Stephan A. Rickauer wrote:
On Tue, 2008-08-12 at 09:46 +0200, Morgan Wesstrvm wrote:
information Google turned up. A general reflection is that it's a little
hard to grasp from the man pages how all the components work together
(spamd, spamlogd, spamd-setup, spamdb, pf) especially when you're only
used to blacklisting like I am. But everything seems to be working just
I just had to do the same (on OpenBSD, though). I do find the man pages
quite complete, to be honest. It may be not a step-through guide on all
topics, but once I took myself the time to actually read it all through,
it became quite clea.:
Thank you for your answers Stephan. Please bear with me because I come
from the land of blacklisting only :-)
In general I'm very pleased with the BSD man pages but when I try to
learn new functionality I find myself looking for details I probably
only can get if I read the actual source code and I understand its place
is not in the man pages.
* There is no longer a <spamd> table to fill with blacklisted IP addresses.
Correct. Because spamd takes care of blacklisted IPs and no longer pf.
Yes, but what does that mean? Does spamd keep an internal list of
blacklisted IP addresses and why is it not in the spamd database in that
case (which seems a natural place for it)? Can I see it somewhere and
manipulate it manually?
yes, as explained in spamd(8):
"spamd regularly scans the /var/db/spamd database and configures all
whitelist addresses as the pf(4) <spamd-white> table"
Ok, that is of course obvious now when I read it :-) Still curious of
_how_ it's actually done. Does this somehow has to do with the fdescfs
filesystem that has to be mounted? I believe I read somewhere that the
interaction with the tables are done through this filesystem. Why not
use the API that pfctl use? I really feel like a jerk asking these
stupid questions... :-)
No, because you don't need it. Everything that is not in the state of
GREY, TRAP, SPAMTRAP or WHITE is obviously blacklisted.
I understand the states GREY and WHITE but what exactly is TRAP and
SPAMTRAP if they're not the blacklisted addresses? I read the section
GREYTRAPPING in spamd(8):
"When running spamd in default mode, it may be useful to define spamtrap
destination addresses to catch spammers as they send mail from
greylisted hosts....<snip>"
I haven't slept tonight so I simply don't understand what this paragraph
is saying or what its purpose is? Can I enter "fake" email addresses
here and if a GREY host happens to send a mail to this fake address,
that host gets blacklisted? How big is the chance that it would try a
fake random address I enter here...? (LOL, I can imagine you have a good
laugh by now but I really like to learn :-) )
spamd-setup(8)
"The spamd-setup utility sends blacklist data to spamd(8), as well as
configuring mail rejection messages for blacklist entries."
Yes :-) "Blacklist data" - is that the IP addresses collected from the
blacklists defined in spamd.conf?
No, if you'd like to blacklist an IP manually, you can either do so by
using a custom pf table (e.g. mywhite) that omits redirection from that
table to spamd. Or, the way we do it, we compile our own list and
configure/load it in spamd.conf(5):
I can still maintain a local blacklist file that I load in spamd.conf as
I have done since I started using spamd then? I was excited for a while
that I could drop that file and enter the IP addresses permanently in
the spamd database instead but the local file is fine with me since I
know how it works. I just feel uncomfortable not being able to see the
list anywhere...
"The spamd.conf file is read by spamd-setup(8) to configure blacklists
for spamd(8)."
why doesn't the various blacklists in spamd.conf show up here then? How
Well, you have to configure them somehere.
My confusion comes from the fact that I'm still told to use spamd.conf
and spamd-setup as I've always done while using blacklisting only mode,
but now I'm missing <spamd> and the rules that refer to that table and I
can't see anywhere that the blacklists are actually parsed and used...
Sorry again for being a thick jerk and being stuck in the old thinking
but I really appreciate any insight into this because I'm completely set
on learning this. :-)
Kind regards
Morgan
