List Info

Thread: spamd-mywhite
spamd-mywhite
country flaguser name
United States		 2007-09-06 18:29:03 
Hi all,

I've been running pf+obspamd on FBSD 6.2-RELEASE.

I appear to be blocking some addresses that appear in my
spamd-mywhite file
and I don't understand why that would be the case here. I'm
guessing I've
screwed up my pf.conf file.

Here's my config file:

# pfctl -vvnf /etc/pf.conf
ext_if = "rl0"
int_if = "xl0"
internal_net = "192.168.1.1/24"
external_addr = "216.70.250.4"
vpn_net = "10.8.0.0/24"
NoRouteIPs = "{ 127.0.0.0/8 192.168.0.0/16
172.16.0.0/12 10.0.0.0/8 }"
webserver1 = "192.168.1.4"
set skip on 
set skip on 
0
scrub in all fragment reassemble
1
nat on rl0 inet from 192.168.1.0/24 to any -> (rl0)
round-robin
2
nat on rl0 inet from 10.8.0.0/24 to any -> (rl0)
round-robin
3
rdr on rl0 inet proto tcp from any to 216.70.250.4 port =
http ->
192.168.1.4 port 80
table <spamd> persist
table <spamd-white> persist
table <spamd-mywhite> persist file
"/usr/local/etc/spamd/spamd-mywhite"
table <spamd-alloweddomains> persist file
"/usr/local/etc/spamd/spamd.alloweddomains"
4
rdr pass inet proto tcp from <spamd-white:0> to
216.70.250.4 port = smtp
-> 127.0.0.1 port 25
5
rdr pass inet proto tcp from <spamd:0> to 216.70.250.4
port = smtp ->
127.0.0.1 port 8025
6
rdr pass inet proto tcp from ! <spamd-mywhite:0> to
216.70.250.4 port =
smtp -> 127.0.0.1 port 8025
7
pass in log inet proto tcp from any to 216.70.250.4 port =
smtp flags
S/SA synproxy state
8
pass out log inet proto tcp from 216.70.250.4 to any port =
smtp flags
S/SA synproxy state
9
pass in log inet proto tcp from 192.168.1.0/24 to
192.168.1.25 port =
smtp flags S/SA synproxy state
10
block drop in log all
11
pass in log quick on xl0 inet proto tcp from any to
192.168.1.25 port =
ssh flags S/SA synproxy state
12
block drop in log quick on rl0 inet from 127.0.0.0/8 to any
13
block drop in log quick on rl0 inet from 192.168.0.0/16 to
any
14
block drop in log quick on rl0 inet from 172.16.0.0/12 to
any
15
block drop in log quick on rl0 inet from 10.0.0.0/8 to any
16
block drop out log quick on rl0 inet from any to
127.0.0.0/8
17
block drop out log quick on rl0 inet from any to
192.168.0.0/16
18
block drop out log quick on rl0 inet from any to
172.16.0.0/12
19
block drop out log quick on rl0 inet from any to 10.0.0.0/8
20
block drop in log quick on ! xl0 inet from 192.168.1.0/24 to
any
21
block drop in log quick inet from 192.168.1.25 to any
22
pass in on xl0 inet from 192.168.1.0/24 to any
23
pass out log on xl0 inet from any to 192.168.1.0/24
24
pass out log quick on xl0 inet from any to 10.8.0.0/24
25
pass out on rl0 proto tcp all flags S/SA modulate state
26
pass out on rl0 proto udp all keep state
27
pass out on rl0 proto icmp all keep state
28
pass in on rl0 inet proto tcp from any to 192.168.1.4 port =
http flags
S/SA synproxy state
29
pass in on xl0 inet proto tcp from any to 192.168.1.25 port
= ssh keep
state

/var/log/pflog0 shows the following:

141748 rule 3/0(match): block in on rl0: 205.188.159.7.50805
>
216.70.250.4.25: S 1250664467:1250664467(0) win 32768
<mss 1460,wscale
0,nop>
2. 049208 rule 3/0(match): block in on rl0:
205.188.159.7.50805 >
216.70.250.4.25: S 1250664467:1250664467(0) win 32768
<mss 1460,wscale
0,nop>
3. 068169 rule 3/0(match): block in on rl0:
205.188.159.7.50805 >
216.70.250.4.25: S 1250664467:1250664467(0) win 32768
<mss 1460,wscale
0,nop>
5. 594277 rule 3/0(match): block in on rl0:
205.188.139.137.61419 >
216.70.250.4.25: S 2510359871:2510359871(0) win 24820
<nop,nop,sackOK,mss
1460>
525916 rule 3/0(match): block in on rl0: 205.188.159.7.50805
>
216.70.250.4.25: S 1250664467:1250664467(0) win 32768
<mss 1460,wscale
0,nop>

# pfctl -t spamd-mywhite -T show | grep 205.188.
No ALTQ support in kernel
ALTQ related functions disabled
   205.188.139.0/24
   205.188.144.0/24
   205.188.156.0/23
   205.188.157.0/24
   205.188.159.0/24

Thus 205.188.159.7 shouldn't be blocked.

# spamdb | grep 205.188.
WHITE|205.188.249.132|||1187218293|1187220082|1190330485|13|
0
WHITE|205.188.249.67|||1187823652|1187824708|1190935126|12|0

WHITE|66.179.205.188|||1186759482|1186761981|1189872409|9|0
#

spamdb doesn't show any entries for 205.188.159.7.

These entries are for AOL mail. I've received complaints
from AOL users of
mail bouncing back to them.

What am I doing wrong? Are CIDR records accepted by
pf+obspamd? I can't
trace the block back to the proper rules- i.e. rule 3/0 as
shown in pflog0
matches up with which rule in pf.conf?

Any suggestions are appreciated!

~Doug

_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: spamd-mywhite
country flaguser name
United States		 2007-09-10 18:21:00 
On Thu, 6 Sep 2007, Doug Sampson wrote:

> What am I doing wrong? Are CIDR records accepted by
pf+obspamd? I can't
> trace the block back to the proper rules- i.e. rule 3/0
as shown in pflog0
> matches up with which rule in pf.conf?

Maybe use "pfctl -vvsr" instead to see rule
numbers of already loaded 
rules (instead of your pf.conf)?


  Jeremy C. Reed
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )