Re: Spamd - whitelist of mis-behaving SMTP server POOLS

On 10/19/06, Steve Williams [EMAIL PROTECTED] wrote: I am 99% sure that I have seen on the internet SOMEWHERE a whitelist of servers that are like this. I thought Bob Beck had forwarded one at one point in time, but I can only find his post regarding the tarfile he maintains for the zombie

Re: Spamd - whitelist of mis-behaving SMTP server POOLS

rules for spamd no rdr inet proto tcp from mywhite to any port smtp -- Then I manually add certain pools to whitelist.txt. Sometimes you get lucky and find SPF entries, like for gmail. Otherwise you have to make a guess. FYI, host -ttxt bellsouth.net returns 205.152.58.0/23 for spf. Oh, I

Re: Spamd - whitelist of mis-behaving SMTP server POOLS

these mis-behaving server pools? Anyone else?? Thanks, Steve Williams As seen on undeadly: http://home.xnet.com/~ansible/openbsd_spamd_conf.html contains a tutorial on setting up spamd on OpenBSD. It is helpful as it shows an example script that creates a whitelist by looking at SPF DNS records

Re: pf/spamd issue: single ip drowns in big blacklist blocks - Or, how to create a fastlane for whitelisted hosts?

Steve Tornio wrote: On Sep 27, 2006, at 6:10 PM, Rickard Borgmdster wrote: What I see as the problem here, is that the blacklisting occurs before the whitelisting. So that, when a large block such as 31.32.33.0/24 is in spamd and I wish to whitelist 31.32.33.188, that whitelist entry

Re: pf/spamd issue: single ip drowns in big blacklist blocks - Or, how to create a fastlane for whitelisted hosts?

On 2006/09/28 08:39, Rickard Borgmdster wrote: If that is the case, it's terrific :-) But it still doesn't take care of the fastlane, so that whitelisted host doesn't have to go trough the greylist process. Or does it? You want no rdr in pf.conf.

Re: pf/spamd issue: single ip drowns in big blacklist blocks - Or, how to create a fastlane for whitelisted hosts?

will bypass the greylisting process. Incidentally, if you want to set up a list of networks that never hit spamd, you can do that in pf. The following snippet comes from my pf.conf, with the mail server running on the same box. The nogreylist file contains a list of networks that use mail

Running spamd/greylisting on multiple mail servers

I am considering doing an OpenBSD transparent bridge with spamd/pf to add greylisting to two of our existing email servers. Both servers have equally waited MX records pointing at each of them and they both reside on the same subnet/ethernet segment. Would it make more sense to have one system

Re: Running spamd/greylisting on multiple mail servers

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] I am considering doing an OpenBSD transparent bridge with spamd/pf to add greylisting to two of our existing email servers. Both servers have equally waited MX records pointing at each of them and they both reside on the same subnet

Re: Running spamd/greylisting on multiple mail servers

the load and defend against an attack that might happen while the 3rd is being serviced. Also, I have no idea what size server I am going to need for the bridge/spamd machine. We're currently doing between 1.5 2 million emails a day. Can anyone else share what type of hardware/memory etc

Re: Running spamd/greylisting on multiple mail servers

and the other two could still process the load and defend against an attack that might happen while the 3rd is being serviced. It's actually closer to 20,000 mailboxes. Also, I have no idea what size server I am going to need for the bridge/spamd machine. We're currently doing between 1.5

Re: Running spamd/greylisting on multiple mail servers

On 2006/09/28 17:04, Eric Merkel wrote: I am considering doing an OpenBSD transparent bridge with spamd/pf to add greylisting to two of our existing email servers. rdr on a transparent bridge is not entirely straightforward. spamd fits better on a box in the normal (L3) route towards the mail

pf/spamd issue: single ip drowns in big blacklist blocks - Or, how to create a fastlane for whitelisted hosts?

Hello, I've been looking att the default redirection rule (from spamd(8)) for greylisting with spamd and pf. It looks like this: table spamd persist table spamd-white persist rdr pass inet proto tcp from spamd to any port smtp - 127.0.0.1 port spamd rdr pass inet proto tcp from !spamd-white

Re: pf/spamd issue: single ip drowns in big blacklist blocks - Or, how to create a fastlane for whitelisted hosts?

