Hi all,
I am incrementally bringing my server up to date. I was on 5.5-current so
following the instructions I upgraded to 5.6 stable.
I re-wrote my pf.conf to remove the oldqueue rules and to simplify the
rule set.
Checks okay for syntax but it doesn't seem to be redirecting mail to
spamd. If I telnet to my server on port 25 I do not see the stutter of the
banner at all.
Here's my current pf.conf for other eyes--maybe I've made a thinko in these
new ruless
# $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if="re0" # External Public Interface
tcp_services = "{ 22,53,113,25,993,465,80,443 }"
udp_services = "{ domain, ntp, 1194 }"
icmp_types = "{ echoreq, unreach }"
table <spamd> persist
table <zombies> persist
set block-policy return
set loginterface $ext_if
set skip on { lo, tun }
match on $ext_if inet all scrub (no-df max-mss 1398)
# filter rules and anchor for ftp-proxy(8)
anchor "ftp-proxy/*"
pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
# anchor for relayd(8)
block log all
block in log quick proto tcp from <zombies> to any
# rules for spamd(8)
table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"
pass in log on egress proto tcp from any to any port smtp \
rdr-to 127.0.0.1 port spamd
pass in log on egress proto tcp from <nospamd> to any port smtp
pass in log on egress proto tcp from <spamd-white> to any port smtp
pass out log on egress proto tcp to any port smtp
pass in log quick on egress proto tcp to port $tcp_services
pass in log quick on egress proto udp to port $udp_services
pass out log quick on egress from any to any
Thanks!
Jeff Ross
