[pfSense Support] spamd package
Hi, I just tried to install spamd today, but it seems to block all my messages. I've waited 25 minutes, and still no mail arrives. I also tried to add some blacklist servers from the openbsd/spamd page, but it seems not to really work. It just kept three entries in the greylist, and nothing else passed into that list, nor anything went through the mailserver I entered as next MTA. When I telnetted into the SMTP port on my WAN side (from another location obviously), the SMTP HELO string came very slowly (but changing the value to '0' for the delay didn't make it faster). Where can I find good info on how to configure it basic... from that point I could maybe tweak a little, but a basic guideline would be great to start with. Kind regards, Michel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] spamd package
I have been successfully using the spamd package for about 2 weeks at one of my client sites, and it is working wonderfully. It has reduced the amount of spam that the site's email server was receiving from about 15000 per day to about 50 to 75 per day. I configured the package as follows: On the external spam data sources page, I have the following 2 items configured: provider: spamhaus type: blacklist provider method: url url: zen.spamhaus.org provider: uceprotect network type: blacklist provider method: file file: http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz On the white list tab, I have the client's local email server's IP address listed. I left the default configuration on the spamd settings tab. I am having excellent luck with this package running on a pair of firewalls using CARP. I manually replicated my settings on both boxes, and it successfully works during failover (although the settings and spam database don't replicate -- but that's a given with most of the add-on packages). I believe that you may be experiencing problems because you don't have your local email server white listed. Vaughn Reid III Michel Servaes wrote: Hi, I just tried to install spamd today, but it seems to block all my messages. I've waited 25 minutes, and still no mail arrives. I also tried to add some blacklist servers from the openbsd/spamd page, but it seems not to really work. It just kept three entries in the greylist, and nothing else passed into that list, nor anything went through the mailserver I entered as next MTA. When I telnetted into the SMTP port on my WAN side (from another location obviously), the SMTP HELO string came very slowly (but changing the value to '0' for the delay didn't make it faster). Where can I find good info on how to configure it basic... from that point I could maybe tweak a little, but a basic guideline would be great to start with. Kind regards, Michel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] spamd package
Vaughn, You should re-visit the spamhaus terms of service for their Zen service. It is not free for commercial use as you are apparently doing. Otherwise, thank you for the feedback on the package. -Gary Vaughn L. Reid III wrote: I have been successfully using the spamd package for about 2 weeks at one of my client sites, and it is working wonderfully. It has reduced the amount of spam that the site's email server was receiving from about 15000 per day to about 50 to 75 per day. I configured the package as follows: On the external spam data sources page, I have the following 2 items configured: provider: spamhaus type: blacklist provider method: url url: zen.spamhaus.org provider: uceprotect network type: blacklist provider method: file file: http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz On the white list tab, I have the client's local email server's IP address listed. I left the default configuration on the spamd settings tab. I am having excellent luck with this package running on a pair of firewalls using CARP. I manually replicated my settings on both boxes, and it successfully works during failover (although the settings and spam database don't replicate -- but that's a given with most of the add-on packages). I believe that you may be experiencing problems because you don't have your local email server white listed. Vaughn Reid III Michel Servaes wrote: Hi, I just tried to install spamd today, but it seems to block all my messages. I've waited 25 minutes, and still no mail arrives. I also tried to add some blacklist servers from the openbsd/spamd page, but it seems not to really work. It just kept three entries in the greylist, and nothing else passed into that list, nor anything went through the mailserver I entered as next MTA. When I telnetted into the SMTP port on my WAN side (from another location obviously), the SMTP HELO string came very slowly (but changing the value to '0' for the delay didn't make it faster). Where can I find good info on how to configure it basic... from that point I could maybe tweak a little, but a basic guideline would be great to start with. Kind regards, Michel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] limited per IP
Hi,
I made this simple script and works fine for me.