On Sep 27, 2006, at 6:10 PM, Rickard Borgmdster wrote: What I see as the problem here, is that the blacklisting occurs before the whitelisting. So that, when a large block such as 31.32.33.0/24 is in spamd and I wish to whitelist 31.32.33.188, that whitelist entry will have no effect

scan of /var/db/spamd failed

Hi all! I made a question yesterday, and had no answers. I think I gave poor informations. So, trying again. I'm having trouble with spamd on a OpenBSD 3.9 I am using spamd in greylisting mode, starting it on rc.conf like this: spamd_flags=-v -G 25:4:864 # for spamd_grey=YES # use

scan of /var/db/spamd failed

Hi all! My /var/log/messages is full of messages saying that spamd failed to scan his db file. It says: scan of /var/db/spamd failed Somebody got some erros like this? My spamdb has 63MB. Could it be the reason? I am using spamd in greylisting mode. Thanks, Thiago

Re: spamd and TLS on port 25

On Thu, Aug 10, 2006 at 04:06:38PM -0600, Bob Beck wrote: Also, while STARTTLS does have its merits, it's still better suited for handling MTA authentication than protecting user data - use GPG for the latter. STARTTLS opportunistically between MTA's is wonderful for making shit

Re: spamd and TLS on port 25

On 8/10/06, Will H. Backman [EMAIL PROTECTED] wrote: Darrin Chandler wrote: However, if the connecting party *requires* TLS then it would have a problem with spamd. Is that the trouble you're having? Yes. I'm protecting a Microsoft Exchange server with spamd on an openbsd bridge. Because

Re: spamd and TLS on port 25

For those servicing larger networks such as universities' ResNets or campus networks, using a mandatory smarthost can be an excellent detection tool to see which users/stations need to end up in a quarantine. Granted, the largest customer base for this sort of thing are likely to be

Re: spamd and TLS on port 25

* Bob Beck [EMAIL PROTECTED] [2006-08-11 08:23]: Speaking as someone who does this, for the truly big university there are a lot of clueless idiots... Gee, although I suppose I should use my openbsd.org address when giving such advice. Let me rephase - At most universities other

Re: spamd and TLS on port 25

a server on port 25, the correct way would be to use STARTTLS, which is supported by exchange, should work with spamd and all sane MUAs or MTAs. Note, though, that using STARTTLS and spamd will leak information (recipient addresses will be sent unencrypted to spamd). This may or may

Re: spamd and TLS on port 25

the Exchange server to port 587 or 465 with pf. If you *want* to have a server on port 25, the correct way would be to use STARTTLS, which is supported by exchange, should work with spamd and all sane MUAs or MTAs. Note, though, that using STARTTLS and spamd will leak information (recipient

Re: spamd and TLS on port 25

to keep track of associations between people. So, ah, back to the question: if you're concerned about this sort of information leaking, yes spamd could be a problem. And if you're concerned about message body leaking, you might want to make sure users are _never_ blacklisted.

spamd and TLS on port 25

Am I correct in assuming that spamd and TLS on port 25 don't get along? -- Will

Re: spamd and TLS on port 25

On 8/10/06, Will H. Backman [EMAIL PROTECTED] wrote: Am I correct in assuming that spamd and TLS on port 25 don't get along? Given a mail server (or MUA) that is configured to require TLS on a port it connects to, it will likely have a problem with any other end not offering TLS capability

Re: spamd and TLS on port 25

On Thu, Aug 10, 2006 at 09:39:56AM -0400, Will H. Backman wrote: Am I correct in assuming that spamd and TLS on port 25 don't get along? -- Will Remember that you get *either* spamd *or* your MTA. So there's no getting along to deal with. However, if the connecting party *requires* TLS

Re: spamd and TLS on port 25

Darrin Chandler wrote: On Thu, Aug 10, 2006 at 09:39:56AM -0400, Will H. Backman wrote: Am I correct in assuming that spamd and TLS on port 25 don't get along? -- Will Remember that you get *either* spamd *or* your MTA. So there's no getting along to deal with. However

