[EMAIL PROTECTED] wrote:
I had a power outage to our building due to the fires in San Diego and it
crashed those without UPSes. One of them is the spamd machine. I've brought it
back up and ran fsck on all volumes. However, mail will not come into our
mailboxes from outside but mail can be delivered to outside recipients. I can
telnet into the spamd machine and send mail externally and internally. Postfix
seems to be ok. When I stop pf, mail from the outside of our LAN come pouring
in. When I start up pf, inbound mail comes to a stop. In the spamd log, I see
all kinds of connections being blacklisted and greylisted but still not one
mail is being delivered. I am using spamd-mywhite as my whitelist and put all
known GMail IP addresses on it. I then send an email from my GMail account to
this machine. It gets greylisted and eventually sits in the greylist for quite
a while. I also see ports 25 open on both external and internal NICs and port
8025 open on the localhost interface.
I need assistance in troubleshooting this. Running spamd 4.1.2 on FreeBSD 6.2.
We average 800 valid mail per day and so far in the last 24 hours, not one mail
has come through using the existing spamd configuration.
mailfilter-root@/usr/ports# pfctl -vvnf /etc/pf.conf
ext_if = "rl0"
int_if = "xl0"
internal_net = "192.168.1.1/24"
external_addr = "216.70.250.4"
vpn_net = "10.8.0.0/24"
icmp_types = "echoreq"
NoRouteIPs = "{ 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 }"
webserver1 = "192.168.1.4"
set skip on { lo0 }
set skip on { gif0 }
@0 scrub in all fragment reassemble
@1 nat on rl0 inet from 192.168.1.0/24 to any -> (rl0) round-robin
@2 nat on rl0 inet from 10.8.0.0/24 to any -> (rl0) round-robin
@3 rdr on rl0 inet proto tcp from any to 216.70.250.4 port = http ->
192.168.1.4 port 80
table <spamd> persist
table <spamd-white> persist
table <spamd-mywhite> persist file "/usr/local/etc/spamd/spamd-mywhite"
@4 rdr inet proto tcp from <spamd-mywhite:0> to 216.70.250.4 port = smtp ->
127.0.0.1 port 25
@5 rdr inet proto tcp from <spamd-white:0> to 216.70.250.4 port = smtp ->
127.0.0.1 port 25
@6 rdr pass inet proto tcp from <spamd:0> to 216.70.250.4 port = smtp ->
127.0.0.1 port 8025
@7 rdr pass inet proto tcp from ! <spamd-white:0> to 216.70.250.4 port = smtp
-> 127.0.0.1 port 8025
@8 pass in log inet proto tcp from any to 216.70.250.4 port = smtp flags S/SA
synproxy state
@9 pass out log inet proto tcp from 216.70.250.4 to any port = smtp flags S/SA
synproxy state
@10 pass in log inet proto tcp from 192.168.1.0/24 to 192.168.1.25 port = smtp
flags S/SA synproxy state
@11 block drop in log all
@12 pass in log quick on xl0 inet proto tcp from any to 192.168.1.25 port = ssh
flags S/SA synproxy state
@13 block drop in log quick on rl0 inet from 127.0.0.0/8 to any
@14 block drop in log quick on rl0 inet from 192.168.0.0/16 to any
@15 block drop in log quick on rl0 inet from 172.16.0.0/12 to any
@16 block drop in log quick on rl0 inet from 10.0.0.0/8 to any
@17 block drop out log quick on rl0 inet from any to 127.0.0.0/8
@18 block drop out log quick on rl0 inet from any to 192.168.0.0/16
@19 block drop out log quick on rl0 inet from any to 172.16.0.0/12
@20 block drop out log quick on rl0 inet from any to 10.0.0.0/8
@21 block drop in log quick on ! xl0 inet from 192.168.1.0/24 to any
@22 block drop in log quick inet from 192.168.1.25 to any
@23 pass in on xl0 inet from 192.168.1.0/24 to any
@24 pass out log on xl0 inet from any to 192.168.1.0/24
@25 pass out log quick on xl0 inet from any to 10.8.0.0/24
@26 pass out on rl0 proto tcp all flags S/SA modulate state
@27 pass out on rl0 proto udp all keep state
@28 pass out on rl0 proto icmp all keep state
@29 pass in on rl0 inet proto tcp from any to 192.168.1.4 port = http flags
S/SA synproxy state
@30 pass in on xl0 inet proto tcp from any to 192.168.1.25 port = ssh keep state
warning: macro 'icmp_types' not used
mailfilter-root@/usr/ports#
What's the quickest way to recover from this? Any other troubleshooting
techniques?
~Doug
with rule @11 (log) you can do a
tcpdump -net -i pflog0 and look at the block rule number.
also do a sockstat -4 -p 25 and look if your mailserver listen at 127.0.0.1:25
otherwise rule @4 and @5 have no effect
olli
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"