#!/bin/sh
#Configuration
SUBNET=192.168.XXX.XXX/24
LIMIT_PIPEIN=250Kbit/s
LIMIT_PIPEOUT=250Kbit/s
#Load ipfw
echo -n Loading IPFW:
if [ `kldstat | grep -i ipfw | wc -l` -eq 0 ] ; then
kldload ipfw
echo OK
else
echo NOT NEEDED
fi
#Load dummynet
echo -n Loading DUMMYNET:
if [ `kldstat | grep -i dummynet | wc -l` -eq 0 ] ; then
kldload dummynet
echo OK
else
echo NOT NEEDED
fi
#Create Pipe OUT
echo -n Creating Pipe OUT:
if [ `ipfw list | grep -i pipe 100 | wc -l` -eq 0 ] ; then
ipfw add pipe 100 ip from ${SUBNET} to any /dev/null
echo OK
else
echo NOT NEEDED
fi
#Create Pipe OUT
echo -n Creating Pipe IN:
if [ `ipfw list | grep -i pipe 200 | wc -l` -eq 0 ] ; then
ipfw add pipe 200 ip from any to ${SUBNET} /dev/null
echo OK
else
echo NOT NEEDED
fi
#Config Pipe's
ipfw pipe 100 config mask src-ip 0x00ff bw ${LIMIT_PIPEOUT} queue 10
ipfw pipe 200 config mask dst-ip 0x00ff bw ${LIMIT_PIPEIN} queue 10
echo Pipe in:${LIMIT_PIPEIN}
echo Pipe out:${LIMIT_PIPEOUT}
echo Target Subnet:${SUBNET}
#--end--
Place this script into /usr/local/etc/rc.d/ and use chmod to 751.
Now if the system was restarted, it will come up too.
You must change the subnet to your range.
And don´t forget to fix the bandwidth limit about 5% less than you want.
The abouve script set a 25KB/s in/out rate for each ip address of a subnet
range.
This is the sum of all traffic for that client.
And so, if the client open more than one connection the limit will split
between them.
It works even with p2p.
Best Regards,
Luiz Vaz
2008/4/8 Scott Ullrich [EMAIL PROTECTED]:
On 4/8/08, Curtis LaMasters [EMAIL PROTECTED] wrote:
Walk through the traffic shaper wizard and take note of how the penalty
box
rule is setup. You should be able to replicate that rule for other
IP's.
What are you trying to accomplish?
I would imagine he is wanting WFQ+ which we do not support out of the
box. This question has been asked about 999 times now.
Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] spamd package
Gary, Thanks for the suggestion. My client is a not-for-profit library. They own the hardware. I provide consulting services/labor. So, I believe that their usage is appropriate. I do not sale pre-configured appliances. Gary Buckmaster wrote: Vaughn, You should re-visit the spamhaus terms of service for their Zen service. It is not free for commercial use as you are apparently doing. Otherwise, thank you for the feedback on the package. -Gary Vaughn L. Reid III wrote: I have been successfully using the spamd package for about 2 weeks at one of my client sites, and it is working wonderfully. It has reduced the amount of spam that the site's email server was receiving from about 15000 per day to about 50 to 75 per day. I configured the package as follows: On the external spam data sources page, I have the following 2 items configured: provider: spamhaus type: blacklist provider method: url url: zen.spamhaus.org provider: uceprotect network type: blacklist provider method: file file: http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz On the white list tab, I have the client's local email server's IP address listed. I left the default configuration on the spamd settings tab. I am having excellent luck with this package running on a pair of firewalls using CARP. I manually replicated my settings on both boxes, and it successfully works during failover (although the settings and spam database don't replicate -- but that's a given with most of the add-on packages). I believe that you may be experiencing problems because you don't have your local email server white listed. Vaughn Reid III Michel Servaes wrote: Hi, I just tried to install spamd today, but it seems to block all my messages. I've waited 25 minutes, and still no mail arrives. I also tried to add some blacklist servers from the openbsd/spamd page, but it seems not to really work. It just kept three entries in the greylist, and nothing else passed into that list, nor anything went through the mailserver I entered as next MTA. When I telnetted into the SMTP port on my WAN side (from another location obviously), the SMTP HELO string came very slowly (but changing the value to '0' for the delay didn't make it faster). Where can I find good info on how to configure it basic... from that point I could maybe tweak a little, but a basic guideline would be great to start with. Kind regards, Michel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] limited per IP
On 5/1/08, Luiz Vaz [EMAIL PROTECTED] wrote:
Hi,
I made this simple script and works fine for me.
