On 2013-07-31 Wed 14:25 PM |, Peter Hessler wrote:
> You need to change those to the correct IPs or hostnames for your
> configuration.
>
Thanks Peter.
This works:
spamd_flags="-y [ip.address] -Y mx-backup"
When testing with various hostnames with the -y option, all failed with
the "Device not configured" message. The host is dual homed and has
specific hostnames for each interface, but they're not accepted in
either long or short (without the domain name) form.
e.g:
public.server.example.com
public.server.example.com.
public.server
server-public
server (produces 2 ip addresses via 'host')
This pf rule subset seems to pass the sync as now the sync_trap messages
on 1 box have corresponding 'new TRAP from' messages on the other:
# spamd-sync:
pass in log on $ext_if inet proto udp from mx-backup port > 1023 \
to $ext_if port spamd-sync user root #_spamd
pass out log on $ext_if inet proto udp from $ext_if port > 1023 \
to any port spamd-sync user root #_spamd
$ fstat | fgrep 8025 | fgrep udp
shows _spamd has the port, but it must've been opened by root as when
the _spamd user is in the above pf rule, it doesn't pass.
Cheers,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
