hello misc.
I have spamd before mail server. and it's work nice with liberal setting like
this:
spamd_flags=-v -l 127.0.0.1 -G 10:4:864 -h mail.server
pf.conf:
table spamd-white persist
table spamd-bypass file /etc/mail/spamd.bypass
table spamd-black file /etc/mail/spamd.black
match in on $ext_if_a inet proto tcp from { spamd-bypass, spamd-white } to
$ext_if_a port { smtp, smtps } rdr-to mail
match in on $ext_if_a inet proto tcp from { !spamd-bypass, !spamd-white }
to $ext_if_a port { smtp, smtps } tag MAIL_A rdr-to 127.0.0.1 port spamd
block in log quick on { $ext_if_a, $ext_if_b } from { bruteforce, private,
spamd-black } to any
pass in on $ext_if_a inet proto tcp from any to mail port { smtp, smtps }
synproxy state reply-to ($ext_if_a $ext_gw_a)
pass in quick reply-to ($ext_if_a $ext_gw_a) tagged MAIL_A
Periodically I receive mail from spammers throuch spamd and antispam setting on
mail server.
Then I copy-paste IP-adress of spam-sender from field Received to
spam.txt file on router and do something like this:
#cat spam.txt | uniq | sort /etc/mail/spamd.black
or
#sort -u spam.txt /etc/mail/spamd.black
and
#pfctl -f /etc/pf.conf
but I won't want to reload all rules. In best way I want to add in pf
spamd-black table
only new IP, that I past in the top of spam.txt file.
Also I try to use
pfctl -t spamd-black -T flush
pfctl -t spamd-black -T add -f /etc/mail/spamd.black
to do not touch all pf.conf, but I think when spamd.black table will have big
size,
the better way is add a new IP in table without reloading or loading big table.