login
Login / Register
Header Space

 
 

Home » Mailing list archives » openbsd-misc » 2008 » January » 7

Need peer review of my pf/spamd config

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Robert Carr <rcarr6502@...>
To: <misc@...>
Subject: Need peer review of my pf/spamd config
Date: Monday, January 7, 2008 - 5:26 am

I think my pf / spamd config is correct and running
well, but I'm not entirely sure and would appreciate
any suggestions, corrections or optimizations.

/var/log/spamd shows activity of hosts being
grey-trapped, marked as (BLACK) or (GREY); spamdb
shows trapped and white hosts.  

However, 'pfctl -t spamd -T show' shows nothing in the
<spamd> table (<spamd-white> is being populated), and
'pfctl -sT -vv' shows that <spamd> has had no
addresses and no matches.  209.210.237.2 is hitting
spamd constantly, and I would expect it to be
blacklisted into <spamd> at the least.  Given that,
does my pf.conf seem correct?

=================================================

Relevant portions of my pf.conf:

table <spamd> persist
table <spamd-white> persist
table <spamd-my-whitelist> persist file
"/etc/mail/spamd-my-whitelist.txt"

rdr on $ext_if inet proto tcp from
<spamd-my-whitelist> to \
        { $ext_if, $localnet, $dmznet } port smtp ->
$mailserver port smtp
rdr pass on $ext_if inet proto tcp from <spamd> to \
        { $ext_if, $localnet, $dmznet } port smtp ->
127.0.0.1 port spamd
rdr pass on $ext_if inet proto tcp from !<spamd-white>
to \
        { $ext_if, $localnet, $dmznet } port smtp ->
127.0.0.1 port spamd
rdr on $ext_if inet proto tcp from <spamd-white> to \
        { $ext_if, $localnet, $dmznet } port smtp ->
$mailserver port smtp

# Enable logging of certain SMTP transactions so
spamlogd can
# update <spamd-white>.  Connections from MTAs in my
custom
# <spamd-my-whitelist> don't need to be logged.

pass in quick on $ext_if inet proto tcp from
<spamd-my-whitelist> \
        to any port smtp synproxy state
pass in log (to pflog1) quick on $ext_if inet proto
tcp from <spamd-white> \
        to any port smtp synproxy state
pass out log (to pflog1) quick on $ext_if inet proto
tcp from $mailserver \
        to any port smtp synproxy state

=================================================

The man page for spamd says:

When a host that is currently greylisted
     attempts to send mail to a spamtrap address, it
is blacklisted for 24
     hours by adding the host to the spamd blacklist
<spamd-greytrap>. 
<<

Should I also have an rdr rule for <spamd-greytrap>?

=================================================

I'm using OpenBSD 4.2's default /etc/mail/spamd.conf.

I have created the pflog1 interface, tcpdump shows
traffic occasionally being logged to it, and spamlogd
is listening to pflog1.  '/usr/libexec/spamd-setup' is
uncommented in root's crontab, and runs hourly.

My /etc/rc.conf.local:

spamd_flags="-v -G 15:4:864 -l 127.0.0.1 -h
host.example.com -n Postfix"
spamd_black=NO
spamd_grey=YES
spamlogd_flags="-l pflog1"



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Need peer review of my pf/spamd config, Robert Carr, (Mon Jan 7, 5:26 am)
Re: Need peer review of my pf/spamd config, Stuart Henderson, (Mon Jan 7, 7:54 am)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Colocation donated by:
Who's online
There are currently 2 users and 942 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary