Date: Sun, 26 Nov 2006 16:57:50 +0100 From: "Morgan" <freebsd-pf@pp.dyndns.biz> To: <freebsd-pf@freebsd.org> Subject: SV: using OpenBSD's spamd on fbsd Message-ID: <00b501c71173$a0c51410$152ea8c0@phobos> In-Reply-To: <82832a960611260621t688c69cfrf58118bca964f06a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm really trying to get it working, but so far zero success
> in catching any spam.
>
> my sockstat is:
>
> nobody spamd 96373 4 tcp4 192.168.1.65:8025 *:*
> nobody spamd 96373 5 tcp4 127.0.0.1:8026 *:*
>
> (is the 127.0.0.1:8026 right? in /etc/services it says spamd 8026)
My /etc/services looks like this:
spamd 8025/tcp # # spamd(8)
spamd-cfg 8026/tcp # # spamd(8) configuration
8026/tcp is the port spamd-setup uses to configure spamd with new
blacklisted ip-addresses on the fly. If both 8025 and 8026 are called spamd
in your /etc/services it's probably not a good thing.
> my pf.conf is:
>
> ext_if="fxp0"
>
> scrub in all
>
> table <spamd> persist
> rdr pass inet proto tcp from <spamd> to any \
> port smtp -> $ext_if port 8025
>
> pass in log on $ext_if proto tcp to any port smtp keep state
> pass out log on $ext_if proto tcp to port smtp keep state
These are my relevant parts:
table <spamd> persist
rdr on $ext_if proto tcp from <spamd> to any port 25 -> 127.0.0.1 port 8025
pass in quick on $ext_if inet proto tcp from any to any port { 25, 8025 }
flags S/SA keep state
* It's redundant (and probably not correct) to pass the data both in the RDR
rule and the pass rule further down.
* Your RDR rule lacks data on what interface it should work on. I'm not sure
if it defaults to ALL interfaces in that case but you should probably
specify the external interface.
* I'm redirecting to localhost as was shown in the setup example, it's
probably a bad idea security wise but it works for me. I'm not sure how the
RDR rule handles a redirect from/to the same interface. Maybe worth a try to
change that.
* Your pass rule seems to miss the source host "from any". Does pf load this
without complaining? Guess it doesn't matter anyway since you're passing the
packets in the RDR rule which I choose not to do.
> telnet 192.168.1.65 8025 works fine.
> (the box is behind a router which sends all smtp to this box)
>
> /var/log/spamd shows only:
>
> Nov 26 14:34:32 ebi spamd[95972]: listening for incoming connections.
> Nov 26 14:47:59 ebi spamd[95972]: 192.168.1.65: connected
> (1/0) Nov 26 14:49:08 ebi spamd[95972]: 192.168.1.65:
> disconnected after 69 seconds.
> Nov 26 14:50:25 ebi spamd[96100]: listening for incoming connections.
> Nov 26 14:55:15 ebi spamd[96215]: listening for incoming connections.
> Nov 26 15:02:58 ebi spamd[96373]: listening for incoming connections.
This looks good assuming you telneted from the box itself. By default the
logfile doesn't contain much info on each connection. A few examples from my
log:
Nov 24 09:11:01 gatekeeper spamd[1064]: 222.122.179.234: disconnected after
2 seconds. lists: korea
Nov 24 09:19:38 gatekeeper spamd[1064]: 222.122.179.234: connected (1/1),
lists: korea
Nov 24 09:26:16 gatekeeper spamd[1064]: 222.122.179.234: disconnected after
398 seconds. lists: korea
Nov 24 09:49:25 gatekeeper spamd[1064]: 213.41.75.81: connected (1/1),
lists: myblack
Nov 24 09:55:53 gatekeeper spamd[1064]: 213.41.75.81: disconnected after 388
seconds. lists: myblack
Nov 24 10:55:58 gatekeeper spamd[1064]: 213.41.75.81: connected (1/1),
lists: myblack
Nov 24 11:02:26 gatekeeper spamd[1064]: 213.41.75.81: disconnected after 388
seconds. lists: myblack
You can add pfspamd_flags="-v" to your /etc/rc.conf to have a more verbose
logging if you wish but it's generally not useful unless you want to make
detailed statistics of the blocked mail.
Except from the /etc/pf.conf parts I can't really see that there's anything
wrong with your setup. Unless my suggestions works I assume you simply don't
have had any connections yet from the addresses in the spamd table.
Regards
PP
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b501c71173$a0c51410$152ea8c0>