n00b spamd/spamdb question
I've finally started using spamd on a new mail server, and am seeing some results that I don't understand. (I'm also using smtpd(8) now, so this is all new software to me...) 1 - spamdb(8) shows nothing but WHITE-listed entries 2 - but spamd(8) (running with -v -G 2:4:864) logs almost every one of those WHITE IP addresses as either being greylisted or blacklisted. Shouldn't those be showing up as BLACK in spamdb, not WHITE ? Some, but not all, of these are making it through to smtpd, which then rejects most of those emails based on syntax errors, bad recipients, etc. My best guess so far is that I've got the -G passtime too low, and everyone talking to me so far is really aggressive and actually retries correctly...? This server is still only a secondary MX for the domains that get hit with lots of spam, so that's actually plausible. -- -Adam Thompson athom...@athompso.net
Re: n00b spamd/spamdb question
Date: Thu, 21 Aug 2014 13:11:23 -0500 From: Adam Thompson athom...@athompso.net To: OpenBSD-misc list misc@openbsd.org I've finally started using spamd on a new mail server, and am seeing some results that I don't understand. (I'm also using smtpd(8) now, so this is all new software to me...) That is exciting. spamd and smtpd are excellent imho. I recommend you continue to read the man pages until you have a better understanding of how they work. 1 - spamdb(8) shows nothing but WHITE-listed entries 2 - but spamd(8) (running with -v -G 2:4:864) logs almost every one of those WHITE IP addresses as either being greylisted or blacklisted. Shouldn't those be showing up as BLACK in spamdb, not WHITE ? spamdb(8) indicates 4 different entry types. BLACK is not an entry type. My best guess so far is that I've got the -G passtime too low, and everyone talking to me so far is really aggressive and actually retries correctly...? This server is still only a secondary MX for the domains that get hit with lots of spam, so that's actually plausible. I would recommend using the default spamd values. Cheers.
Re: n00b spamd/spamdb question
On 14-08-21 01:50 PM, Steven Roberts wrote:
I recommend you continue to read the man pages until you have
a better understanding of how they work.
I've already read them several times. The problem, as in all our man
pages, is that once I know what I'm looking for, it's (usually)well
documented.
However, if I don't know what I'm looking for yet, they don't tell me
what questions to ask - manpages don't solve second-order ignorance[1].
For that, I've been reading Peter H{ansteen,essler}'s blog entries and
presentations, but of course that only produces limited results until
backfilled with operational experience.
spamdb(8) indicates 4 different entry types.
BLACK is not an entry type.
Oops. I see that now. Then how do I see what IPs are blacklisted
without becoming a human version of spamd-setup(8)?
I would recommend using the default spamd values.
Easy enough. We'll see what happens when this becomes the primary MX.
Absent content filtering, I anticipate a large upswing in the amount of
spam landing in my inbox...
[1] http://www-plan.cs.colorado.edu/diwan/3308-07/p17-armour.pdf
--
-Adam Thompson
athom...@athompso.net
Re: n00b spamd/spamdb question
Oops. I see that now. Then how do I see what IPs are blacklisted without becoming a human version of spamd-setup(8)? If running spamd in default mode ... 1. spamdb(8), TRAPPED entries. 2. The spamd.conf(5) file is read by spamd-setup(8) to configure blacklists for spamd(8). I am not aware of a way to fetch the blacklist directly from spamd. I believe 'spamd-cfg' services(5) is for sending data only. P.S. The sender does not need to be blacklisted in order to prevent their spam from reaching your smtpd. Check out your /var/log/daemon to monitor connections/activity etc.
