Re: spamd issues

Tue, 06 Jan 2009 19:11:44 -0800 

On Tue, Jan 06, 2009 at 08:26:37PM -0500, Frank Bax wrote:
> I notice that one example line was removed:
>    table <spamd> persist
> I guess I can delete that line from my file too?

Er, you'll still need that unless something's happened that I totally
missed.

> I notice that the two example rules that were changed match my 2nd and
> 4th rules.  That cannot be coincidence.
>
> in_mx="127.0.0.1"
> rdr pass on $ext_if proto tcp from <spamd-mywhite> to port smtp \
>         -> $in_mx port smtp
> rdr pass on $ext_if proto tcp from <spamd> to port smtp \
>         -> 127.0.0.1 port spamd
> rdr pass on $ext_if proto tcp from <spamd-white> to port smtp \
>         -> $in_mx port smtp
> rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
>         -> 127.0.0.1 port spamd
>
> Should I change my file to:
>
> rdr pass on $ext_if proto tcp from <spamd-mywhite> to port smtp \
>         -> $in_mx port smtp
> no rdr on $ext_if proto tcp from <spamd-white> to any port smtp
> rdr pass on $ext_if proto tcp from <spamd-white> to port smtp \
>         -> $in_mx port smtp
> rdr pass on $ext_if proto tcp from any to any port smtp \
>       -> 127.0.0.1 port spamd
>
> I'm thinking my 3rd rule is now redundant - is this correct?

I'm a little confused. Do you have separate firewall & mail server, and
are running spamd on the firewall? If so I think the following
(untested) should work:

rdr pass on $ext_if proto tcp from <spamd-mywhite> to any port smtp \
        -> $in_mx port smtp
rdr pass on $ext_if proto tcp from <spamd-white> to any port smtp \
        -> $in_mx port smtp
rdr pass on $ext_if proto tcp from any to any port smtp \
        -> 127.0.0.1 port spamd


If you are running spamd on your mail server then it's a bit simpler:

no rdr on $ext_if proto tcp from <spamd-mywhite> to any port smtp
no rdr on $ext_if proto tcp from <spamd-white> to any port smtp
rdr pass on $ext_if proto tcp from any to any port smtp \
       -> 127.0.0.1 port spamd

--
Darrin Chandler            |  Phoenix BSD User Group  |  MetaBUG
[email protected]   |  http://phxbug.org/      |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG
Federation

[demime 1.01d removed an attachment of type application/pgp-signature]

Reply via email to