#!/bin/sh
#Configuration
SUBNET=192.168.XXX.XXX/24
LIMIT_PIPEIN=250Kbit/s
LIMIT_PIPEOUT=250Kbit/s
#Load ipfw
echo -n Loading IPFW:
if [ `kldstat | grep -i ipfw | wc -l` -eq 0 ] ; then
kldload ipfw
echo OK
else
echo NOT NEEDED
fi
#Load dummynet
echo -n Loading DUMMYNET:
if [ `kldstat | grep -i dummynet | wc -l` -eq 0 ] ; then
kldload dummynet
echo OK
else
echo NOT NEEDED
fi
#Create Pipe OUT
echo -n Creating Pipe OUT:
if [ `ipfw list | grep -i pipe 100 | wc -l` -eq 0 ] ; then
ipfw add pipe 100 ip from ${SUBNET} to any /dev/null
echo OK
else
echo NOT NEEDED
fi
#Create Pipe OUT
echo -n Creating Pipe IN:
if [ `ipfw list | grep -i pipe 200 | wc -l` -eq 0 ] ; then
ipfw add pipe 200 ip from any to ${SUBNET} /dev/null
echo OK
else
echo NOT NEEDED
fi
#Config Pipe's
ipfw pipe 100 config mask src-ip 0x00ff bw ${LIMIT_PIPEOUT} queue 10
ipfw pipe 200 config mask dst-ip 0x00ff bw ${LIMIT_PIPEIN} queue 10
echo Pipe in:${LIMIT_PIPEIN}
echo Pipe out:${LIMIT_PIPEOUT}
echo Target Subnet:${SUBNET}
#--end--
Place this script into /usr/local/etc/rc.d/ and use chmod to 751.
Now if the system was restarted, it will come up too.
You must change the subnet to your range.
And don´t forget to fix the bandwidth limit about 5% less than you want.
The abouve script set a 25KB/s in/out rate for each ip address of a subnet
range.
This is the sum of all traffic for that client.
And so, if the client open more than one connection the limit will split
between them.
It works even with p2p.
Do you have PF NAT port forwards in place?
I have noticed that this will break if PF RDR entries are in place.
Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] limited per IP
Yes, a have a whole bunch of redirections on WAN port. And with virtual ip's too. I don´t have this problem because the pipe only works in LAN subnet. It can be obvious, but if you flush the ipfw pipes, all subnet will freeze. Only a direct access to the console or from WAN (thru a early port ssh redirection) can let you solve the problem. Maybe a incorrect setup can cause this too. I tried many combinations and this was the final working version. I saw that pipe/queue setup combination is very delicate. Misunderstood settings can cause a headache. Setting a different IN rate from OUT rate works too. This is usefull for DSL/CABLE connections. So keeping simple and stupid rules, save the day! It´s running up at 6 months on 10 hotels and it solved my problem with p2p traffic and bandwidth eating. Best Regards, Luiz Vaz
Re: [pfSense Support] limited per IP
On 5/1/08, Luiz Vaz [EMAIL PROTECTED] wrote: Yes, a have a whole bunch of redirections on WAN port. And with virtual ip's too. I don´t have this problem because the pipe only works in LAN subnet. It can be obvious, but if you flush the ipfw pipes, all subnet will freeze. Only a direct access to the console or from WAN (thru a early port ssh redirection) can let you solve the problem. Maybe a incorrect setup can cause this too. I tried many combinations and this was the final working version. I saw that pipe/queue setup combination is very delicate. Misunderstood settings can cause a headache. Setting a different IN rate from OUT rate works too. This is usefull for DSL/CABLE connections. So keeping simple and stupid rules, save the day! It´s running up at 6 months on 10 hotels and it solved my problem with p2p traffic and bandwidth eating. Okay, maybe this is the difference from what I was doing. I was creating the pipes bound to the WAN interface. So everything works okay on LAN? Can you try switch to WAN and see if you can duplicate the problem I spoke of? Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] limited per IP
Of course! i can do this tomorow, because i need to be on site. If anything goes wrong i need to be there... Can you send some sample of rules that you are trying? TIA, Luiz Vaz 2008/5/1 Scott Ullrich [EMAIL PROTECTED]: On 5/1/08, Luiz Vaz [EMAIL PROTECTED] wrote: Yes, a have a whole bunch of redirections on WAN port. And with virtual ip's too. I don´t have this problem because the pipe only works in LAN subnet. It can be obvious, but if you flush the ipfw pipes, all subnet will freeze. Only a direct access to the console or from WAN (thru a early port ssh redirection) can let you solve the problem. Maybe a incorrect setup can cause this too. I tried many combinations and this was the final working version. I saw that pipe/queue setup combination is very delicate. Misunderstood settings can cause a headache. Setting a different IN rate from OUT rate works too. This is usefull for DSL/CABLE connections. So keeping simple and stupid rules, save the day! It´s running up at 6 months on 10 hotels and it solved my problem with p2p traffic and bandwidth eating. Okay, maybe this is the difference from what I was doing. I was creating the pipes bound to the WAN interface. So everything works okay on LAN? Can you try switch to WAN and see if you can duplicate the problem I spoke of? Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] limited per IP
On 5/1/08, Luiz Vaz [EMAIL PROTECTED] wrote:
Of course!