Re: spamd and TLS on port 25

Exchange with a more benign MTA (e.g. Postfix, sendmail) and add spamd into the mix if you desire. For relaying, all you need is a way to validate the usernames. Using the Exchange's LDAP repository as a lookup table for Postfix or exporting valid users and their passwords to a Postfix lookup table

Re: spamd and TLS on port 25

issue. Perhaps you'd benefit from a solution of shielding your Exchange with a more benign MTA (e.g. Postfix, sendmail) and add spamd into the mix if you desire. For relaying, all you need is a way to validate the usernames. Using the Exchange's LDAP repository as a lookup table

Re: spamd and TLS on port 25

From: [EMAIL PROTECTED] Note that at least Postfix has an independent greylisting implementation (postgrey); I'm fairly sure it's not the only one, and also fairly sure that there is a piece of code matching /milter/ and /grey/ around.

Re: spamd and TLS on port 25

On 8/10/06, Joachim Schipper [EMAIL PROTECTED] wrote: Note that at least Postfix has an independent greylisting implementation True and these implementations may even be quite nice. I never felt much of a need to try it out after having setup spamd. Both are likely to work with STARTTLS

Re: spamd and TLS on port 25

after having setup spamd. I can imagine. Both are likely to work with STARTTLS; spamd isn't going to do that. And spamd shouldn't, either. For submission purposes, the clean solution is use an alternate port (as it's a different bit of the e-mail system). For user mail submission, I see

Re: spamd and TLS on port 25

Completely correct. spamd does not do TLS. It doesn't need to. since starttls will fail the mailer will fall back anyway. * Will H. Backman [EMAIL PROTECTED] [2006-08-10 07:58]: Am I correct in assuming that spamd and TLS on port 25 don't get along

Re: spamd and TLS on port 25

Yes. I'm protecting a Microsoft Exchange server with spamd on an openbsd bridge. Because Microsoft Outlook uses Microsoft's way of having MUAs talk to MTAs, there is no problem there. I also enabled IMAPS (port 993) and SMTP-TLS (port 25) on the Exchange Server so that normal mail

Re: spamd and TLS on port 25

Also, while STARTTLS does have its merits, it's still better suited for handling MTA authentication than protecting user data - use GPG for the latter. STARTTLS opportunistically between MTA's is wonderful for making shit like Carnivore unusable. The Government should not be able to

Re: spamd and TLS on port 25

On 8/10/06, Joachim Schipper [EMAIL PROTECTED] wrote: Keep a few sanity checks (e.g. no more than X recipients for a message or no more than 100 messages a minute) snip This also helps against compromised boxes - i.e., it limits the damage. So it's generally a good idea to have some limit.

Re: spamd and spamlogd syslog level

* Will H. Backman [EMAIL PROTECTED] [2006-08-08 09:51]: Does anyone know why spamd and spamlogd log to syslog at different log levels. It isn't too hard to change syslog.conf to include daemon.debug in order to capture output from spamlogd, but why the difference? because spamlogd

spamd and spamlogd syslog level

Does anyone know why spamd and spamlogd log to syslog at different log levels. It isn't too hard to change syslog.conf to include daemon.debug in order to capture output from spamlogd, but why the difference?

Re: spamd and spamlogd syslog level

On Tue, Aug 08, 2006 at 11:39:22AM -0400, Will H. Backman wrote: Does anyone know why spamd and spamlogd log to syslog at different log levels. It isn't too hard to change syslog.conf to include daemon.debug in order to capture output from spamlogd, but why the difference? I would consider

Re: spamd and spamlogd syslog level

On Tue, Aug 08, 2006 at 11:39:22AM -0400, Will H. Backman wrote: Does anyone know why spamd and spamlogd log to syslog at different log levels. It isn't too hard to change syslog.conf to include daemon.debug in order to capture output from spamlogd, but why the difference? Presumably

spamd greylist and stutter/delay

I have spamd get up in a simple greylist mode, but I left the default /etc/spamd.conf file intact. I'm not running spamd-setup. By default, spamd is stuttering for 10 seconds, but watching /var/log/daemon, I also noticed that connections from spews and other lists are lasting for over 400

Re: spamd greylist and stutter/delay

On Mon, Aug 07, 2006 at 12:26:18PM -0400, Will H. Backman wrote: I have spamd get up in a simple greylist mode, but I left the default /etc/spamd.conf file intact. ... I'm not running spamd-setup. /etc/rc is tho. once, during boot; after it loads spamd, /etc/rc unconditionally fires

