From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 16 04:13:41 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 674)
	id C9EDA16A4CF; Thu, 16 Sep 2004 04:13:41 +0000 (GMT)
Delivered-To: mlaier@vampire.homelinux.org
Received: (qmail 96904 invoked by alias); 28 Aug 2004 20:17:32 -0000
Delivered-To: unirz@vampire.homelinux.org
Received: (qmail 96901 invoked from network); 28 Aug 2004 20:17:32 -0000
Received: from mailstud.rz.uni-karlsruhe.de (129.13.185.210)
  by p548081d7.dip.t-dialin.net with SMTP; 28 Aug 2004 20:17:32 -0000
Received: from spamstud.rz.uni-karlsruhe.de (spamstud.rz.uni-karlsruhe.de
	[129.13.185.237])
	by mailstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1)
	id 1C19fu-0002gh-F0 for max.laier@stud.uni-karlsruhe.de;
	Sat, 28 Aug 2004 22:19:46 +0200
Received: from localhost (exim@[127.0.0.1])
	by spamstud.rz.uni-karlsruhe.de with spam-scanned (Exim 4.34 #1)
	id 1C19fu-0006de-AK for max.laier@stud.uni-karlsruhe.de;
	Sat, 28 Aug 2004 22:19:46 +0200
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.176])
	by spamstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1)
	id 1C19fu-0006dT-7t for max.laier@stud.uni-karlsruhe.de;
	Sat, 28 Aug 2004 22:19:46 +0200
Received: from [212.227.126.213] (helo=mxng17.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1C19fu-0007bN-00
	for max.laier@stud.uni-karlsruhe.de; Sat, 28 Aug 2004 22:19:46 +0200
Received: from [206.53.239.180] (helo=turing.freelists.org)
	by mxng17.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1C19ft-0006lj-00
	for max@love2party.net; Sat, 28 Aug 2004 22:19:46 +0200
Received: from localhost (localhost [127.0.0.1])ESMTP
	id 14E5D72C2D3; Sat, 28 Aug 2004 15:17:18 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
 by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 11358-45; Sat, 28 Aug 2004 15:17:17 -0500 (EST)
Received: from turing (localhost [127.0.0.1])ESMTP
	id 88FC972C37A; Sat, 28 Aug 2004 15:17:17 -0500 (EST)
Received: with ECARTIS (v1.0.0; list pf4freebsd);
	Sat, 28 Aug 2004 15:17:00 -0500 (EST)
X-Original-To: pf4freebsd@freelists.org
Delivered-To: pf4freebsd@freelists.org
Received: from localhost (localhost [127.0.0.1])ESMTP id 1CAE272C2D3
	for <pf4freebsd@freelists.org>; Sat, 28 Aug 2004 15:17:00 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
 by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 11257-61 for <pf4freebsd@freelists.org>;
 Sat, 28 Aug 2004 15:17:00 -0500 (EST)
Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30])
	ESMTP id 2F06A72C0E2
	for <pf4freebsd@freelists.org>; Sat, 28 Aug 2004 15:16:59 -0500 (EST)
Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1])
	i7SKJNnd030733
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO)
	for <pf4freebsd@freelists.org>;
	Sat, 28 Aug 2004 22:19:24 +0200 (MEST)
Received: (from dhartmei@localhost)
	by insomnia.benzedrine.cx (8.13.0/8.12.10/Submit) id i7SKJNX7018879
	for pf4freebsd@freelists.org; Sat, 28 Aug 2004 22:19:23 +0200 (MEST)
From: Daniel Hartmeier <daniel@benzedrine.cx>
To: pf4freebsd@freelists.org
Message-ID: <20040828201923.GA31057@insomnia.benzedrine.cx>
References: <3ABA53F8-F323-11D8-A696-00039311ED22@sycorax.ath.cx>
	<200408211204.56633.max@love2party.net>
	<7A6783D3-F373-11D8-A696-00039311ED22@sycorax.ath.cx>
Mime-Version: 1.0
Content-Type: text/plain;
  charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7A6783D3-F373-11D8-A696-00039311ED22@sycorax.ath.cx>
User-Agent: Mutt/1.4.1i
X-Virus-Scanned: by amavisd-new at freelists.org
X-archive-position: 443
X-ecartis-version: Ecartis v1.0.0
Sender: pf4freebsd-bounce@freelists.org
Errors-To: pf4freebsd-bounce@freelists.org
X-original-sender: daniel@benzedrine.cx
Precedence: normal
X-list: pf4freebsd
X-Virus-Scanned: by amavisd-new at freelists.org
X-Provags-Forward: max@love2party.net -> max.laier@stud.uni-karlsruhe.de
X-Scan-Signature: 4fda330bd619e2d3d15f28c948e04e82
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
	mail6.rz.uni-karlsruhe.de
X-Spam-Status: No, hits=-4.9 required=7.0 tests=BAYES_00 autolearn=no 
	version=2.61
X-Spam-Level: 
X-UID: 538
X-Length: 5439
X-Mailman-Approved-At: Thu, 16 Sep 2004 04:17:51 +0000
Subject: [pf4freebsd] Re: pf and spamd
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Reply-To: pf4freebsd@freelists.org
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
Date: Thu, 16 Sep 2004 04:13:41 -0000
X-Original-Date: Sat, 28 Aug 2004 22:19:23 +0200
X-List-Received-Date: Thu, 16 Sep 2004 04:13:41 -0000

On Sat, Aug 21, 2004 at 09:10:30PM +0800, Jett Tayer wrote:

> # spamd-setup puts addresses to be redirected into table <spamd>.
> table <spamd> persist
> no rdr on { lo0 } from any to any
> rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025
> pass in on lo0 inet proto tcp from <spamd> to 127.0.0.1 port 8025

The connection is coming in on a real interface (not lo0), so you have
to pass it on that interface. If the above was your entire ruleset, that
would be no issue (as it passes by default), but I assume you have a
more complex ruleset which blocks, too. Alternatively, add the 'pass'
option to the 'rdr' rule, so it doesn't require another pass rule.

In general, add 'log' to all your 'block' rules and watch pflog for
blocked packets. That's the standard first step when debugging rulesets.

Daniel