i can do this tomorow, because i need to be on site.
If anything goes wrong i need to be there...
Can you send some sample of rules that you are trying?
Yep, they are located in the package:
http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/tools/packages/per-user-bandwidth-distribution.xml?rev=1.18;content-type=text%2Fplain
fwrite($fd, /sbin/kldload ipfw\n);
fwrite($fd, /sbin/kldload dummynet\n);
fwrite($fd, /sbin/ipfw delete 10\n);
fwrite($fd, /sbin/ipfw pipe 101 config mask src-ip 0x00ff
bw
{$_POST['incoming_bandwidth']}{$_POST['incoming_bandwidthtype']}\n);
fwrite($fd, /sbin/ipfw pipe 102 config mask dst-ip 0x00ff
bw
{$_POST['outgoing_bandwidth']}{$_POST['outgoing_bandwidthtype']}\n);
fwrite($fd, /sbin/ipfw add 10 pipe 102 ip from any to any out
via
{$wanif}\n);
fwrite($fd, /sbin/ipfw add 10 pipe 101 ip from any to any in
via
{$wanif}\n);
fwrite($fd, /sbin/ipfw add 10 allow all from any to any\n);
Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] spamd package
So you don't config anything in the SpamD settings at all ? The nextMTA shouldn't be your mailserver ?? I tried with and without, but still no mail gets delivered... If I send a mail (from a spamless address), should the mail be visible in the SpamD database ?? And how much time will it take to be delivered in the true mailbox? 25 minutes, or is this a complete other thing here (the greylist I mean) I used to use MDaemon's SPAM (which was quite easy, since it almost works without a hassle), so this is quite a new approach for me... Vaughn L. Reid III schreef: I have been successfully using the spamd package for about 2 weeks at one of my client sites, and it is working wonderfully. It has reduced the amount of spam that the site's email server was receiving from about 15000 per day to about 50 to 75 per day. I configured the package as follows: On the external spam data sources page, I have the following 2 items configured: provider: spamhaus type: blacklist provider method: url url: zen.spamhaus.org provider: uceprotect network type: blacklist provider method: file file: http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz On the white list tab, I have the client's local email server's IP address listed. I left the default configuration on the spamd settings tab. I am having excellent luck with this package running on a pair of firewalls using CARP. I manually replicated my settings on both boxes, and it successfully works during failover (although the settings and spam database don't replicate -- but that's a given with most of the add-on packages). I believe that you may be experiencing problems because you don't have your local email server white listed. Vaughn Reid III Michel Servaes wrote: Hi, I just tried to install spamd today, but it seems to block all my messages. I've waited 25 minutes, and still no mail arrives. I also tried to add some blacklist servers from the openbsd/spamd page, but it seems not to really work. It just kept three entries in the greylist, and nothing else passed into that list, nor anything went through the mailserver I entered as next MTA. When I telnetted into the SMTP port on my WAN side (from another location obviously), the SMTP HELO string came very slowly (but changing the value to '0' for the delay didn't make it faster). Where can I find good info on how to configure it basic... from that point I could maybe tweak a little, but a basic guideline would be great to start with. Kind regards, Michel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] spamd package
On 5/1/08, Michel Servaes [EMAIL PROTECTED] wrote: So you don't config anything in the SpamD settings at all ? The nextMTA shouldn't be your mailserver ?? I tried with and without, but still no mail gets delivered... Yep. If I send a mail (from a spamless address), should the mail be visible in the SpamD database ?? And how much time will it take to be delivered in the true mailbox? 25 minutes, or is this a complete other thing here (the greylist I mean) About 30 minutes to white list. I used to use MDaemon's SPAM (which was quite easy, since it almost works without a hassle), so this is quite a new approach for me... Verify in /tmp/rules.debug that you have a rdr for port 25 going to the next mta. In fact, post the block of rules around the SpamD rdr. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] limited per IP
