spamd
I'm thinking my 3rd rule is now redundant - is this correct?
Frank
