On Mon, Sep 12, 2005 at 10:16:45AM -0400, Jason Haag wrote:
>
> > 3) spamlogd is supposed to whitelist mailhosts that my MTA
> > send mail to.
> > I have these entries in pf.conf:
> >
> > pass in on $ExtIF inet proto tcp from any \
> > to $PublicServer port { imaps, www, https } \
> > flags S/SA keep state
> > pass in log on $ExtIF inet proto tcp from any \
> > to $PublicServer port smtp keep state
> > pass out on $ExtIF inet proto tcp all \
> > flags S/SA keep state
> > pass out log on $ExtIF inet proto tcp from $PublicServer \
> > to any port smtp keep state
> >
> > But it seem only the incoming traffic is being logged. I guess I have
> > the rule order wrong or conflicting but I don't see why?
>
> For this I actually found the answer myself: $PublicServer only referred
> to the internal/private IP address, but the "pass out" rule needs the
> outside/public IP address. Work, brain, work!
>
i'm not sure i understand this. $PublicServer and outside/public IP are
addresses on the same machine?
i run spamlogd on a machine with a private IP, and it logs fine.
about your other questions i'm afraid i can't help much, but i think
/etc/security will complain if you leave a whitelist in /var/mail (not
sure of the point of putting it in /var/mail anyway; maybe should be
changed in default config).
jmc
