> I'm really trying to get it working, but so far zero
success
> in catching any spam.
>
> my sockstat is:
>
> nobody spamd 96373 4 tcp4 192.168.1.65:8025
*
> nobody spamd 96373 5 tcp4 127.0.0.1:8026
*
>
> (is the 127.0.0.1:8026 right? in /etc/services it says
spamd 8026)
My /etc/services looks like this:
spamd 8025/tcp # # spamd(8)
spamd-cfg 8026/tcp # # spamd(8) configuration
8026/tcp is the port spamd-setup uses to configure spamd
with new
blacklisted ip-addresses on the fly. If both 8025 and 8026
are called spamd
in your /etc/services it's probably not a good thing.
> my pf.conf is:
>
> ext_if="fxp0"
>
> scrub in all
>
> table <spamd> persist
> rdr pass inet proto tcp from <spamd> to
any
> port smtp -> $ext_if port 8025
>
> pass in log on $ext_if proto tcp to any port smtp keep
state
> pass out log on $ext_if proto tcp to port smtp keep
state
These are my relevant parts:
table <spamd> persist
rdr on $ext_if proto tcp from <spamd> to any port 25
-> 127.0.0.1 port 8025
pass in quick on $ext_if inet proto tcp from any to any port
{ 25, 8025 }
flags S/SA keep state
* It's redundant (and probably not correct) to pass the data
both in the RDR
rule and the pass rule further down.
* Your RDR rule lacks data on what interface it should work
on. I'm not sure
if it defaults to ALL interfaces in that case but you should
probably
specify the external interface.
* I'm redirecting to localhost as was shown in the setup
example, it's
probably a bad idea security wise but it works for me. I'm
not sure how the
RDR rule handles a redirect from/to the same interface.
Maybe worth a try to
change that.
* Your pass rule seems to miss the source host "from
any". Does pf load this
without complaining? Guess it doesn't matter anyway since
you're passing the
packets in the RDR rule which I choose not to do.
> telnet 192.168.1.65 8025 works fine.
> (the box is behind a router which sends all smtp to
this box)
>
> /var/log/spamd shows only:
>
> Nov 26 14:34:32 ebi spamd[95972]: listening for
incoming connections.
> Nov 26 14:47:59 ebi spamd[95972]: 192.168.1.65:
connected
> (1/0) Nov 26 14:49:08 ebi spamd[95972]: 192.168.1.65:
> disconnected after 69 seconds.
> Nov 26 14:50:25 ebi spamd[96100]: listening for
incoming connections.
> Nov 26 14:55:15 ebi spamd[96215]: listening for
incoming connections.
> Nov 26 15:02:58 ebi spamd[96373]: listening for
incoming connections.
This looks good assuming you telneted from the box itself.
By default the
logfile doesn't contain much info on each connection. A few
examples from my
log:
Nov 24 09:11:01 gatekeeper spamd[1064]: 222.122.179.234:
disconnected after
2 seconds. lists: korea
Nov 24 09:19:38 gatekeeper spamd[1064]: 222.122.179.234:
connected (1/1),
lists: korea
Nov 24 09:26:16 gatekeeper spamd[1064]: 222.122.179.234:
disconnected after
398 seconds. lists: korea
Nov 24 09:49:25 gatekeeper spamd[1064]: 213.41.75.81:
connected (1/1),
lists: myblack
Nov 24 09:55:53 gatekeeper spamd[1064]: 213.41.75.81:
disconnected after 388
seconds. lists: myblack
Nov 24 10:55:58 gatekeeper spamd[1064]: 213.41.75.81:
connected (1/1),
lists: myblack
Nov 24 11:02:26 gatekeeper spamd[1064]: 213.41.75.81:
disconnected after 388
seconds. lists: myblack
You can add pfspamd_flags="-v" to your
/etc/rc.conf to have a more verbose
logging if you wish but it's generally not useful unless you
want to make
detailed statistics of the blocked mail.
Except from the /etc/pf.conf parts I can't really see that
there's anything
wrong with your setup. Unless my suggestions works I assume
you simply don't
have had any connections yet from the addresses in the spamd
table.
Regards
PP
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|