Re: SPAMD - GREY Listing Question

2018-10-01 Thread Peter N. M. Hansteen 
On 10/01/18 23:36, Antonino Sidoti wrote:

> I notice that Spamd when seeing a first time sender is not being labelled 
> with “GREY” even though the log says it is.
>  
> /var/log/maillog shows a sender being flagged as ‘GREY’;
> 
> Oct  1 17:43:24 obsd-svr3 spamd[84545]: (GREY) 67.219.xxx.250: 
>  -> 
> Oct  1 17:43:24 obsd-svr3 spamd[16185]: Trapping 67.219.xxx.250 for tuple 
> 67.219.xxx.250 test.network-tools.com  
> 
> Oct  1 17:43:24 obsd-svr3 spamd[84545]: 67.219.149.250: disconnected after 13 
> seconds.

This is a sender getting greytrapped. The most likely explanation is
that b...@example.com is either an explicit spamtrap or fails to match
the allowed suffixes in /etc/mail/spamd.alloweddomains

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

SPAMD - GREY Listing Question

2018-10-01 Thread Antonino Sidoti 
Hi,

I notice that Spamd when seeing a first time sender is not being labelled with 
“GREY” even though the log says it is.
 
/var/log/maillog shows a sender being flagged as ‘GREY’;

Oct  1 17:43:24 obsd-svr3 spamd[84545]: (GREY) 67.219.xxx.250: 
 -> 
Oct  1 17:43:24 obsd-svr3 spamd[16185]: Trapping 67.219.xxx.250 for tuple 
67.219.xxx.250 test.network-tools.com  

Oct  1 17:43:24 obsd-svr3 spamd[84545]: 67.219.149.250: disconnected after 13 
seconds.

obsd-svr3$ spamdb | grep GREY

No result

obsd-svr3$ spamdb | grep 67.219.xxx.250
TRAPPED|67.219.xxx.250|1541490191

As noted above the sender is “TRAPPED” for which I understand it is 
blacklisted. I am running ‘spamd’ in default mode and only added -v flag in 
'/etc/rc.conf.local’;

spamd_flags=-v

The ‘spamd’ process is like so;

obsd-svr3$ ps -aux | grep spam
_spamd   54244  0.0  0.1   580  1496 ??  Ssp   Sat03PM0:15.98 
/usr/libexec/spamlogd -l pflog1
_spamd   10589  0.0  0.1  9712  1552 ??  Ssp5:40PM0:00.11 spamd: (pf 
 update) (spamd)
_spamd   84545  0.0  0.2  9924  5012 ??  Sp 5:40PM0:00.19 spamd: [priv] 
(greylist) (spamd)
_spamd   16185  0.0  0.1  9692  1524 ??  Ip 5:40PM0:00.00 spamd: 
(/var/db/spamd update) (spamd)

Can anyone confirm if this is normal or I have an issue with ‘spamd’?

Thanks