|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Didier Wiroth (didier.wiroth
mcesr.etat.lu)
Date: Wed Mar 07 2007 - 07:52:38 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Didier Wiroth wrote:
> Hello,
>> i've started looking at spamd & to be honest i'm a little confused
>> even after reading man & google. could somebody run a quick check
>> over all of this to reassure me?
>>
>> NB special thanks to peter for http://home.nuug.no/~peter/pf/en/
>> this was a godsend!
>>
>> scenario:
>> pf fw running as inet gateway & NATs smtp to postfix on different
>> host. this works just fine but of course receives spam occasionally!
>> spamd appears to be a drop-on-top of your existing (working) MTA
>> config - i.e. no changes are required to my pf fw & postfix setup at
>> all. am i right?
>>
>> changes - all on postfix box only:
>>
>> - enabled pf & set a pf.conf (below)
>> - use default spamd.conf
>>
>> this seems to work but -
>>
>> i don't see a greylist table anywhere in pfctl -s all. is one needed?
> (I'm a novice too but as far as I understood ... ;-))
>
> You have to understand that there are "individual" different
> components in the openbsd spamd concept.
>
> 1) spamd daemon (the smtp ("fake sendmail daemon/emulator")),
> 2) spamd-setup
> 3) spamdlogd
> 4) pf
>
> Description of 1-4):
> 1) is the daemon which listens to the 8025 port
> 2) spamd-setup, is run via root's cronjob (see "sudo crontab -e -u
> root" and enable the spamd-setup entry)
> a) This program reads your spamd.conf and downloads the blacklisted
> hosts from the urls.
> b) It loads the blacklisted hosts in your spamd daemon (and stores
> them in /var/db/spamd)
> You can "not" view the downloaded blacklisted hosts with spamdb command.
> You can only view them afterwards in your log when a host is actuallly
> trapped:
> Mar 7 10:24:10 gate spamd[1986]: 124.254.44.216: connected (1/1),
> lists: nixspam china
> Mar 7 10:24:19 gate spamd[1986]: 124.254.44.216: disconnected after 9
> seconds. lists: nixspam china
> c) "and" now spamd-setup loads the blacklisted hosts in a pf table
> called <spamd> (which your redirect with the "rdr" rules")
>
> 3) spamlogd (see man 8 spamlogd), manipulates the spamd database
> (/var/db/spamd), handles the grey and white listed hosts.
> This program needs the "pass in log" and "pass out log" to be able to
> manage those.
>
> 4) Pf simply reads the table <spamd-white> / <spamd> tables and
> redirects them according to your rules.
>>
>> pf in-memory table spamd-white doesn't persist between reboots. is
>> this expected?
> Are you running spamdlogd, this is the daemon that should read and
> load the IPs (from spamd) in the pf table?
>
> Please note, to use your whitelist entry in spamd.conf you should have
> something like:
> all:\
> :spews1:whitelist:china:whitelist:korea:whitelist:
>
> You should really consider to use the latest "current"
> /etc/mail/spamd.conf from the cvs repository, as there are far better
> hosts in it.
>
> And lastly, there have been "LOTSSSSS" of changes in the upcoming 4.1
> spamd .... so .. stay tuned!
>
> Your rules look ok to me.
>
> Kind regards
> Didier
>
>
I forgot, to read the white and grey entries of spamd use the command:
spamdb
(see: man 8 spamdb)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]