Well, in my tests, any to any pipes hanged all the time. And the via setting don't worked well too. The pipe creation order are a problem too. The manual don't talk about this, but you need to create the pipe before apply the mask. Using the way you are trying, the pipe is created in the first command and again on the second. This can cause the hang on wan, because the mask will be set but the queue don't. Taking a deep look, a saw that the mask combination used in your script you are matching the last byte of wan client address. So if a client with address 64.233.167.99 and other 200.221.2.99 are matched as the same. If you want to fix the bandwidth for a internet address you need to use a full 0x mask. Otherwise, Pipe 101 and 102 src-ip and dst-ip are in inverse order. I will rewrite your script using my approach either for LAN and WAN. When it´s ok i will send it to you! TIA, Luiz Vaz
Re: [pfSense Support] limited per IP
On 5/1/08, Luiz Vaz [EMAIL PROTECTED] wrote: Well, in my tests, any to any pipes hanged all the time. And the via setting don't worked well too. The pipe creation order are a problem too. The manual don't talk about this, but you need to create the pipe before apply the mask. Using the way you are trying, the pipe is created in the first command and again on the second. This can cause the hang on wan, because the mask will be set but the queue don't. Taking a deep look, a saw that the mask combination used in your script you are matching the last byte of wan client address. So if a client with address 64.233.167.99 and other 200.221.2.99 are matched as the same. If you want to fix the bandwidth for a internet address you need to use a full 0x mask. Otherwise, Pipe 101 and 102 src-ip and dst-ip are in inverse order. I will rewrite your script using my approach either for LAN and WAN. When it´s ok i will send it to you! Yes, please do, and I will add the package back and you will make a lot of ppl happy. Including a angry user from Lake of Egypt. /me ducks Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] spamd package
It still won't react... I waited more than 30 minutes, but it still doesn't come through... I see in the System log a lot of spamd(1080), disconnect after xxx seconds... This is the snip in my rules.debug : spam table table whitelist persist table blacklist persist table spamd persist table spamd-white persist file "/var/db/whitelist.txt" rdr pass on fxp0 proto tcp from blacklist to port smtp - 127.0.0.1 port spamd rdr pass on fxp0 proto tcp from spamd to port smtp - 127.0.0.1 port spamd rdr pass on fxp0 proto tcp from !spamd-white to port smtp - 127.0.0.1 port spamd rdr pass on fxp0 proto tcp from spamd-white to port smtp - 192.168.10.200 port smtp 192.168.10.200 is our local mailserver. Scott Ullrich schreef: On 5/1/08, Michel Servaes [EMAIL PROTECTED] wrote: So you don't config anything in the SpamD settings at all ? The nextMTA shouldn't be your mailserver ?? I tried with and without, but still no mail gets delivered... Yep. If I send a mail (from a spamless address), should the mail be visible in the SpamD database ?? And how much time will it take to be delivered in the true mailbox? 25 minutes, or is this a complete other thing here (the greylist I mean) About 30 minutes to white list. I used to use MDaemon's SPAM (which was quite easy, since it almost works without a hassle), so this is quite a new approach for me... Verify in /tmp/rules.debug that you have a rdr for port 25 going to the next mta. In fact, post the block of rules around the SpamD rdr. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] spamd package