Re: simple spamd greylisting on transparent bridge

Will H. Backman wrote: Will H. Backman wrote: Is this a sane minimum configuration for spamd -g on a transparent bridge? Is it unwise to only greylist? 1. Create bridge with no IP's. 2. pf=YES and spamd_flags=-g in /etc/rc.conf.local 3. Simple three line /etc/pf.conf: ext_if=xl0 rdr

simple spamd greylisting on transparent bridge

Is this a sane minimum configuration for spamd -g on a transparent bridge? Is it unwise to only greylist? 1. Create bridge with no IP's. 2. pf=YES and spamd_flags=-g in /etc/rc.conf.local 3. Simple three line /etc/pf.conf: ext_if=xl0 rdr pass inet proto tcp from !spamd-white to any

Re: simple spamd greylisting on transparent bridge

Will H. Backman wrote: Is this a sane minimum configuration for spamd -g on a transparent bridge? Is it unwise to only greylist? 1. Create bridge with no IP's. 2. pf=YES and spamd_flags=-g in /etc/rc.conf.local 3. Simple three line /etc/pf.conf: ext_if=xl0 rdr pass inet proto tcp

Re: simple spamd greylisting on transparent bridge

Will H. Backman wrote: Is this a sane minimum configuration for spamd -g on a transparent bridge? Is it unwise to only greylist? I white-, black- and greylist (in that order). Greylisting requires regular administration due to mail server pools and such. I have not tested, but I strongly

New personal spamd record

I found this too funny not to share. A little Perl script processing of my spamd log revealed a spammer from China had made 138 attempts to deliver spam with a cumulative time of ~15 hours. 15 hours! You can't make this stuff up! I like to think those 15 hours of tar pit torment just made

Re: problem with spamd

Hi, The -g flag is not neccesary in rc.conf, when the system receive the proccess add it: _spamd 25447 0.0 0.4 9172 4268 ?? S 9:07AM 0:00.04 /usr/libexec/spamd -v -G 8:4:864 -g The spamd log include two different entries, the spamassassin daemon (spamd) and spamd openbsd: Jul 13 09

Re: problem with spamd

The spamd log include two different entries, the spamassassin daemon (spamd) and spamd openbsd: Jul 13 09:32:56 www2 spamd[25447]: (GREY) 200.xxx.xxx.xxx: [EMAIL PROTECTED] - [EMAIL PROTECTED] Jul 13 09:32:56 www2 spamd[25447]: 200.xxx.xxx.xxx: disconnected after 11 seconds. Jul 13 09:33

Re: problem with spamd

pf rules set up correctly. OpenBSD spamd does not deliver ANY messages to an MTA - it only manipulates pf. You appear to think that spamd will pass the message on. It does not. OK. After spamd check mail, ?how it known where proccess or where deliver? by example, make a MX query

spamd greylisting

Hi All, I just configure my first spamd -g, I have a collegue in Korea who is sending me a message, however it did not get through. I tried to whitelist it, however it still did not get through. This is the spamdb WHITE|61.78.36.103|||1152841491|1152841518|1155951918|1|0 WHITE|61.78.36.104

Re: spamd greylisting

You haven't showed your pf rules. If your friend is blocked because you are using the korea blacklist un-greylisting him won't help. Using the standard example from the man page: rdr pass inet proto tcp from spamd to any \ port smtp - 127.0.0.1 port spamd rdr pass inet

Re: spamd greylisting

check your /etc/spamd.conf have you added your whitelist to the check list? http://www.openbsd.org/cgi-bin/man.cgi?query=spamd.confsektion=5arch=i386apropos=0manpath=OpenBSD+3.9 Venture37 -- The truth, the half-truth, and nothing like the truth. - Mark Brandon Read

problem with spamd

Hi all. I have a problem with spamd in Openbsd 3.9/x86, something about my setup: 1.) One server with openbsd 3.9/x86 2.) Sendmail patchs installed (openbsd 3.9 errata). 3.) One NIC (em0) with private address (192.168.x.x/24). 4.) One propietary firewall in front of server, with NAT rules

