Re: spamd in blacklist mode 4.8 not working?

[Boudewijn Dijkstra]

Op Wed, 25 May 2011 15:46:01 +0200 schreef Ivo Chutkin :

On 25.5.2011 P3. 15:32 Q%07., Stuart Henderson wrote:

On 2011-05-25, Ivo Chutkin  wrote:

Hello Misc,
Some months ago I upgraded my firewall to 4.8 -stable form 4.5.
Everything went well except my spamd setup. I run it in blacklist mode  
only.
It is running according to logs, netstat, ps ax and top. The table  
spamd

in pf.conf gets populated by spamd-setup but nothing gets to the spamd.
I am missing something obvious here but I am lost...


in /etc/rc look for this line

/usr/libexec/spamd-setup -D

please add -b to it, see if that helps, and report back.



I did so, but I am not able to reboot it now. It is production system.
When I get it done I will report back for sure.


You can run that as root without rebooting.

But, it should also be run periodically from crontab.


--
Gemaakt met Opera's revolutionaire e-mailprogramma:  
http://www.opera.com/mail/

(Remove the obvious prefix to reply.)

Re: spamd in blacklist mode 4.8 not working?

[Ivo Chutkin]

On 25.5.2011 P3. 15:32 Q., Stuart Henderson wrote:

On 2011-05-25, Ivo Chutkin  wrote:

Hello Misc,
Some months ago I upgraded my firewall to 4.8 -stable form 4.5.
Everything went well except my spamd setup. I run it in blacklist mode only.
It is running according to logs, netstat, ps ax and top. The table spamd
in pf.conf gets populated by spamd-setup but nothing gets to the spamd.
I am missing something obvious here but I am lost...


in /etc/rc look for this line

/usr/libexec/spamd-setup -D

please add -b to it, see if that helps, and report back.



I did so, but I am not able to reboot it now. It is production system.
When I get it done I will report back for sure.
Thanks,
Ivo

Re: spamd in blacklist mode 4.8 not working?

[Ivo Chutkin]

On 25.5.2011 P3. 15:25 Q., Joakim Aronius wrote:

* Ivo Chutkin (open...@bgone.net) wrote:

from pf.conf:

  pass in log on $ext300 proto tcp from  to any port smtp
rdr-to 127.0.0.1 port spamd

pass in log on $ext300 proto tcp from  to any port smtp
rdr-to 127.0.0.1 port spamd



Hard to tell as you only show parts of the config. It could be a problem 
related to the changes to pf between 4.6 and 4.7. You should probably take a 
look at the current spamd(8) man page and update your pf rules for spamd 
according to the example. And you need to check the pf logs to see what is 
actually happening.

Regards,
/Joakim




Hi Joakim,
You gave me the right hint. I put "quick" in the rule and it start to 
work. I have to check which rule lat spammers get in.

I did not post my pf.conf because it is very long and a lot altq rules.

Thanks for the help,
Ivo

Re: spamd in blacklist mode 4.8 not working?

[Joakim Aronius]

* Ivo Chutkin (open...@bgone.net) wrote:
> from pf.conf:
> 
>  pass in log on $ext300 proto tcp from  to any port smtp
> rdr-to 127.0.0.1 port spamd
> 
> pass in log on $ext300 proto tcp from  to any port smtp
> rdr-to 127.0.0.1 port spamd


Hard to tell as you only show parts of the config. It could be a problem 
related to the changes to pf between 4.6 and 4.7. You should probably take a 
look at the current spamd(8) man page and update your pf rules for spamd 
according to the example. And you need to check the pf logs to see what is 
actually happening.

Regards,
/Joakim

Re: spamd in blacklist mode 4.8 not working?

[Stuart Henderson]

On 2011-05-25, Ivo Chutkin  wrote:
> Hello Misc,
> Some months ago I upgraded my firewall to 4.8 -stable form 4.5.
> Everything went well except my spamd setup. I run it in blacklist mode only.
> It is running according to logs, netstat, ps ax and top. The table spamd 
> in pf.conf gets populated by spamd-setup but nothing gets to the spamd.
> I am missing something obvious here but I am lost...

in /etc/rc look for this line

/usr/libexec/spamd-setup -D

please add -b to it, see if that helps, and report back.

spamd in blacklist mode 4.8 not working?

[Ivo Chutkin]

Hello Misc,
Some months ago I upgraded my firewall to 4.8 -stable form 4.5.
Everything went well except my spamd setup. I run it in blacklist mode only.
It is running according to logs, netstat, ps ax and top. The table spamd 
in pf.conf gets populated by spamd-setup but nothing gets to the spamd.

I am missing something obvious here but I am lost...

Thanks for the help.


Here are my configs:

~ # cat /etc/rc.conf.local

# PF

pf=YES   # Packet filter / NAT

# SPAMD

spamd_flags="-bv"  # for normal use: ""

spamd_black=YES  # set to YES to run spamd without greylisting


from pf.conf:

 pass in log on $ext300 proto tcp from  to any port smtp rdr-to 
127.0.0.1 port spamd


pass in log on $ext300 proto tcp from  to any port smtp 
rdr-to 127.0.0.1 port spamd


~ # pfctl -t spamd -T show |wc -l
   51302

~ # netstat -anf inet | grep LISTEN
tcp  0  0  127.0.0.1.8026 *.*LISTEN
tcp  0  0  *.8025 *.*LISTEN
tcp  0  0  127.0.0.1.587  *.*LISTEN
tcp  0  0  127.0.0.1.25   *.*LISTEN
tcp  0  0  *.37   *.*LISTEN
tcp  0  0  *.13   *.*LISTEN
tcp  0  0  *.113  *.*LISTEN
tcp  0  0  *.22   *.*LISTEN


~ # tail -f /var/log/spamd
~ # tail -f /var/log/spamd
Apr  2 18:45:59 core spamd[13791]: listening for incoming connections.
Apr  2 18:55:48 core spamd[24760]: listening for incoming connections.
Apr  2 19:45:56 core spamd[6987]: listening for incoming connections.
May 25 11:21:34 core spamd[25947]: listening for incoming connections.