Snapshot from 03/June : spamd working ?

Fri, 17 Jun 2005 05:03:08 -0700 

Hello all,
Not sure if I'm missing something here with spamd so I thought I'd ask the experts..... I have it setup with the default config file (snipped) ; 

[fw1]# cat /etc/spamd.conf

all:\
       :spamhaus:china:korea:

# Mirrored from http://spfilter.openrbl.org/data/sbl/SBL.cidr.bz2
spamhaus:\
       :black:\
       :msg="SPAM. Your address %A is in the Spamhaus Block List\n\
       See http://www.spamhaus.org/sbl and\
       http://www.abuse.net/sbl.phtml?IP=%A for more details":\
       :method=http:\
       :file=www.openbsd.org/spamd/SBL.cidr.gz:

# Mirrored from http://www.spews.org/spews_list_level1.txt
spews1:\
       :black:\
       :msg="SPAM. Your address %A is in the spews level 1 database\n\
       See http://www.spews.org/ask.cgi?x=%A for more details":\
       :method=http:\
       :file=www.openbsd.org/spamd/spews_list_level1.txt.gz:

# Mirrored from http://www.spews.org/spews_list_level2.txt
spews2:\
       :black:\
       :msg="SPAM. Your address %A is in the spews level 2 database\n\
       See http://www.spews.org/ask.cgi?x=%A for more details":\
       :method=http:\
       :file=www.openbsd.org/spamd/spews_list_level2.txt.gz:


and the relevant processes are running;
[firewall]# ps wax
 PID TT   STAT      TIME COMMAND
26310 ??  Is      0:00.01 ntpd: [priv] (ntpd)
26951 ??  Is      0:00.01 inetd
19580 ??  Is      0:00.18 /usr/sbin/sshd
26828 ??  Is      0:00.08 /usr/libexec/spamd
16673 ??  Is      0:00.20 sendmail: accepting connections (sendmail)


I have the cron job enabled for root;

[fw1]# crontab -l | grep spam

0       *       *       *       *       /usr/libexec/spamd-setup


I also have the relevant pf rule in place;

[firewall]# pfctl -vsn
rdr inet proto tcp from <spamd> to any port = smtp -> 127.0.0.1 port 8025

 [ Evaluations: 104628    Packets: 0         Bytes: 0           States: 
0     ]

 [ Inserted: uid 0 pid 25445 ]



and as you can see not one hit from a known spammer !


I run Mailscanner on my mailserver behind the openbsd box and he is 
still constantly rejecting mail from known spammers - this is part of my 
sendmail.mc file;


FEATURE(`dnsbl',`relays.ordb.org', `Rejected - see http://ordb.org/')dnl

FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`Rejected - see 
http://spamhaus.org/')dnl

FEATURE(`dnsbl',`list.dsbl.org',`554 Rejected - see http://dsbl.org/')dnl

FEATURE(`dnsbl',`smtp.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} 
" found in smtp.dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`opm.blitzed.org',`"554 Rejected " $&{client_addr} " 
found in opm.blitzed.org"')dnl
FEATURE(`dnsbl',`dul.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " 
found in dul.dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} " 
found in cbl.abuseat.org"')dnl


and, finally, some log entries;


Jun 17 19:49:29 inetmail sendmail[13126]: ruleset=check_relay, 
arg1=[210.213.176.247], arg2=127.0.0.4, relay=210.213.176.247.pldt.net 
[210.213.176.247] (may be forged), reject=

553 5.3.0 Rejected - see http://spamhaus.org/

Jun 17 20:41:26 inetmail sendmail[13390]: ruleset=check_relay, 
arg1=[61.96.162.88], arg2=127.0.0.4, relay=[61.96.162.88], reject=553 
5.3.0 Rejected - see http://spamhaus.org/




So given that both spamd and sendmail are configured to talk to 
spamhaus, why is openbsd 3.7 spamd not blocking connections from these 
guys ?


Thanks for reading this


Oh, here's my dmesg......

OpenBSD 3.7-current (GENERIC) #175: Fri Jun  3 18:00:08 MDT 2005
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 702 MHz

cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE

real mem  = 65576960 (64040K)
avail mem = 38232064 (37336K)
using 4130 buffers containing 16916480 bytes (16520K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(01) BIOS, date 04/07/00, BIOS32 rev. 0 @ 0xfb0c0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xb540
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/96 (4 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 4 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 11 12
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801AA LPC" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x4000! 0xcc000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82810" rev 0x03: rng active, 9Kb/sec

vga1 at pci0 dev 1 function 0 "Intel 82810 Graphics" rev 0x03: aperture 
at 0xd8000000, size 0x4000000

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 "Intel 82801AA Hub-to-PCI" rev 0x02
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "DEC 21154 PCI-PCI" rev 0x05
pci2 at ppb1 bus 2

fxp0 at pci2 dev 4 function 0 "Intel 82557" rev 0x05, i82558: irq 5, 
address 00:02:a5:2c:07:30

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0

fxp1 at pci2 dev 5 function 0 "Intel 82557" rev 0x05, i82558: irq 12, 
address 00:02:a5:2c:07:31

inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 0

fxp2 at pci1 dev 1 function 0 "Intel 82557" rev 0x08, i82559: irq 12, 
address 00:d0:b7:0a:59:55

inphy2 at fxp2 phy 1: i82555 10/100 PHY, rev. 4

fxp3 at pci1 dev 2 function 0 "Intel 82557" rev 0x05, i82558: irq 11, 
address ff:ff:ff:ff:ff:ff

fxp3: no phy found, using manual mode
ichpcib0 at pci0 dev 31 function 0 "Intel 82801AA LPC" rev 0x02

pciide0 at pci0 dev 31 function 1 "Intel 82801AA IDE" rev 0x02: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

wd0 at pciide0 channel 0 drive 1: <ST34342A>
wd0: 16-sector PIO, LBA, 4103MB, 8404830 sectors
wd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 31 function 2 "Intel 82801AA USB" rev 0x02: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82801AA SMBus" rev 0x02 at pci0 dev 31 function 3 not configured

auich0 at pci0 dev 31 function 5 "Intel 82801AA AC97" rev 0x02: irq 12, 
ICH AC97

ac97: codec id 0x41445348 (Analog Devices AD1881A)
ac97: codec features headphone, Analog Devices Phat Stereo
audio0 at auich0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask e765 netmask ff65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302























					Reply via email to