What I just come to think of... should I disable the rule of pfsense itself ? I have used pfSense for almost 2 months now, and have opened port 25 in the very beginning... might it be that this open port is still there, and that spamd also has an open port ? I think I have the sitation below, when installing spamd ? WAN -- port25 -- LAN 192.168.10.200 WAN -- port25 -- LOCALHOST -- LAN 192.168.10.200 However, when telnetting into port 25 (with or without spamd) I get the answer of my mailserver (very slow with spamd installed, but I guess that would be that option to disappoint a spammer :) ) Michel Servaes schreef: It still won't react... I waited more than 30 minutes, but it still doesn't come through... I see in the System log a lot of spamd(1080), disconnect after xxx seconds... This is the snip in my rules.debug : spam table table whitelist persist table blacklist persist table spamd persist table spamd-white persist file "/var/db/whitelist.txt" rdr pass on fxp0 proto tcp from blacklist to port smtp - 127.0.0.1 port spamd rdr pass on fxp0 proto tcp from spamd to port smtp - 127.0.0.1 port spamd rdr pass on fxp0 proto tcp from !spamd-white to port smtp - 127.0.0.1 port spamd rdr pass on fxp0 proto tcp from spamd-white to port smtp - 192.168.10.200 port smtp 192.168.10.200 is our local mailserver. Scott Ullrich schreef: On 5/1/08, Michel Servaes [EMAIL PROTECTED] wrote: So you don't config anything in the SpamD settings at all ? The nextMTA shouldn't be your mailserver ?? I tried with and without, but still no mail gets delivered... Yep. If I send a mail (from a spamless address), should the mail be visible in the SpamD database ?? And how much time will it take to be delivered in the true mailbox? 25 minutes, or is this a complete other thing here (the greylist I mean) About 30 minutes to white list. I used to use MDaemon's SPAM (which was quite easy, since it almost works without a hassle), so this is quite a new approach for me... Verify in /tmp/rules.debug that you have a rdr for port 25 going to the next mta. In fact, post the block of rules around the SpamD rdr. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] limited per IP
Well do not hope this will ever work. The problem is pretty simple, there are 2 action applied to the same packet while this happens: 1- redirect changes the destination address 2- dummynet which just keeps the packet according to preconfigured conditions and than reloops the packet. IE a packet from 192.168.1.1 to www.yahoo.com enters the WAN interface in ip_input() it hits a pf rdr rule which changes www.yahoo.com to www.internal.yahoo.com after that the packet hits a ipfw dummynet rule which after doing its QoS reloops the packet to ip_input() which again sends it to pf which again hits the rdr rule which in case of tcp drops the packet since a state already exists or the packet loops in the stack forever exausting it with udp this might not happen but you also might get a recursion in some cases. Teh solution is just 2 flags to the pf tag or 2 new mbuf flags which state that the packet has already been processed by pf and all this would get fixed. Why i haven't fixed this as of now well it is on the list :S Greetings, Ermal On Thu, May 1, 2008 at 10:30 PM, Scott Ullrich [EMAIL PROTECTED] wrote: On 5/1/08, Luiz Vaz [EMAIL PROTECTED] wrote: Well, in my tests, any to any pipes hanged all the time. And the via setting don't worked well too. The pipe creation order are a problem too. The manual don't talk about this, but you need to create the pipe before apply the mask. Using the way you are trying, the pipe is created in the first command and again on the second. This can cause the hang on wan, because the mask will be set but the queue don't. Taking a deep look, a saw that the mask combination used in your script you are matching the last byte of wan client address. So if a client with address 64.233.167.99 and other 200.221.2.99 are matched as the same. If you want to fix the bandwidth for a internet address you need to use a full 0x mask. Otherwise, Pipe 101 and 102 src-ip and dst-ip are in inverse order. I will rewrite your script using my approach either for LAN and WAN. When it´s ok i will send it to you! Yes, please do, and I will add the package back and you will make a lot of ppl happy. Including a angry user from Lake of Egypt. /me ducks Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Spamd
Spamd Database shows only white listed host, also unable to blacklist ips. any I Ideas? Thanks guys Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
