On 2013-W10-3 15:46 -0700, Bob Beck wrote: > > Yes, one could log stuff into different pflog interfaces, but I don't > > understand why pf.conf `pass in ... log ... port smtp ...` is effectively > > redefined to mean `add <spamd-white>` when spamlogd is running, > > http://www.openbsd.org/cgi-bin/man.cgi?query=spamlogd > > and RTFM for the first two sentences - and it's pretty darn clear. > > Those of us that whitelist blocks of addresses (and log them) like > this behaviour to track what mailservers we are seeing like the > current behavior.
Point taken; this should be optional.
Index: spamlogd.8 =================================================================== RCS file: /cvs/OpenBSD-CVS/src/libexec/spamlogd/spamlogd.8,v retrieving revision 1.17 diff -u -d -p -8 -r1.17 spamlogd.8 --- spamlogd.8 4 Mar 2011 21:01:49 -0000 1.17 +++ spamlogd.8 7 Mar 2013 19:41:24 -0000 @@ -17,17 +17,17 @@ .Dd $Mdocdate: March 4 2011 $ .Dt SPAMLOGD 8 .Os .Sh NAME .Nm spamlogd .Nd spamd whitelist updating daemon .Sh SYNOPSIS .Nm spamlogd -.Op Fl DI +.Op Fl DIU .Op Fl i Ar interface .Op Fl l Ar pflog_interface .Op Fl W Ar whiteexp .Op Fl Y Ar synctarget .Sh DESCRIPTION .Nm manipulates the .Xr spamd 8 @@ -73,16 +73,32 @@ target of outbound SMTP connections. Specify a network interface on which packets must arrive. The default is to watch for connections logged from all interfaces. .It Fl l Ar pflog_interface Specify a .Xr pflog 4 interface to listen for connection notifications. The default is to watch for connections logged on .Dq pflog0 . +.It Fl U +Specify that for inbound SMTP connections, +.Nm +is only to update existing +.Pa /var/db/spamd +entries, without adding any new ones. +By default +.Nm +will whitelist the source of all inbound SMTP connections that are logged. +This option is needed if connections redirected to +.Xr spamd 8 +are logged, +and no distinct +.Xr pflog 4 +interface is configured for +.Nm . .It Fl W Ar whiteexp Adjust the time for .Ar whiteexp in hours. The default is 864 hours (approximately 36 days); maximum is 2160 hours (approximately 90 days). .It Fl Y Ar synctarget Add a target to receive synchronisation messages; see Index: spamlogd.c =================================================================== RCS file: /cvs/OpenBSD-CVS/src/libexec/spamlogd/spamlogd.c,v retrieving revision 1.21 diff -u -d -p -8 -r1.21 spamlogd.c --- spamlogd.c 18 Mar 2011 22:37:06 -0000 1.21 +++ spamlogd.c 7 Mar 2013 19:46:44 -0000 @@ -63,29 +63,30 @@ int debug = 1; int greylist = 1; FILE *grey = NULL; u_short sync_port; int syncsend; u_int8_t flag_debug = 0; u_int8_t flag_inbound = 0; +u_int8_t flag_updateonly = 0; char *networkif = NULL; char *pflogif = "pflog0"; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t *hpcap = NULL; struct syslog_data sdata = SYSLOG_DATA_INIT; time_t whiteexp = WHITEEXP; extern char *__progname; void logmsg(int , const char *, ...); void sighandler_close(int); int init_pcap(void); void logpkt_handler(u_char *, const struct pcap_pkthdr *, const u_char *); -int dbupdate(char *, char *); +int dbupdate(char *, char *, int); void usage(void); void logmsg(int pri, const char *msg, ...) { va_list ap; va_start(ap, msg); @@ -187,22 +188,22 @@ logpkt_handler(u_char *user, const struc sizeof(ipstraddr)); } if (ipstraddr[0] != '\0') { if (hdr->dir == PF_IN) logmsg(LOG_DEBUG,"inbound %s", ipstraddr); else logmsg(LOG_DEBUG,"outbound %s", ipstraddr); - dbupdate(PATH_SPAMD_DB, ipstraddr); + dbupdate(PATH_SPAMD_DB, ipstraddr, hdr->dir == PF_IN); } } int -dbupdate(char *dbname, char *ip) +dbupdate(char *dbname, char *ip, int inbound) { HASHINFO hashinfo; DBT dbk, dbd; DB *db; struct gdata gd; time_t now; int r; struct in_addr ia; @@ -227,16 +228,20 @@ dbupdate(char *dbname, char *ip) /* add or update whitelist entry */ r = db->get(db, &dbk, &dbd, 0); if (r == -1) { logmsg(LOG_NOTICE, "db->get failed (%m)"); goto bad; } if (r) { + if (inbound && flag_updateonly) { + logmsg(LOG_DEBUG,"ignoring %s", ip); + goto bad; + } /* new entry */ memset(&gd, 0, sizeof(gd)); gd.first = now; gd.bcount = 1; gd.pass = now; gd.expire = now + whiteexp; memset(&dbk, 0, sizeof(dbk)); dbk.size = strlen(ip); @@ -280,17 +285,17 @@ dbupdate(char *dbname, char *ip) db = NULL; return (-1); } void usage(void) { fprintf(stderr, - "usage: %s [-DI] [-i interface] [-l pflog_interface] " + "usage: %s [-DIU] [-i interface] [-l pflog_interface] " "[-W whiteexp] [-Y synctarget]\n", __progname); exit(1); } int main(int argc, char **argv) { @@ -302,23 +307,26 @@ main(int argc, char **argv) char *sync_iface = NULL; char *sync_baddr = NULL; const char *errstr; if ((ent = getservbyname("spamd-sync", "udp")) == NULL) errx(1, "Can't find service \"spamd-sync\" in /etc/services"); sync_port = ntohs(ent->s_port); - while ((ch = getopt(argc, argv, "DIi:l:W:Y:")) != -1) { + while ((ch = getopt(argc, argv, "DIUi:l:W:Y:")) != -1) { switch (ch) { case 'D': flag_debug = 1; break; case 'I': flag_inbound = 1; + break; + case 'U': + flag_updateonly = 1; break; case 'i': networkif = optarg; break; case 'l': pflogif = optarg; break; case 'W':