Didier Wiroth wrote:
Hello,
i've started looking at spamd & to be honest i'm a little confused
even after reading man & google. could somebody run a quick check
over all of this to reassure me?
NB special thanks to peter@ for http://home.nuug.no/~peter/pf/en/
this was a godsend!
scenario:
pf fw running as inet gateway & NATs smtp to postfix on different
host. this works just fine but of course receives spam occasionally!
spamd appears to be a drop-on-top of your existing (working) MTA
config - i.e. no changes are required to my pf fw & postfix setup at
all. am i right?
changes - all on postfix box only:
- enabled pf & set a pf.conf (below)
- use default spamd.conf
this seems to work but -
i don't see a greylist table anywhere in pfctl -s all. is one needed?
(I'm a novice too but as far as I understood ... ;-))
You have to understand that there are "individual" different
components in the openbsd spamd concept.
1) spamd daemon (the smtp ("fake sendmail daemon/emulator")),
2) spamd-setup
3) spamdlogd
4) pf
Description of 1-4):
1) is the daemon which listens to the 8025 port
2) spamd-setup, is run via root's cronjob (see "sudo crontab -e -u
root" and enable the spamd-setup entry)
a) This program reads your spamd.conf and downloads the blacklisted
hosts from the urls.
b) It loads the blacklisted hosts in your spamd daemon (and stores
them in /var/db/spamd)
You can "not" view the downloaded blacklisted hosts with spamdb command.
You can only view them afterwards in your log when a host is actuallly
trapped:
Mar 7 10:24:10 gate spamd[1986]: 124.254.44.216: connected (1/1),
lists: nixspam china
Mar 7 10:24:19 gate spamd[1986]: 124.254.44.216: disconnected after 9
seconds. lists: nixspam china
c) "and" now spamd-setup loads the blacklisted hosts in a pf table
called <spamd> (which your redirect with the "rdr" rules")
3) spamlogd (see man 8 spamlogd), manipulates the spamd database
(/var/db/spamd), handles the grey and white listed hosts.
This program needs the "pass in log" and "pass out log" to be able to
manage those.
4) Pf simply reads the table <spamd-white> / <spamd> tables and
redirects them according to your rules.
pf in-memory table spamd-white doesn't persist between reboots. is
this expected?
Are you running spamdlogd, this is the daemon that should read and
load the IPs (from spamd) in the pf table?
Please note, to use your whitelist entry in spamd.conf you should have
something like:
all:\
:spews1:whitelist:china:whitelist:korea:whitelist:
You should really consider to use the latest "current"
/etc/mail/spamd.conf from the cvs repository, as there are far better
hosts in it.
And lastly, there have been "LOTSSSSS" of changes in the upcoming 4.1
spamd .... so .. stay tuned!
Your rules look ok to me.
Kind regards
Didier
I forgot, to read the white and grey entries of spamd use the command:
spamdb
(see: man 8 spamdb)
