i'm trying to deal with mail providers like gmail that have pools of
outgoing smtp servers that shuffle among them for mail delivery.
in the case of gmail, i've taken the output of 'dig txt _spf.google.com.
+short', parsed it appropriately, and added it to table spamd-mywhite.
(in short, i write to /etc/mail/spamd-mywhite and then use pfctl to load
up the table).
relevant pf.conf snippet:
table <spamd-mywhite> persist file "/etc/mail/spamd-mywhite"
rdr pass inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port spamd
rdr pass inet proto tcp from !<spamd-white> to any port smtp -> 127.0.0.1 port
spamd
rdr pass inet proto tcp from <spamd-white> to any port smtp -> 127.0.0.1 port
smtp
rdr pass inet proto tcp from <spamd-mywhite> to any port smtp -> 127.0.0.1 port
smtp
right now, my spamd is stuttering at some gmail addresses, which test
positively that they are in spamd-mywhite, and thus i *believe* should
be handed off directly to smtp given my rules. mail from sourceforge.com
(_spf.sourceforge.com.), mail from facebook.com, and mail from
nytimes.com all apparently worked OK, and don't get stuttered at. i'm
running 4.4-STABLE, unmodified GENERIC kernel, FWIW.
=== j...@cosmicnetworks (ttyp3) ~ {2094} <0>--> sudo /sbin/pfctl -T test -t
spamd-mywhite 72.14.220.153
1/1 addresses match.
=== j...@cosmicnetworks (ttyp3) ~ {2095} <0>--> sudo /sbin/pfctl -T test -t
spamd-mywhite 209.85.218.176
1/1 addresses match.
=== j...@cosmicnetworks (ttyp3) ~ {2096} <0>-->
for brevity sake, i didn't include my entire pf.conf. if it would help,
i can share. i just feel i'm missing something really simple and stupid
here.
--john
