Will H. Backman wrote:
Is this a sane minimum configuration for "spamd -g" on a transparent
bridge? Is it unwise to only greylist?
I white-, black- and greylist (in that order). Greylisting requires
regular administration due to mail server pools and such. I have not
tested, but I strongly suspect that blacklisting blocks server pools
that you otherwise would have to consider whitelisting.
Of course, you could use greylisting as-is (without
administrating/whitelisting), but then you should calculate with the
risk of making legitimate legitimate mail bounce.
----
1. Create bridge with no IP's.
2. pf=YES and spamd_flags="-g" in /etc/rc.conf.local
3. Simple three line /etc/pf.conf:
ext_if="xl0"
rdr pass inet proto tcp from !<spamd-white> to any \
port smtp -> 127.0.0.1 port spamd
pass in on $ext_if route-to lo0 proto tcp from any to 127.0.0.1 port spamd
I have not set up a transparent bridge (with spamd, anyway), but i
suspect you might have to remove the "pass" in "rdr pass" to make the
"pass in..." rule being evaluated at all.
----
The third line of pf.conf was inspired by the example given here:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=108089194621750&w=2
I'm not sure if my modifications for this situation are correct.
Sounds reasonable.
/alexander
