On Tue, Feb 27, 2007 at 05:44:05PM -0700, Bob Beck wrote: > * Tom Bombadil <[EMAIL PROTECTED]> [2007-02-27 15:09]: > > Greetings... > > > > By any chance, will spamd delete any IPs that I add manually to spamd-white? > > > > Yes.
consider the entries in <spamd-white> to be the exclusive stomping grounds of spamd(8) for the sole purpose for pumping the "WHITE" entries from /var/db/spamd into pf(4). the 'expire' time in the db file is a simple sum of 'now' plus whatever 'whiteexp' is set to when the entry is written. the entry is reapered out later on when that expire time is <= 'now'. since <spamd-white>'s purpose is nothing other than to enumerate IPs which shall not actually *talk* to spamd(8) at all, it is perfectly correct to take any IPs you personally want to whitelist (be it on a permanent basis or whatever) and put them into a different table that you just use in pf.conf(5) .... > > spamd(8) says: > > "spamd regularly scans the /var/db/spamd database and configures all > > whitelist addresses as the spamd-white pf(4) table." > > > > How exactly does spamd configure spamd-white table? > > > > The objective is to safely add my own IPs to the whitelist. > > > > don't put them in spamd-white: > > table <no-spamd> file /etc/mail/nospamd > ... > no-rdr proto tcp from <no-spamd> to any port 25 ... like beck@ mentions there. for instance, i wrote two shell scripts to take care of this for me. one of them runs against a list of domain names that i know have SPF records and that i want to whitelist based on them, it runs some digs, sorts/uniqs them, and writes the results > somefile.spf. the second script reads the contents of somefile.spf and also somefile.static and pumps them into a table in pf i call <perma-white>, who then gets a no-rdr line. so i just add things to the list of domains for the SPF lookup if applicable, and if not applicable or i need something Right Now, i just add them to the somefile.static. this way you keep your "manual" whitelisted entries decoupled from spamd, spamd-setup, and /var/db/spamd, and it's easy to manage them on the side. -- jared