Re: problem with spamd

is a cisco pix In linux, recommend change net.ipv4.tcp_window_scaling = 0, how i can made this in openbsd? On Wed, 2006-07-12 at 11:40 -0500, Polkan Garcia wrote: Hi all. I have a problem with spamd in Openbsd 3.9/x86, something about my setup: 1.) One server with openbsd 3.9/x86 2

[SOLVED] Re: problem with spamd

? On Wed, 2006-07-12 at 11:40 -0500, Polkan Garcia wrote: Hi all. I have a problem with spamd in Openbsd 3.9/x86, something about my setup: 1.) One server with openbsd 3.9/x86 2.) Sendmail patchs installed (openbsd 3.9 errata). 3.) One NIC (em0) with private address (192.168.x.x/24

Re: problem with spamd

is a cisco pix In linux, recommend change net.ipv4.tcp_window_scaling = 0, how i can made this in openbsd? On Wed, 2006-07-12 at 11:40 -0500, Polkan Garcia wrote: Hi all. I have a problem with spamd in Openbsd 3.9/x86, something about my setup: 1.) One server with openbsd

Re: problem with spamd

that changing these parameters wouldn't allieviate the issue tho. Anyone can help me?, why my spamd doesn't work from outside? tcpdump -ni $ext -Xs1500 port 25 and src host $incoming_testing_host ? -- jared [ openbsd 3.9-current GENERIC ( may 1 ) // i386 ]

Re: problem with spamd

Hi, my original problem was solved... (cisco pix bug) Now, i have another :( In the openbsd server i have sendmail, smtp-vilter, clamd, spamassassin, etc. The original idea is, the mail sent to openbsd server is checked by spamd and next is sent to sendmail to process it. Now, send messages

Re: problem with spamd

On Wed, Jul 12, 2006 at 01:44:34PM -0500, Polkan Garcia wrote: The original idea is, the mail sent to openbsd server is checked by spamd and next is sent to sendmail to process it. Now, send messages to openbsd's box and works fine (using spamdb output) but does not delivered to sendmail

Re: ddos mail attack thwarted by spamd greylisting!

, spamd greylisting saved the day. If it wasn't for BASE/snort reporting of the portscan, I wouldn't have even bothered looking in my logs tonite, and probably would never have been aware of the thwarted attempt. Good thing they're only portscanning and mailbombing you

Re: ddos mail attack thwarted by spamd greylisting!

On Fri, Jun 16, 2006 at 09:44:32AM -0600, Bob Beck wrote: * Joachim Schipper [EMAIL PROTECTED] [2006-06-15 18:03]: On Tue, Jun 13, 2006 at 01:07:46AM -0600, Bob Beck wrote: Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort reporting of the portscan, I wouldn't have

Re: ddos mail attack thwarted by spamd greylisting!

* Joachim Schipper [EMAIL PROTECTED] [2006-06-15 18:03]: On Tue, Jun 13, 2006 at 01:07:46AM -0600, Bob Beck wrote: Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort reporting of the portscan, I wouldn't have even bothered looking in my logs tonite, and probably

Re: ddos mail attack thwarted by spamd greylisting!

On Thu, Jun 15, 2006 at 10:02:49AM +0700, riwanlky wrote: Hi Guys, I am going to install IDS for my firewall. According to this message snort have problem, is there any alternative IDS? Is there any IPS? I've heard good things about Bro-IDS http://www.bro-ids.org. It's not in ports, though,

Re: ddos mail attack thwarted by spamd greylisting!

On Tue, Jun 13, 2006 at 01:07:46AM -0600, Bob Beck wrote: Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort reporting of the portscan, I wouldn't have even bothered looking in my logs tonite, and probably would never have been aware of the thwarted attempt

Re: ddos mail attack thwarted by spamd greylisting!

Hi Guys, I am going to install IDS for my firewall. According to this message snort have problem, is there any alternative IDS? Is there any IPS? Thanks, Riwan At 01:07 AM 6/13/2006 -0600, Bob Beck wrote: Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort reporting

Re: ddos mail attack thwarted by spamd greylisting!

Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort reporting of the portscan, I wouldn't have even bothered looking in my logs tonite, and probably would never have been aware of the thwarted attempt. Good thing they're only portscanning and mailbombing you

Spamd on DMZ servers ?

