[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Question Regarding greylisting and spamd

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: A Question Regarding greylisting and spamd
From: eric <eric-list-openbsd-misc_(_at_)_catastrophe_(_dot_)_net>
Date: Mon, 11 Apr 2005 12:44:19 -0500
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
Organization: Catastrophe.Net <http://www.catastrophe.net/>

When spamd is working in greylist mode, should all of the connections made
to the daemon be ratelimited? I was under the impression that only those
listings in a blacklist would be ratelimited.

I followed the configuration here...

<http://www.elwood.net/greyspamd.html>

...and referenced man pages as needed.

My setup is the default and I'm using the following....

/etc/pf.conf
ms="modulate state"
ext_if="fxp0"

table <spamd> persist
table <spamd-white> persist
table <spamd-mywhite> persist file "/var/db/mxwhitelist.txt"

rdr pass on $ext_if proto tcp from <spamd-mywhite> to port smtp \
        -> $ext_if port smtp
rdr pass on $ext_if proto tcp from <spamd> to port smtp \
        -> 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
        -> 127.0.0.1 port spamd
pass in on  $ext_if inet proto tcp  from any       to $ext_if port 25   $ms

When looking for a listing in <spamd> I can't find my source IP address
(207.227.243.195).
$ sudo pfctl -t spamd -T show | grep 207.227.243 | wc -l
       0
So perhaps I misconfigured something? The machine is 3.6-STABLE.

I'm running spamd with these flags...

$ grep spamd /etc/rc.conf
spamd_flags="-G 10:4:432"	# for normal use: "" and see spamd-setup(8)
spamd_grey=YES			# use spamd greylisting if YES

Thanks. Just for reference, my /etc/spamd.conf is as follows...
Please don't kill me...I'm in learn mode :)


# /etc/spamd.conf
all:\
        :spamhaus:china:korea:mywhite:

spamhaus:\
        :black:\
        :msg="SPAM. Your address %A is in the Spamhaus Block List\n\
        See http://www.spamhaus.org/sbl and\
        http://www.abuse.net/sbl.phtml?IP=%A for more details":\
        :method=http:\
        :file=www.openbsd.org/spamd/SBL.cidr.gz

spews1:\
        :black:\
        :msg="SPAM. Your address %A is in the spews level 1 database\n\
        See http://www.spews.org/ask.cgi?x=%A for more details":\
        :method=http:\
        :file=www.openbsd.org/spamd/spews_list_level1.txt.gz

spews2:\
        :black:\
        :msg="SPAM. Your address %A is in the spews level 2 database\n\
        See http://www.spews.org/ask.cgi?x=%A for more details":\
        :method=http:\
        :file=www.openbsd.org/spamd/spews_list_level2.txt.gz

china:\
        :black:\
        :msg="SPAM. Your address %A appears to be from China\n\
        See http://www.okean.com/asianspamblocks.html for more details":\
        :method=http:\
        :file=www.openbsd.org/spamd/chinacidr.txt.gz

korea:\
        :black:\
        :msg="SPAM. Your address %A appears to be from Korea\n\
        See http://www.okean.com/asianspamblocks.html for more details":\
        :method=http:\
        :file=www.openbsd.org/spamd/koreacidr.txt.gz


mywhite:\
        :white:\
        :file=/var/db/mxwhitelist.txt

relaydb-black:\
        :black:\
        :msg="SPAM. Your address %A is in my relaydb list.":\
        :method=exec:\
        :file=relaydb -4lb:

relaydb-white:\
        :white:\
        :method=exec:\
        :file=relaydb -4lw:
#EOF

Follow-Ups:
- Re: A Question Regarding greylisting and spamd
  - From: eric
- Re: A Question Regarding greylisting and spamd
  - From: knitti
- Re: A Question Regarding greylisting and spamd
  - From: knitti

Prev by Date: Re: are these two different ways to write the same nat rule?
Next by Date: Re: A Question Regarding greylisting and spamd
Previous by thread: Re: are these two different ways to write the same nat rule?
Next by thread: Re: A Question Regarding greylisting and spamd
Index(es):
- Date
- Thread

Visit your host, monkey.org