Hi David, On 2012-05-27 11.51, David Diggles wrote: >> Hi again David. >> If all the spamd settings are back to default, I would recommend trying to >> pinpoint where the problem is. >> Just to check if it could be something wrong with the syntax of your pf >> rules regarding spamd, just comment them out. >> pfctl -f /etc/pf.conf and run for a while and see if you receive any mails. >> >> /Hasse > > I am running spamd in blacklist mode now, so I am once again receiving > the mailing list. > > I think the default spamd timings do not give lists.openbsd.org enough time > to retransmit in the whitelist window. It would be nice if someone else had > the time to attempt reproducing this.
No, I really don't think that's your problem. The default settings give spamd a four-hour window for retransmittions to occur. Judging from the log excerpt you included in one of your earlier mails the misc list server does a number of retries in that time and should easily make it. What does "spamdb | fgrep 192.43.244.163" say? Could you add the '-v' (verbose) flag to your spamd startup options? That enables spamd to log the source and destination address for any mails it greylists, so you can check that you're actually getting the same tuples for each retry. Remember that greylisting is based on the combination of three entities, the source IP, the source mail address and the destination mail address (what's called a "tuple" in greylisting terminology). All three of those must be the same between retransmit attempts for the greylisting to recognize the attempt. Otherwise it will just add another entry to spamdb and mark it "GREY", pending either timeout or another connect with the same tuple (in which case it either does nothing if the attempt was too soon or lets it through and changes the entry to "WHITE" in spamdb). Also remember that it actually takes three tries to get the mail through. First the initial attempt, which is rejected with a 451 temporary error. Then the next attempt, which gives the IP address clearance and adds it to the spamd-white PF table, but still results in a 451 temporary error back to the originating mail server. The third attempt will be routed by PF directly to your "real" SMTP server and will never be seen by spamd. I often find it helpful, when debugging mail problems such as yours, to simulate a sending SMTP server by using "telnet your.smtp.server smtp" and entering SMTP commands to the server manually, like this: $ telnet mailgate.internetlabbet.net 25 Trying 217.75.101.10... Connected to mailgate.internetlabbet.net. Escape character is '^]'. 220 mailgate.internetlabbet.net ESMTP spamd IP-based SPAM blocker; Sun May 27 12:36:26 2012 HELO lofgren.biz 250 Hello, spam sender. Pleased to be wasting your time. MAIL FROM: <bl-li...@lofgren.biz> 250 You are about to try to deliver spam. Your time will be spent, for nothing. RCPT TO: <bl-li...@lofgren.biz> 250 This is hurting you more than it is hurting me. DATA 451 Temporary failure, please try again later. Connection closed by foreign host. $ _ The above results in these lines in my syslog: May 27 12:36:26 fw1 spamd[836]: 66.7.199.108: connected (2/1) May 27 12:37:06 fw1 spamd[836]: (GREY) 66.7.199.108: <bl-li...@lofgren.biz> -> <bl-li...@lofgren.biz> May 27 12:37:16 fw1 spamd[836]: 66.7.199.108: disconnected after 50 seconds. And the following in spamdb: # spamdb | fgrep 66.7.199.108 GREY|66.7.199.108|lofgren.biz|<bl-li...@lofgren.biz>|<bl-li...@lofgren.biz>|1338115026|1338201426|1338201426|1|0 Then I wait "passtime" minutes and retry the same thing, and check my logs and spamdb. Then I try again to verify that I'm this time indeed talking to my sendmail (or your smtp server of choice). Regards, /Benny > This one you sent me earlier has some advice about tuning the timings, > https://calomel.org/spamd_config.html > > In this section: > "We suggest setting the pass time to as high as you are comfortable with. > Use a time between 10 and 55 minutes. You are welcome to set it as low as > 2 minutes, but it is possible that some spammers might get white listed. After > setting up spamd take some time, go through the logs and look for patterns. > Adjust the pass time as necessary." ... > > I realise I have been advised in the list here not to mess around with > the timings :P > -- internetlabbet.se / work: +46 8 551 124 80 / "Words must Benny Lofgren / mobile: +46 70 718 11 90 / be weighed, / fax: +46 8 551 124 89 / not counted." / email: benny -at- internetlabbet.se
