From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 04:12:51 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 8E68F16A4CF; Thu, 16 Sep 2004 04:12:51 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 1142 invoked by alias); 21 Aug 2004 03:34:55 -0000 Delivered-To: unirz@vampire.homelinux.org Received: (qmail 1139 invoked from network); 21 Aug 2004 03:34:54 -0000 Received: from mailstud.rz.uni-karlsruhe.de (129.13.185.210) by p54808175.dip.t-dialin.net with SMTP; 21 Aug 2004 03:34:54 -0000 Received: from spamstud.rz.uni-karlsruhe.de (spamstud.rz.uni-karlsruhe.de [129.13.185.237]) by mailstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1) id 1ByMgE-0004N4-59 for max.laier@stud.uni-karlsruhe.de; Sat, 21 Aug 2004 05:36:34 +0200 Received: from localhost (exim@[127.0.0.1]) by spamstud.rz.uni-karlsruhe.de with spam-scanned (Exim 4.34 #1) id 1ByMgD-0002eB-V4 for max.laier@stud.uni-karlsruhe.de; Sat, 21 Aug 2004 05:36:34 +0200 Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by spamstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1) id 1ByMgD-0002dy-Sf for max.laier@stud.uni-karlsruhe.de; Sat, 21 Aug 2004 05:36:33 +0200 Received: from [212.227.126.139] (helo=mxng12.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1ByMgD-0002Cx-00 for max.laier@stud.uni-karlsruhe.de; Sat, 21 Aug 2004 05:36:33 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng12.kundenserver.de with esmtp (Exim 3.35 #1) id 1ByMgD-0000uQ-00 for max@love2party.net; Sat, 21 Aug 2004 05:36:33 +0200 Received: from localhost (localhost [127.0.0.1])ESMTP id 2CE7572C57F; Fri, 20 Aug 2004 22:35:18 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20527-25; Fri, 20 Aug 2004 22:35:18 -0500 (EST) Received: from turing (localhost [127.0.0.1])ESMTP id B292672C890; Fri, 20 Aug 2004 22:35:17 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 20 Aug 2004 22:34:59 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from localhost (localhost [127.0.0.1])ESMTP id 9605072C989 for ; Fri, 20 Aug 2004 22:34:58 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18598-41 for ; Fri, 20 Aug 2004 22:34:58 -0500 (EST) Received: from mail.emediaone.net (orion.emediaone.net [203.208.226.21]) ESMTP id A20BC72C890 for ; Fri, 20 Aug 2004 22:34:56 -0500 (EST) Received: from mail.emediaone.net (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 59FF8450A8 for ; Sat, 21 Aug 2004 11:58:00 +0800 (SGT) Received: by mail.emediaone.net (Postfix, from userid 1004) id 2C0A7450A5; Sat, 21 Aug 2004 11:58:00 +0800 (SGT) Received: from [192.168.88.38] (unknown [202.147.34.66]) by mail.emediaone.net (Postfix) with ESMTP id 2655645076 for ; Sat, 21 Aug 2004 11:57:58 +0800 (SGT) Mime-Version: 1.0 (Apple Message framework v619) Content-Transfer-Encoding: 7bit Message-Id: <3ABA53F8-F323-11D8-A696-00039311ED22@sycorax.ath.cx> Content-Type: text/plain; charset=US-ASCII; format=flowed To: pf4freebsd@freelists.org From: Jett Tayer X-Mailer: Apple Mail (2.619) X-Virus-Scanned: by amavisd-new at freelists.org X-archive-position: 426 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: jett@sycorax.ath.cx Precedence: normal X-list: pf4freebsd X-Virus-Scanned: by amavisd-new at freelists.org X-Provags-Forward: max@love2party.net -> max.laier@stud.uni-karlsruhe.de X-Scan-Signature: 46817b9df65fcc8f791f125326143b16 X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mail6.rz.uni-karlsruhe.de X-Spam-Status: No, hits=-4.9 required=7.0 tests=BAYES_00 autolearn=no version=2.61 X-Spam-Level: X-UID: 528 X-Length: 7490 X-Mailman-Approved-At: Thu, 16 Sep 2004 04:17:51 +0000 Subject: [pf4freebsd] pf and spamd X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 04:12:51 -0000 X-Original-Date: Sat, 21 Aug 2004 11:36:04 +0800 X-List-Received-Date: Thu, 16 Sep 2004 04:12:51 -0000 hello, Im using FreeBSD 5.2.1 and im having problems making pf work with spamd (mail/spamd) when i try load one of my ip addresses in table and try to telnet to it at port 25 from another server whose ip is added in spamd table, i can't see the usual: Escape character is '^]'. 220 mybox.myhostname.mydomain ESMTP spamd IP-based SPAM blocker; Sat Aug 21 11:27:57 2004 it just say Trying mybox.myhostname.mydomain... and thats it. below is my pf.conf # pf.conf # Macros # ext_if -- the interface to the outside world ext_if="em0" priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" icmp_types= "echoreq" # Tables: table persist # Options set timeout { interval 10, frag 30 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } set timeout { adaptive.start 0, adaptive.end 0 } set limit { states 10000, frags 5000 } set require-order yes set block-policy drop set optimization normal set loginterface none set fingerprints "/usr/local/etc/pf.os" # Normalize packets scrub in all scrub out all no rdr on { lo0 } from any to any rdr inet proto tcp from to any port smtp -> 127.0.0.1 port 8025 pass in quick inet proto tcp from to 127.0.0.1 port 8025 keep state # Filter packets # block all incoming connections sent from the outside # log all blocked packets block in log all block drop in quick on $ext_if from $priv_nets to any block drop out quick on $ext_if from any to $priv_nets # block all inbound connections to port 113 (auth) # and return ICMP destination-unreachable block return-rst in quick on $ext_if proto tcp \ from any to $ext_if port auth pass out keep state pass in quick on lo0 all # pass all connections originating from external hosts to # port 22 (SSH) on the bastion host pass in quick on $ext_if proto tcp \ from any to $ext_if port 22 \ flags S/SA keep state # pass all connections originating from external hosts to # port 25 (SMTP) on the bastion host pass in quick on $ext_if inet proto tcp \ from any to $ext_if port 25 \ flags S/SA keep state # pass all connections originating from external hosts to # port 53 (DNS) on the bastion host pass in quick on $ext_if inet proto tcp \ from any to $ext_if port 53 \ flags S/SA keep state # pass all connections originating from external hosts to # port 53 (DNS) on the bastion host pass in quick on $ext_if inet proto udp \ from any to $ext_if port 53 \ keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass out quick on $ext_if proto { tcp,udp } \ from $ext_if to any keep state # antispoof rule on the external interface antispoof for $ext_if