Well i want to configure spamd to stop spam, but the mail server is in my DMZ its a non openbsd system, so i was thinking will spamd work ? as i have an openbsd firewall which is rdr redirecting traffic to the internal mail server ? i hope you understood what i ment ? regards *:$., 88

Re: Spamd on DMZ servers ?

On Sun, 11 Jun 2006 23:58:30 -0700 (PDT), S t i n g r a y wrote: Well i want to configure spamd to stop spam, but the mail server is in my DMZ its a non openbsd system, so i was thinking will spamd work ? as i have an openbsd firewall which is rdr redirecting traffic to the internal mail server

ddos mail attack thwarted by spamd greylisting!

Wow. Mailbomb attack attempts from 3 different spam bots, from 3 different cable systems in the US, all at the same time, with the same random fake hotmail accounts, after a portscan from one of the 3 bots. Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort reporting

Spamd greytrapping mistaken identity. Bug?

Last night I set up greytrapping entries in spamd for the first time. This morning I could see greytrapped entries in the output of spamdb so I decided to try the experience of being a (pseudo) spammer against my own network. Here is a capture of an attempt to send mail from another location

Spamd log question

I can't seem to find an explanation for this in the man pages (excuse my blindness if it is stated), but what does the '(17/16)' indicate in log entries such as this.. Jun 1 00:01:33 guardian spamd[9554]: 209.59.102.252: connected (17/16) Mike

Re: Spamd log question

On Wed, May 31, 2006 at 10:31:18PM -0400, Mike Spenard wrote: I can't seem to find an explanation for this in the man pages (excuse my blindness if it is stated), but what does the '(17/16)' indicate in log entries such as this.. Jun 1 00:01:33 guardian spamd[9554]: 209.59.102.252

Re: Spamd log question

), but what does the '(17/16)' indicate in log entries such as this.. Jun 1 00:01:33 guardian spamd[9554]: 209.59.102.252: connected (17/16) From what I've gathered by watching logs, it's (total conns/blacklist conns)

Re: Spamd log question

On Wed, May 31, 2006 at 10:56:40PM -0400, Mike Spenard wrote: What would the remainder be then if 16 out of 17 are black. Is the remaining 1 a greylist connection? Yes, if I'm right (and I think I am.) Grep the logs for 'connected ' and the numbers should make sense. You should see something

Re: spamd - greylisting valid local users?

On 5/23/06, Jakub GEazik [EMAIL PROTECTED] wrote: How do you handle greylisting of valid users? I have just tested spamd. Valid users trying to sent mail through my SMTP server are greylisted and need to try again after 'passtime'. And when their IP changes (DSL lines) they need to do it again

Re: spamd - greylisting valid local users?

On 5/24/06, viq [EMAIL PROTECTED] wrote: How about authpf? SSH into box, and as long as session is active, you don't get redirected to spamd - with a tiny bit of settings. You're correct on not getting redirected to spamd. However, such a setup will only work on networks that do not block

spamd - greylisting valid local users?

How do you handle greylisting of valid users? I have just tested spamd. Valid users trying to sent mail through my SMTP server are greylisted and need to try again after 'passtime'. And when their IP changes (DSL lines) they need to do it again, which could be irritating of course. How do

Re: spamd - greylisting valid local users?

On Tue, 23 May 2006 21:39:01 +0200 Jakub G__azik [EMAIL PROTECTED] wrote: How do you handle greylisting of valid users? $ grep msa /etc/services submission 587/tcp msa # mail message submission

Re: spamd - greylisting valid local users?

Adam napisa3(a): On Tue, 23 May 2006 21:39:01 +0200 Jakub G__azik [EMAIL PROTECTED] wrote: How do you handle greylisting of valid users? $ grep msa /etc/services submission 587/tcp msa # mail

Re: spamd - greylisting valid local users?

