On 2008-08-12, Morgan Wesstrvm <[EMAIL PROTECTED]> wrote: >> Correct. Because spamd takes care of blacklisted IPs and no longer pf. > > Yes, but what does that mean? Does spamd keep an internal list of > blacklisted IP addresses
yes > and why is it not in the spamd database in that case (which seems a > natural place for it)? Can I see it somewhere and manipulate it manually? it's transient fast-changing information, there isn't a lot of point writing it to disk... >> yes, as explained in spamd(8): >> "spamd regularly scans the /var/db/spamd database and configures all >> whitelist addresses as the pf(4) <spamd-white> table" > > Ok, that is of course obvious now when I read it :-) Still curious of > _how_ it's actually done. Piped into pfctl. See grey.c. > Does this somehow has to do with the fdescfs > filesystem that has to be mounted? Are you by any chance using this on a non-OpenBSD OS? If so, please ask on their lists for help, I don't know if it applies to spamd, but other network daemons I have looked at that have been ported to some OS that needs fdescfs for spamd have had chunks of them ripped out to make them work (due to missing OS features). It's a bit of an unknown quantity for people who just know OpenBSD like many (most?) people here. > I haven't slept tonight so I simply don't understand what this paragraph > is saying or what its purpose is? Get some sleep then, it should be clearer. > Can I enter "fake" email addresses > here and if a GREY host happens to send a mail to this fake address, > that host gets blacklisted? Yes. > How big is the chance that it would try a fake random address > I enter here...? High when you use an address that spammers already know about. > I can still maintain a local blacklist file that I load in spamd.conf as > I have done since I started using spamd then? I was excited for a while > that I could drop that file and enter the IP addresses permanently in > the spamd database instead but the local file is fine with me since I > know how it works. I just feel uncomfortable not being able to see the > list anywhere... Then, you can arrange so that cron ftp's the list for you and point spamd-setup at the local file instead. > My confusion comes from the fact that I'm still told to use spamd.conf > and spamd-setup as I've always done while using blacklisting only mode, > but now I'm missing <spamd> and the rules that refer to that table and I > can't see anywhere that the blacklists are actually parsed and used... When you greylist, you just need to redirect all traffic from addresses not in spamd-white to spamd. PF doesn't need to know whether that's "currently subject to greylisting" or "on a blacklist" - either way, spamd needs the packets - so no point keeping the table in kernel memory as well as in spamd's memory.
