Date: Sun, 26 Nov 2006 16:57:50 +0100 From: "Morgan" <freebsd-pf@pp.dyndns.biz> To: <freebsd-pf@freebsd.org> Subject: SV: using OpenBSD's spamd on fbsd Message-ID: <00b501c71173$a0c51410$152ea8c0@phobos> In-Reply-To: <82832a960611260621t688c69cfrf58118bca964f06a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm really trying to get it working, but so far zero success > in catching any spam. > > my sockstat is: > > nobody spamd 96373 4 tcp4 192.168.1.65:8025 *:* > nobody spamd 96373 5 tcp4 127.0.0.1:8026 *:* > > (is the 127.0.0.1:8026 right? in /etc/services it says spamd 8026) My /etc/services looks like this: spamd 8025/tcp # # spamd(8) spamd-cfg 8026/tcp # # spamd(8) configuration 8026/tcp is the port spamd-setup uses to configure spamd with new blacklisted ip-addresses on the fly. If both 8025 and 8026 are called spamd in your /etc/services it's probably not a good thing. > my pf.conf is: > > ext_if="fxp0" > > scrub in all > > table <spamd> persist > rdr pass inet proto tcp from <spamd> to any \ > port smtp -> $ext_if port 8025 > > pass in log on $ext_if proto tcp to any port smtp keep state > pass out log on $ext_if proto tcp to port smtp keep state These are my relevant parts: table <spamd> persist rdr on $ext_if proto tcp from <spamd> to any port 25 -> 127.0.0.1 port 8025 pass in quick on $ext_if inet proto tcp from any to any port { 25, 8025 } flags S/SA keep state * It's redundant (and probably not correct) to pass the data both in the RDR rule and the pass rule further down. * Your RDR rule lacks data on what interface it should work on. I'm not sure if it defaults to ALL interfaces in that case but you should probably specify the external interface. * I'm redirecting to localhost as was shown in the setup example, it's probably a bad idea security wise but it works for me. I'm not sure how the RDR rule handles a redirect from/to the same interface. Maybe worth a try to change that. * Your pass rule seems to miss the source host "from any". Does pf load this without complaining? Guess it doesn't matter anyway since you're passing the packets in the RDR rule which I choose not to do. > telnet 192.168.1.65 8025 works fine. > (the box is behind a router which sends all smtp to this box) > > /var/log/spamd shows only: > > Nov 26 14:34:32 ebi spamd[95972]: listening for incoming connections. > Nov 26 14:47:59 ebi spamd[95972]: 192.168.1.65: connected > (1/0) Nov 26 14:49:08 ebi spamd[95972]: 192.168.1.65: > disconnected after 69 seconds. > Nov 26 14:50:25 ebi spamd[96100]: listening for incoming connections. > Nov 26 14:55:15 ebi spamd[96215]: listening for incoming connections. > Nov 26 15:02:58 ebi spamd[96373]: listening for incoming connections. This looks good assuming you telneted from the box itself. By default the logfile doesn't contain much info on each connection. A few examples from my log: Nov 24 09:11:01 gatekeeper spamd[1064]: 222.122.179.234: disconnected after 2 seconds. lists: korea Nov 24 09:19:38 gatekeeper spamd[1064]: 222.122.179.234: connected (1/1), lists: korea Nov 24 09:26:16 gatekeeper spamd[1064]: 222.122.179.234: disconnected after 398 seconds. lists: korea Nov 24 09:49:25 gatekeeper spamd[1064]: 213.41.75.81: connected (1/1), lists: myblack Nov 24 09:55:53 gatekeeper spamd[1064]: 213.41.75.81: disconnected after 388 seconds. lists: myblack Nov 24 10:55:58 gatekeeper spamd[1064]: 213.41.75.81: connected (1/1), lists: myblack Nov 24 11:02:26 gatekeeper spamd[1064]: 213.41.75.81: disconnected after 388 seconds. lists: myblack You can add pfspamd_flags="-v" to your /etc/rc.conf to have a more verbose logging if you wish but it's generally not useful unless you want to make detailed statistics of the blocked mail. Except from the /etc/pf.conf parts I can't really see that there's anything wrong with your setup. Unless my suggestions works I assume you simply don't have had any connections yet from the addresses in the spamd table. Regards PP
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b501c71173$a0c51410$152ea8c0>