Re: [pfSense Support] SpamD Broken Behavior Fixed, see attached patch.
Tim A. wrote: Scott Ullrich wrote: Hey this is great, thank you! Can you please do a diff -rub and then email the patch as an attachment to coret...@pfsense.org and I will get it promptly committed. Done. I've also attached a patch for spamd_db.php that makes the GUI more accurate and informative in the db accounting. I'd also like to modify the package to add options for enabling spamd-setup -b and spamlogd -I options which I use and should be selectable I think. There should also be a blacklist tab for editing the blacklist.txt file, just as there is with the whitelist.txt\ ~Tim I am disappointed to see SpamD was removed from the packages rather than fixed. Now I need it. How do I get it? I can fix it after its installed, but I'm not sure how to make the package to get it installed --- filter.inc_1.2.2-REL2009-06-18 22:09:05.0 -0400 +++ filter.inc_1.2.2-REL-spamd-fix 2009-06-18 21:35:09.0 -0400 @@ -810,21 +810,26 @@ /* is SPAMD insalled? */ if (is_package_installed(spamd) == 1) { $natrules .= \n# spam table \n; - + if(file_exists(/var/db/whitelist.txt)) + $natrules .= table whitelist persist file \/var/db/whitelist.txt\\n; + else $natrules .= table whitelist persist\n; + if(file_exists(/var/db/blacklist.txt)) + $natrules .= table blacklist persist file \/var/db/blacklist.txt\\n; + else $natrules .= table blacklist persist\n; $natrules .= table spamd persist\n; - if(file_exists(/var/db/whitelist.txt)) - $natrules .= table spamd-white persist file \/var/db/whitelist.txt\\n; - $natrules .= rdr pass on {$wanif} proto tcp from blacklist to port smtp - 127.0.0.1 port spamd\n; - $natrules .= rdr pass on {$wanif} proto tcp from spamd to port smtp - 127.0.0.1 port spamd\n; - $natrules .= rdr pass on {$wanif} proto tcp from !spamd-white to port smtp - 127.0.0.1 port spamd\n; + $natrules .= table spamd-white persist\n; + if($config['installedpackages']['spamdsettings']['config']) foreach($config['installedpackages']['spamdsettings']['config'] as $ss) $nextmta = $ss['nextmta']; - if($nextmta ) { - $natrules .= rdr pass on {$wanif} proto tcp from spamd-white to port smtp - {$nextmta} port smtp\n; - } + if($nextmta ) +$natrules .= rdr pass on {$wanif} proto tcp from { spamd-white whitelist } to port smtp - {$nextmta} port smtp\n; + else + $natrules .= no rdr on {$wanif} proto tcp from whitelist to any port = smtp\n; + $natrules .= rdr pass on {$wanif} proto tcp from { blacklist spamd } to port smtp - 127.0.0.1 port spamd\n; + $natrules .= rdr pass on {$wanif} proto tcp from { !spamd-white } to port smtp - 127.0.0.1 port spamd\n; } /* load balancer anchor */ --- spamd_db.php_1.2.2-REL 2009-06-18 01:56:34.0 -0400 +++ spamd_db.php_1.2.2-REL-spamd-fix2009-06-18 11:15:14.0 -0400 @@ -176,17 +176,18 @@ include(head.inc); if(file_exists(/var/db/whitelist.txt)) - $whitelist_items = `cat /var/db/whitelist.txt | wc -l`; + $static_whitelist_items = `pfctl -T show -t whitelist | wc -l`; else $whitelist_items = 0; if(file_exists(/var/db/blacklist.txt)) - $blacklist_items = `cat /var/db/blacklist.txt | wc -l`; + $static_blacklist_items = `pfctl -T show -t blacklist | wc -l`; else $blacklist_items = 0; // Get an overall count of the database $spamdb_items = `/usr/local/sbin/spamdb | wc -l`; +$accounted_items = $spamdb_items + $static_whitelist_items + $static_blacklist_items; // Get blacklist and whitelist count from database $spamdb_white = `/usr/local/sbin/spamdb | grep WHITE | wc -l`; @@ -194,8 +195,8 @@ $spamdb_grey = `/usr/local/sbin/spamdb | grep GREY | wc -l`; // Now count the user contributed whitelist and blacklist count -$whitelist_items = $whitelist_items + $spamdb_white; -$blacklist_items = $blacklist_items + $spamdb_black; +$whitelist_items = $static_whitelist_items + $spamdb_white; +$blacklist_items = $static_blacklist_items + $spamdb_black; ? body link=#00 vlink=#00 alink=#00 @@ -447,10 +448,11 @@ br pfont size=-2bDatabase totals:/bbrfont size=-3br ?php - echo {$whitelist_items} total items in the whitelist.br; - echo {$blacklist_items} total items in the blacklist.br; + echo {$whitelist_items} total items in the whitelist: {$spamdb_white} dynamic, {$static_whitelist_items} static (/var/db/whitelist.txt).br; +
Re: [pfSense Support] SpamD Broken Behavior Fixed, see attached patch.
