From owner-freebsd-pf@FreeBSD.ORG Wed Oct 24 09:15:14 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20DFE16A418 for ; Wed, 24 Oct 2007 09:15:14 +0000 (UTC) (envelope-from dssampson@yahoo.com) Received: from web35813.mail.mud.yahoo.com (web35813.mail.mud.yahoo.com [66.163.179.182]) by mx1.freebsd.org (Postfix) with SMTP id E5BDD13C4A8 for ; Wed, 24 Oct 2007 09:15:13 +0000 (UTC) (envelope-from dssampson@yahoo.com) Received: (qmail 39044 invoked by uid 60001); 24 Oct 2007 08:48:24 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=4qd0yT5nxjC6McfUZ5n0HkplZ2hnmGxrF9d+Zw22Po4n05amvVtfJ9ZHcipytgfKku6mtItbIyZ1M8eJIv19r5fr6SIPzTWQ3XRlaHgZu0Z9OTVKul2fxQ0SgA44pdqkUau8UMbiffvv0vrHJr75XDmwit5XWSTfZlnwzkLGF84=; X-YMail-OSG: TcyBBEoVM1nSXM05lK5.Laqgaa7Buz6d7CSHysNo1gRsPkPd8lA3_K9B2LNyTpcr6w-- Received: from [216.70.250.2] by web35813.mail.mud.yahoo.com via HTTP; Wed, 24 Oct 2007 01:48:24 PDT X-Mailer: YahooMailRC/814.06 YahooMailWebService/0.7.134.12 Date: Wed, 24 Oct 2007 01:48:24 -0700 (PDT) From: dssampson@yahoo.com To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-ID: <680860.38462.qm@web35813.mail.mud.yahoo.com> Subject: spamd nonfunctioning due to power outage in SD X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2007 09:15:14 -0000 I had a power outage to our building due to the fires in San Diego and it c= rashed those without UPSes. One of them is the spamd machine. I've brought = it back up and ran fsck on all volumes. However, mail will not come into ou= r mailboxes from outside but mail can be delivered to outside recipients. I= can telnet into the spamd machine and send mail externally and internally.= Postfix seems to be ok. When I stop pf, mail from the outside of our LAN c= ome pouring in. When I start up pf, inbound mail comes to a stop. In the sp= amd log, I see all kinds of connections being blacklisted and greylisted bu= t still not one mail is being delivered. I am using spamd-mywhite as my whi= telist and put all known GMail IP addresses on it. I then send an email fro= m my GMail account to this machine. It gets greylisted and eventually sits = in the greylist for quite a while. I also see ports 25 open on both externa= l and internal NICs and port 8025 open on the localhost interface.=0A=0AI n= eed assistance in troubleshooting this. Running spamd 4.1.2 on FreeBSD 6.2.= We average 800 valid mail per day and so far in the last 24 hours, not one= mail has come through using the existing spamd configuration.=0A=0Amailfil= ter-root@/usr/ports# pfctl -vvnf /etc/pf.conf=0Aext_if =3D "rl0"=0Aint_if = =3D "xl0"=0Ainternal_net =3D "192.168.1.1/24"=0Aexternal_addr =3D "216.70.2= 50.4"=0Avpn_net =3D "10.8.0.0/24"=0Aicmp_types =3D "echoreq"=0ANoRouteIPs = =3D "{ 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 }"=0Awebserver1 = =3D "192.168.1.4"=0Aset skip on { lo0 }=0Aset skip on { gif0 }=0A@0 scrub i= n all fragment reassemble=0A@1 nat on rl0 inet from 192.168.1.0/24 to any -= > (rl0) round-robin=0A@2 nat on rl0 inet from 10.8.0.0/24 to any -> (rl0) r= ound-robin=0A@3 rdr on rl0 inet proto tcp from any to 216.70.250.4 port =3D= http -> 192.168.1.4 port 80=0Atable persist=0Atable = persist=0Atable persist file "/usr/local/etc/spamd/spamd-my= white"=0A@4 rdr inet proto tcp from to 216.70.250.4 port = =3D smtp -> 127.0.0.1 port 25=0A@5 rdr inet proto tcp from = to 216.70.250.4 port =3D smtp -> 127.0.0.1 port 25=0A@6 rdr pass inet proto= tcp from to 216.70.250.4 port =3D smtp -> 127.0.0.1 port 8025=0A= @7 rdr pass inet proto tcp from ! to 216.70.250.4 port =3D = smtp -> 127.0.0.1 port 8025=0A@8 pass in log inet proto tcp from any to 216= .70.250.4 port =3D smtp flags S/SA synproxy state=0A@9 pass out log inet pr= oto tcp from 216.70.250.4 to any port =3D smtp flags S/SA synproxy state=0A= @10 pass in log inet proto tcp from 192.168.1.0/24 to 192.168.1.25 port =3D= smtp flags S/SA synproxy state=0A@11 block drop in log all=0A@12 pass in l= og quick on xl0 inet proto tcp from any to 192.168.1.25 port =3D ssh flags = S/SA synproxy state=0A@13 block drop in log quick on rl0 inet from 127.0.0.= 0/8 to any=0A@14 block drop in log quick on rl0 inet from 192.168.0.0/16 to= any=0A@15 block drop in log quick on rl0 inet from 172.16.0.0/12 to any=0A= @16 block drop in log quick on rl0 inet from 10.0.0.0/8 to any=0A@17 block = drop out log quick on rl0 inet from any to 127.0.0.0/8=0A@18 block drop out= log quick on rl0 inet from any to 192.168.0.0/16=0A@19 block drop out log = quick on rl0 inet from any to 172.16.0.0/12=0A@20 block drop out log quick = on rl0 inet from any to 10.0.0.0/8=0A@21 block drop in log quick on ! xl0 i= net from 192.168.1.0/24 to any=0A@22 block drop in log quick inet from 192.= 168.1.25 to any=0A@23 pass in on xl0 inet from 192.168.1.0/24 to any=0A@24 = pass out log on xl0 inet from any to 192.168.1.0/24=0A@25 pass out log quic= k on xl0 inet from any to 10.8.0.0/24=0A@26 pass out on rl0 proto tcp all f= lags S/SA modulate state=0A@27 pass out on rl0 proto udp all keep state=0A@= 28 pass out on rl0 proto icmp all keep state=0A@29 pass in on rl0 inet prot= o tcp from any to 192.168.1.4 port =3D http flags S/SA synproxy state=0A@30= pass in on xl0 inet proto tcp from any to 192.168.1.25 port =3D ssh keep s= tate=0Awarning: macro 'icmp_types' not used=0Amailfilter-root@/usr/ports# = =0A=0AWhat's the quickest way to recover from this? Any other troubleshooti= ng techniques?=0A=0A~Doug=0A=0A=0A=0A______________________________________= ____________=0ADo You Yahoo!?=0ATired of spam? Yahoo! Mail has the best sp= am protection around =0Ahttp://mail.yahoo.com