Hi Renaud,
On Mon, Dec 10, 2007 at 04:50:36PM +0100, Paul de Weerd wrote:
| Have you actually seen these packets live on the wire ?
I re-read your original mail, and it turns out you have seen these
packets on the wire. Sorry for the too-quick-answer ;P
| I doubt it. In general (the recommended setup), pf redirects incoming
| requests to 127.0.0.1:8025, the port where spamd is listening *on
| localhost*. Replies such as ACK's etc. *MUST* originate from
| 127.0.0.1:8025 in this case. PF will take care of rewriting the packet
| to the address the client originally used to contact your mailserver
| (spamdserver).
For some reason, pf doesn't seem to take care of rewriting the return
traffic where it should. Can you confirm there is a matching pf-state
in the state table when you see this sort of traffic ?
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
