phil wrote:
[snip]
Have /etc/pf.conf setup like this:
[15:34:49] [EMAIL PROTECTED] /usr/local/www/data]# cat /etc/pf.conf | grep -v
"#"
scrub in all
table <spamd> persist file "/usr/local/etc/spamd.list"
rdr on $ext_if inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port
8025
pass in all
pass out all
pass out on $ext_if proto { tcp, udp } all keep state
First, I assume the filtering above is only for desperate testing
purposes... :-) I combine rdr and pass for spamd this way (found in
spamd(8), reading howtos shouldn't really be necessary):
rdr pass on $ext_if inet proto tcp from <spamd> to $ext_ip port smtp ->
127.0.0.1 port spamd
I'm not familiar with spamd on FreeBSD, only on OpenBSD. On OpenBSD,
running spamd without greylisting doesn't require traffic logging.
However, I understand that you want to log incoming traffic, and
therefore you need to instruct pf to do so (here I split rdr and pass,
as I don't know if pf accepts "log" in a combined rdr+pass):
rdr on $ext_if inet proto tcp from <spamd> to $ext_ip port smtp ->
127.0.0.1 port spamd
pass in log on $ext_if inet proto tcp from <spamd> to 127.0.0.1 port
spamd flags S/SA keep state
Now, if any spammer is caught, you should get some output when running
"tcpdump -i pflog0".
My IPs are in a flat text file that look like this (but have over 2000 lines in
it):
[snip]
I load the rules like this:
pfctl -t spamd -T replace -f /usr/local/etc/spamd.list
I let spamd-setup(8) maintain my blacklist:
# pfctl -Ts -t spamd | wc -l
7070
Good luck - I hope some of my brain fog is useful.
--Martin