On 5/24/06, Jakub G3azik [EMAIL PROTECTED] wrote: Sounds good, but telling all those users to change their MUA config.. For roaming users, they are likely to be confronted with outbound port 25 blocks on more and more networks. Given those conditions, they're likely to have to change their

Spamd stats

Hi, I'm looking for scripts to generate statistics off of /var/log/spamd Thanks, Mike Spenard

Re: Spamd stats

On 19 May 2006, at 21:28, Mike Spenard wrote: I'm looking for scripts to generate statistics off of /var/log/spamd If you don't mind using rrdtool to collate the information, I have some scripts here: http://vanhegan.net/software/ In the Misc section down the bottom, you'll find my php/rrd

Re: Spamd stats

I got this script (spamd_parser.tgz) from a guy called Christopher Kruslicky so all credit goes to him. It uses RRD Tool and provides a fairly nice graph. It also runs as a daemon. I butchered his code to produce two Perl daemons (spamd.zip) - one that monitors the spamd log and updates the RRD

Re: Spamd, gmail and aol...

On Sat, Apr 15, 2006 at 01:18:16AM +0100, Craig Skinner wrote: Hi lads, See any probs with this wee idea to auto generate the above? Hey Craig, Saw your post to openbsd-misc on MARC; Is there any particular reason you don't use the SPF records that gmail publish? I added the four

Re: Spamd, gmail and aol...

/28 # xproxy gmail 66.249.92.192/28 # uproxy gmail 216.239.56.240/28 # mproxy gmail Hi lads, See any probs with this wee idea to auto generate the above? # cat /root/bin/mk-gmail-spamd-whitelist #!/bin/ksh file=/etc/spamd.whitelist.gmail for l in a b c d e f g h i j k l m n o p q r s

spamd not logging to /var/log/spamd

I think I just need a second pair of eyes because I'm obviously missing something. I've just installed a new firewall, and i'm trying to get spamd to log to /var/log/spamd. It *does* log to /var/log/daemon though, and the greylisting daemon is working fine. fire:/var/log#ls -al spamd -rw-r

[solved] spamd not logging to /var/log/spamd

the problem was here: ---My modifications to syslog.conf--- !spamd daemon.err;daemon.warn;daemon.info /var/log/spamd When I started syslog with syslogd -d I saw this error: syslogd: unknown priority name info /var/log/spamd I double checked

Re: spamd not logging to /var/log/spamd

On 4/12/06, Bryan Irvine [EMAIL PROTECTED] wrote: I've just installed a new firewall, and i'm trying to get spamd to log to /var/log/spamd. Have you SIGHUP'ed the syslogd process? It should re-read its configuration file at that point, using your new configuration. !spamd daemon.err

Re: spamd not logging to /var/log/spamd

At 06:42 PM 4/11/06, Bryan Irvine wrote: I think I just need a second pair of eyes because I'm obviously missing something. I've just installed a new firewall, and i'm trying to get spamd to log to /var/log/spamd. Did you 'touch' the file? You need to create the file yourself.

Re: spamd not logging to /var/log/spamd

On Tue, Apr 11, 2006 at 03:42:09PM -0700, Bryan Irvine wrote: ---My modifications to syslog.conf--- !spamd daemon.err;daemon.warn;daemon.info /var/log/spamd when you: $ sed -ne '/spamd/l' /etc/syslog.conf do you have !spamd\n$ daemon.err;daemon.warn;daemon.info

Spamd, gmail and aol...

there are two separate IP addresses allegedly from gmail accounts, but imagine my surprise that both resolve to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob

Re: Spamd, gmail and aol...

of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has

Re: Spamd, gmail and aol...

hitting spamd's max connection limit? spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd

Re: Spamd, gmail and aol...

/usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running

Re: Spamd, gmail and aol...

resolve to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt

spamd blacklists

So where do I find Bob Beck's spamd list?

Re: Spamd, gmail and aol...

On 2006/04/07 10:49, Jeff Ross wrote: rdr pass on $if_ext proto tcp from whitelist to port smtp \ - ($if_ext) port 25 Have you tested that your whitelist works by connecting from an IP address that's listed on it? I usually use no rdr when I want to exempt servers from greylisting, istr

Re: Spamd, gmail and aol...

to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have

Re: Spamd, gmail and aol...

? spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see

Re: Spamd, gmail and aol...

(but that was a long time ago, so ymmv). Also, interesting. I've pretty much used the setup as described in the man page and haven't had a problem in like a year and a half of using spamd. Jeff

<    8   9   10   11   12   13   14   15   >