I am using spamd on several systems and started encountering a problem awhile
ago with FreeBSD 7.2 servers, but let it go since I am in the process of
upgrading the servers. However, I now am encountering the same issue on
FreeBSD 9.0 with spamlogd. It never reads pflog0. pflogd reads the entries
just fine. I set up syslog to log all the spamlogd messages and when spamlogd
is started it gives:
spamlogd: Listening on pflog0 for all interfaces.
lsof shows that it is connected to bpf0 as is pflogd. However, pflogd shows an
offset into the file that appears to be the end of the file. spamlogd shows an
offset of 0. It is periodically reading the file as shown by ktrace but always
getting back a 0 size return. spamd itself is working just fine. However, the
expiration times are not being updated so white entries are timed out way too
often. spamlogd used to update them. The rc.conf entries are:
obspamd_enable="YES"
obspamd_flags="-G 2:1:1728"
obspamd_setup_flags=""
obspamd_grey=YES
obspamlogd_enable="YES"
obspamlogd_flags="-W 1728"
These were established a few years ago and worked up till short while ago. I
don't recall any changes I made to anything, but…
Looking through the spamlogd source it appears to be building a filter for the
pcap routines with:
"ip and port 25 and action pass and tcp[13]&0x12=0x2"
Using that filter on pflog yields no output. I believe the pass item requires
there to be some logging of the pass actions and those are not appearing in the
pflog or in the pfctl counts for those rules. I suspect that is the problem.
The pf.conf is: (mail server is on this machine)
ext_if="em0"
table <blackhole> persist file "/etc/blackhole"
table <spamd> persist
table <spamd-white> persist
table <spamd-white-local> persist file "/etc/mail/whitelist"
no rdr on { lo0, lo1 } from any to any
no rdr on { lo0, lo1 } from any to any
MAILHOSTS = "{zool.lafn.org 10.0.1.10}"
rdr pass log on $ext_if inet proto tcp from <spamd-white-local> to port smtp ->
127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp from <spamd-white> to port smtp ->
127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp to $MAILHOSTS port smtp -> 127.0.0.1
port spamd
pass in on lo0
pass in log on $ext_if inet proto tcp to 127.0.0.1 port smtp
pass out log on $ext_if inet proto tcp from 127.0.0.1 to any port smtp
block in quick log on $ext_if from <blackhole> to any
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