On Thu, Jun 18, 2009 at 10:25 AM, Tim A. pfse...@lists.goldenpath.org wrote: filter.inc.patch: necessary for the correct operation of spamd Table whitelist exists but was never populated or used. Fixed. Table blacklist exists but was never populated. Fixed. Broken rule logic for whitelist entries, either (rdr) or (no rdr). Fixed. Comments: I guess no one noticed that the static whitelisting didn't work, since the same entries would eventually be dynamically whitelisted anyway. You can observe the broken behavior clearly by whitelisting a test IP that is known to not be dynamically whitelisted already, then telneting to any IP behind pfsense on port 25 from the test IP. Having been whitelisted, you should not be rdr(ed) to spamd. But you are. The problem was in using spamd-white as the same table for both static and dynamic entries. spamlogd removes the entries immediately after they're loaded. Blacklisting (via /var/db/blacklist.txt) did not work. Hey this is great, thank you! Can you please do a diff -rub and then email the patch as an attachment to coret...@pfsense.org and I will get it promptly committed. Thanks for working on this! Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SpamD Broken Behavior Fixed, see attached patch.
Scott Ullrich wrote: Can you please do a diff -rub you want a recursive diff of the whole system? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SpamD Broken Behavior Fixed, see attached patch.
On Thu, Jun 18, 2009 at 9:24 PM, Tim A.pfse...@lists.goldenpath.org wrote: Scott Ullrich wrote: Can you please do a diff -rub you want a recursive diff of the whole system? No, sorry I was not more clear. Just a diff -rub of filter.inc Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SpamD Broken Behavior Fixed, see attached patch.
Scott Ullrich wrote: want a recursive diff of the whole system? No, sorry I was not more clear. Just a diff -rub of filter.inc No, no, I'm unfamiliar with the process. I'm sure you were perfectly clear. Ok, but I'll have to clean up first. A diff -rub in my current setup is messy. I guess I'm working a bit bass ackwards here. I copied the modified file from my production box (1.2.2) to my new 1.2.2 dev VM and diffed it there, removing the additional (dev) entries by hand, leaving only the pertinent. Anyway, I have a standard 1.2.2 vm installing and can do it there when its done.
Re: [pfSense Support] SpamD Broken Behavior Fixed, see attached patch.
Scott Ullrich wrote: Hey this is great, thank you! Can you please do a diff -rub and then email the patch as an attachment to coret...@pfsense.org and I will get it promptly committed. Done. I've also attached a patch for spamd_db.php that makes the GUI more accurate and informative in the db accounting. I'd also like to modify the package to add options for enabling spamd-setup -b and spamlogd -I options which I use and should be selectable I think. There should also be a blacklist tab for editing the blacklist.txt file, just as there is with the whitelist.txt\ ~Tim --- filter.inc_1.2.2-REL2009-06-18 22:09:05.0 -0400 +++ filter.inc_1.2.2-REL-spamd-fix 2009-06-18 21:35:09.0 -0400 @@ -810,21 +810,26 @@ /* is SPAMD insalled? */ if (is_package_installed(spamd) == 1) { $natrules .= \n# spam table \n; - + if(file_exists(/var/db/whitelist.txt)) + $natrules .= table whitelist persist file \/var/db/whitelist.txt\\n; + else $natrules .= table whitelist persist\n; + if(file_exists(/var/db/blacklist.txt)) + $natrules .= table blacklist persist file \/var/db/blacklist.txt\\n; + else $natrules .= table blacklist persist\n; $natrules .= table spamd persist\n; - if(file_exists(/var/db/whitelist.txt)) - $natrules .= table spamd-white persist file \/var/db/whitelist.txt\\n; - $natrules .= rdr pass on {$wanif} proto tcp from blacklist to port smtp - 127.0.0.1 port spamd\n; - $natrules .= rdr pass on {$wanif} proto tcp from spamd to port smtp - 127.0.0.1 port spamd\n; - $natrules .