On Mon, Jan 07, 2008 at 01:26:07AM -0800, Robert Carr wrote:
>
> /var/log/spamd shows activity of hosts being
> grey-trapped, marked as (BLACK) or (GREY); spamdb
> shows trapped and white hosts.
>
> However, 'pfctl -t spamd -T show' shows nothing in the
> <spamd> table (<spamd-white> is being populated), and
> 'pfctl -sT -vv' shows that <spamd> has had no
> addresses and no matches. 209.210.237.2 is hitting
> spamd constantly, and I would expect it to be
> blacklisted into <spamd> at the least. Given that,
> does my pf.conf seem correct?
>
the way spamd handles blacklisted hosts changed a while back:
HISTORY
...
Blacklisted hosts are no longer stored in the <spamd> table when
operating in default mode for performance reasons.
so unless you're running spamd in blacklist-only mode (-b), pf will not
need a <spamd> table.
> =================================================
>
> Relevant portions of my pf.conf:
>
> table <spamd> persist
you don;t need the <spamd> table
> table <spamd-white> persist
> table <spamd-my-whitelist> persist file
> "/etc/mail/spamd-my-whitelist.txt"
>
you don;t need a <spamd-my-whitelist> table either - look at the example
of the "override" entry in spamd.conf(5). you can just specify your list
there.
>
> =================================================
>
> The man page for spamd says:
>
> >>
> When a host that is currently greylisted
> attempts to send mail to a spamtrap address, it
> is blacklisted for 24
> hours by adding the host to the spamd blacklist
> <spamd-greytrap>.
> <<
>
> Should I also have an rdr rule for <spamd-greytrap>?
>
no. the rules specified in spamd(8) (the default section, not
blacklist-only) and spamlogd(8) are enough.
jmc
