[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf rules blocking rdr to tarpit
After a quick look I don't see any obvious problems but you can try
debugging your setup with tcpdump.
Something like the following could be helpful:
# tcpdump -nettti pflog0
pflog0 normally is the pf logging interface.
Here is a short step-by-step guide:
1. Put the following rule at the top of your pf.conf:
pass quick all
2. Load your pf.conf and run the above mentioned tcpdump
3. Try telneting to your spamd (on another console, of course).
4. You should then see what exactly happens on which interface and what
needs to be set up ... hopefully ;-)
Because of your question about securing your mail server ... if you are
using sendmail you can perhaps set it up running in a dual sendmail config
so you have running two instances of sendmail, one "internal" and one
"external". The advantage about this is that the "external" instance can run
as non-root e. g. smmsp:smmsp, ergo less privileged.
If you have further questions about this "sendmail dual config" feel free to
read http://www.ijs.si/software/amavisd/README.sendmail-dual and as a last
chance try asking me ;-)
Btw. ... I ever wanted to ask on this list why OpenBSD doesn't come with
this "sendmail dual config" ... I should do that right now ;-)
Hope this helps,
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of
Sent: Sonntag, 28. September 2003 21:50
Subject: Re: pf rules blocking rdr to tarpit
Dave Taira said:
> So everything is blocked, and he explicitly allows only connections to
> his $ExtIf, but spoofed packets get dropped, rather than returned.
> Note that this doesn't address Jay's original issue. Nothing in the
> pf.conf looks like it should affect the rdr. Maybe it's a spamd config
> problem, rather than a pf problem?
Well, maybe - but spamd.conf is all about where to get blacklist data;
i.e. sources for the <spamd> table. I don't see anything in there that
could affect the ability of connections to get to the spamd port on
The limited info I could glean from 'pfctl -v -s rules' suggests that
the 'block all' rule is snagging the rdr (or its response). This in turn
suggests that I need a "pass" rule... but I don't know what that rule
I see there's a pf list... maybe I shoulda' posted this there?