= rdr pass on {$wanif} proto tcp from !spamd-white to port smtp - 127.0.0.1 port spamd\n; + $natrules .= table spamd-white persist\n; + if($config['installedpackages']['spamdsettings']['config']) foreach($config['installedpackages']['spamdsettings']['config'] as $ss) $nextmta = $ss['nextmta']; - if($nextmta ) { - $natrules .= rdr pass on {$wanif} proto tcp from spamd-white to port smtp - {$nextmta} port smtp\n; - } + if($nextmta ) +$natrules .= rdr pass on {$wanif} proto tcp from { spamd-white whitelist } to port smtp - {$nextmta} port smtp\n; + else + $natrules .= no rdr on {$wanif} proto tcp from whitelist to any port = smtp\n; + $natrules .= rdr pass on {$wanif} proto tcp from { blacklist spamd } to port smtp - 127.0.0.1 port spamd\n; + $natrules .= rdr pass on {$wanif} proto tcp from { !spamd-white } to port smtp - 127.0.0.1 port spamd\n; } /* load balancer anchor */ --- spamd_db.php_1.2.2-REL 2009-06-18 01:56:34.0 -0400 +++ spamd_db.php_1.2.2-REL-spamd-fix2009-06-18 11:15:14.0 -0400 @@ -176,17 +176,18 @@ include(head.inc); if(file_exists(/var/db/whitelist.txt)) - $whitelist_items = `cat /var/db/whitelist.txt | wc -l`; + $static_whitelist_items = `pfctl -T show -t whitelist | wc -l`; else $whitelist_items = 0; if(file_exists(/var/db/blacklist.txt)) - $blacklist_items = `cat /var/db/blacklist.txt | wc -l`; + $static_blacklist_items = `pfctl -T show -t blacklist | wc -l`; else $blacklist_items = 0; // Get an overall count of the database $spamdb_items = `/usr/local/sbin/spamdb | wc -l`; +$accounted_items = $spamdb_items + $static_whitelist_items + $static_blacklist_items; // Get blacklist and whitelist count from database $spamdb_white = `/usr/local/sbin/spamdb | grep WHITE | wc -l`; @@ -194,8 +195,8 @@ $spamdb_grey = `/usr/local/sbin/spamdb | grep GREY | wc -l`; // Now count the user contributed whitelist and blacklist count -$whitelist_items = $whitelist_items + $spamdb_white; -$blacklist_items = $blacklist_items + $spamdb_black; +$whitelist_items = $static_whitelist_items + $spamdb_white; +$blacklist_items = $static_blacklist_items + $spamdb_black; ? body link=#00 vlink=#00 alink=#00 @@ -447,10 +448,11 @@ br pfont size=-2bDatabase totals:/bbrfont size=-3br ?php - echo {$whitelist_items} total items in the whitelist.br; - echo {$blacklist_items} total items in the blacklist.br; + echo {$whitelist_items} total items in the whitelist: {$spamdb_white} dynamic, {$static_whitelist_items} static (/var/db/whitelist.txt).br; + echo {$blacklist_items} total items in the blacklist: {$spamdb_black} dynamic, {$static_blacklist_items} static (/var/db/blacklist.txt).br; echo {$spamdb_grey} total items in the greylist.br;
Re: [pfSense Support] SpamD Broken Behavior Fixed, see attached patch.
On Thu, Jun 18, 2009 at 9:53 PM, Tim A.pfse...@lists.goldenpath.org wrote: No, no, I'm unfamiliar with the process. I'm sure you were perfectly clear. Ok, but I'll have to clean up first. A diff -rub in my current setup is messy. I guess I'm working a bit bass ackwards here. I copied the modified file from my production box (1.2.2) to my new 1.2.2 dev VM and diffed it there, removing the additional (dev) entries by hand, leaving only the pertinent. Anyway, I have a standard 1.2.2 vm installing and can do it there when its done. All you need to do is use the -rub option with diff the next time. When you try to apply your patch it will not work. For example: diff -rub filter.inc.new filter.inc.old (I may have the arguments reversed but it should be obvious). Thanks, Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SpamD Broken Behavior Fixed, see attached patch.
Scott Ullrich wrote: All you need to do is use the -rub option with diff the next time. When you try to apply your patch it will not work. I thought there might be a problem. When I tested the patch it complained but worked out anyway. So I figured it was ok. Will -rub em from now on.