Home » Mailing list archives » openbsd-misc » 2008 » January » 7

Need peer review of my pf/spamd config

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Robert Carr <rcarr6502@...>
To: <misc@...>
Subject: Need peer review of my pf/spamd config
Date: Monday, January 7, 2008 - 5:26 am

I think my pf / spamd config is correct and running

well, but I'm not entirely sure and would appreciate

any suggestions, corrections or optimizations.


/var/log/spamd shows activity of hosts being

grey-trapped, marked as (BLACK) or (GREY); spamdb

shows trapped and white hosts.  


However, 'pfctl -t spamd -T show' shows nothing in the

 table ( is being populated), and

'pfctl -sT -vv' shows that  has had no

addresses and no matches.  209.210.237.2 is hitting

spamd constantly, and I would expect it to be

blacklisted into  at the least.  Given that,

does my pf.conf seem correct?


=================================================


Relevant portions of my pf.conf:


table  persist

table  persist

table  persist file

"/etc/mail/spamd-my-whitelist.txt"


rdr on $ext_if inet proto tcp from

 to \

        { $ext_if, $localnet, $dmznet } port smtp ->

$mailserver port smtp

rdr pass on $ext_if inet proto tcp from  to \

        { $ext_if, $localnet, $dmznet } port smtp ->

127.0.0.1 port spamd

rdr pass on $ext_if inet proto tcp from !

to \

        { $ext_if, $localnet, $dmznet } port smtp ->

127.0.0.1 port spamd

rdr on $ext_if inet proto tcp from  to \

        { $ext_if, $localnet, $dmznet } port smtp ->

$mailserver port smtp


# Enable logging of certain SMTP transactions so

spamlogd can

# update .  Connections from MTAs in my

custom

#  don't need to be logged.


pass in quick on $ext_if inet proto tcp from

 \

        to any port smtp synproxy state

pass in log (to pflog1) quick on $ext_if inet proto

tcp from  \

        to any port smtp synproxy state

pass out log (to pflog1) quick on $ext_if inet proto

tcp from $mailserver \

        to any port smtp synproxy state


=================================================


The man page for spamd says:


>>

When a host that is currently greylisted

     attempts to send mail to a spamtrap address, it

is blacklisted for 24

     hours by adding the host to the spamd blacklist

.

<<


Should I also have an rdr rule for ?


=================================================


I'm using OpenBSD 4.2's default /etc/mail/spamd.conf.


I have created the pflog1 interface, tcpdump shows

traffic occasionally being logged to it, and spamlogd

is listening to pflog1.  '/usr/libexec/spamd-setup' is

uncommented in root's crontab, and runs hourly.


My /etc/rc.conf.local:


spamd_flags="-v -G 15:4:864 -l 127.0.0.1 -h

host.example.com -n Postfix"

spamd_black=NO

spamd_grey=YES

spamlogd_flags="-l pflog1"


      ____________________________________________________________________________________

Be a better friend, newshound, and

know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Need peer review of my pf/spamd config, Robert Carr, (Mon Jan 7, 5:26 am)
Re: Need peer review of my pf/spamd config, Stuart Henderson, (Mon Jan 7, 7:54 am)