Re: stuck on spamd (SOLVED)

2018-06-14 Thread Hasse Hansson 
On Thu, Jun 14, 2018 at 11:42:12AM +0100, Craig Skinner wrote:
> Hej hej Hasse,
> 
> On Wed, 13 Jun 2018 22:05:29 +0200 Hasse Hansson wrote:
> > I've adjusted my settings according to your advice, but now it looks
> > like it just directly whitelist every connection without greylisting.
> > 
> > .
> > 
> > ...
> > 
> > This is how my files look like now. spamd.conf is the original one.
> 
> Your spamd.conf file was missing a line terminator. Double quotes are
> opened, but not closed. Could this confuse spamd? Fix & restart spamd.
> 
> Next, check your syslogs for spamd, spamlogd & spamd-setup activity.
> 
> If that doesn't provide the answer, try removing all quick words from
> pf.conf. Block everything, then progressively pass traffic down the
> file. Reload your new rules & check spam* syslog entries.
> 
> Cheers,
> -- 
> Craig Skinner | http://linkd.in/yGqkv7
>
Hello and thank you for answering.
Yes, the problem was with my pf.conf :-)
after adjusting the rules, and using the original spamd.conf,
it's now working as I expected.
TY for all help.
/Hasse

Re: stuck on spamd (SOLVED)

2018-06-14 Thread Hasse Hansson 
Thank you for your answer.
I made some adjustments to my pf.conf according to your advice,
and now it's working as I expected.

smtp$ cat spamd

Jun 14 11:30:39 smtp spamd[12751]: 185.234.216.204: disconnected after 12 
seconds.
Jun 14 11:30:46 smtp spamd[12751]: 91.121.119.198: connected (1/0)
Jun 14 11:30:49 smtp spamd[12751]: 91.121.119.198: disconnected after 3 seconds.
Jun 14 11:33:06 smtp spamd[12751]: 185.234.216.189: connected (1/0)
Jun 14 11:33:18 smtp spamd[12751]: 185.234.216.189: disconnected after 12 
seconds.
Jun 14 11:35:36 smtp spamd[12751]: 8.8.178.116: connected (1/0)
Jun 14 11:35:48 smtp spamd[12751]: (GREY) 8.8.178.116: 
 -> 
Jun 14 11:35:48 smtp spamd[12751]: 8.8.178.116: disconnected after 12 seconds.
Jun 14 11:41:38 smtp spamd[12751]: 8.8.178.116: connected (1/0)
Jun 14 11:41:49 smtp spamd[12751]: (GREY) 8.8.178.116: 
 -> 
Jun 14 11:41:50 smtp spamd[12751]: 8.8.178.116: disconnected after 12 seconds.
Jun 14 11:42:16 smtp spamd[12751]: 185.234.216.189: connected (1/0)
Jun 14 11:42:27 smtp spamd[12751]: 185.234.216.189: disconnected after 11 
seconds.
--

$sudo spamdb | sort
GREY|91.136.10.242|mail37c50.megamailservers.eu|||1528971077|1528985477|1528985477|1|0
GREY|91.136.10.246|mail56c50.megamailservers.eu|<||1528971015|1528985415|1528985415|1|0
GREY|91.136.10.248|mail56c50.megamailservers.eu|||1528970741|1528971075|1528985141|2|0
WHITE|209.85.213.47|||1528970463|1528970663|1532081115|2|0
WHITE|8.8.178.116|||1528968948|1528969309|1532080298|2|1
WHITE|91.136.10.240|||1528970713|1528971017|1532081475|2|0
WHITE|91.136.10.248|||1528970741|1528971075|1532081535|2|0

--

localnet = $int_if:network
tcp_services = "{ domain, ntp, imap, imaps, pop3, pop3s }"
#mail_services = "{ smtp, smtps, submission }"
mail_services = "{ smtps, submission }"
udp_services = "{ domain, ntp }"
icmp_types = "echoreq"

table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
   172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
   192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\
   203.0.113.0/24 }

table  persist
table  persist file "/etc/abusers"
table  persist
table  persist file "/etc/mail/nospamd"

set block-policy drop
set loginterface egress
set skip on lo0

match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)

antispoof quick for { egress $ext_if int_if }

block in quick on egress from  to any
block return out quick on egress from any to 

block in quick log on egress from  to any label "abusers"

block all
#pass out quick inet

pass in on egress inet proto tcp from any to any port smtp \
divert-to 127.0.0.1 port spamd
pass in on egress proto tcp from  to any port smtp
pass in log on egress proto tcp from  to any port smtp
pass out log on egress proto tcp to any port smtp

#pass in on { $ext_if } inet

pass log quick proto tcp from any to (egress) port ssh flags S/SA keep state \
(max-src-conn 15, max-src-conn-rate 5/3, overload  flush 
global)

pass log quick proto tcp from any to (egress) port $tcp_services flags S/SA 
keep state \
(max-src-conn 50, max-src-conn-rate 15/5, overload  flush 
global)

pass log quick proto tcp from any to (egress) port $mail_services flags S/SA 
keep state \
(max-src-conn 50, max-src-conn-rate 25/5, overload  flush 
global)

pass in on egress inet proto tcp from any to (egress) port { 80 443 }

pass inet proto tcp from { self, $localnet }

pass log inet proto tcp to port $tcp_services keep state
pass log inet proto tcp to port $mail_services keep state

pass quick inet proto udp to port $udp_services keep state
pass out on $ext_if inet proto udp to port 33433 >< 33626
pass inet proto icmp all icmp-type $icmp_types