Re: spamd openbsd 4.0 query
On Sun, 28 Jan 2007 19:19:09 +, John wrote: The only other thing I'm trying to find out now is whether whitelist.txt can use domains rather than dotted quads No. It doesn't do DNS as it is a fast lightweight single purpose MTA-like daemon. Besides which: Are you expecting to trust the domain in the HELO transaction? Or maybe you trust the envelope sender? Both are easily and commonly forged. R/ From the land down under: Australia. Do we look umop apisdn from up over?
Re: spamd openbsd 4.0 query
On Sun, Jan 28, 2007 at 09:17:15AM +, John . wrote: ...or maybe I've answered my own question :) Sometimes it helps to type it out. So, presumably spamd as actuated by PF takes care of the 100% certain spam, what is then accepted per user depends on invoking spamc/d via a procmail ruleset individually? Am I correct? I'm using Exim btw All that spamd does is tarpit any blacklisted IPs -- and, *if* you're using greylisting, eliminate the obviously fake MTAs. That's all. It does eliminate a great deal of spam, but... 1) it does not examine headers (beyond tuple for greylisting) 2) it does not examine content. [demime 1.01d removed an attachment of type application/pgp-signature]
Re: spamd openbsd 4.0 query
On Sun, Jan 28, 2007 at 09:54:07AM -0500, Josh Grosse wrote: All that spamd does is tarpit any blacklisted IPs -- and, *if* you're using greylisting, eliminate the obviously fake MTAs. That's all. It does eliminate a great deal of spam, but... 1) it does not examine headers (beyond tuple for greylisting) 2) it does not examine content. OK. Many thanks for your help. I seem to have a working config now! cheers -- John
Re: spamd openbsd 4.0 query
On Sat, Jan 27, 2007 at 05:17:04PM +, John . wrote: Hello list, I have an older openbsd 3.5 system that is running well just as a firewall NAT router, with 3 interfaces on it. Behind (and protected by) this is another machine. This particular machine was in use as a shell box, running ssh, web and mail under FreeBSD. I have converted it to OpenBSD 4.0. It gets lots of mail, and it has about 30 users on it. It has one NIC. I want to use PF to control spam. Question is, the pf.conf seems to want 2 interfaces in order to do this.. Is it permissable to set int_if and ext_if to be the same (same IP) or should I clone the interface? or is there another way that I haven't thought of? The 4.0 stock pf.conf doesn't need two interfaces for spamd. If you look closely you'll see everything for spamd is using $ext_if. The $int_if is there as example for other uses (ftp-proxy). Since you've brought up that you also have a 3.5 box... get that up to date! If all it's doing is NAT/firewall/routing then you should be able to get this up to 4.0 with minimum hassle, as in install a fresh 4.0 and reintroduce your pf and routing configuration. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/darrin/ |
Re: spamd openbsd 4.0 query
On Sat, Jan 27, 2007 at 05:17:04PM +, John . wrote: ...It gets lots of mail, and it has about 30 users on it. It has one NIC. I want to use PF to control spam. Question is, the pf.conf seems to want 2 interfaces in order to do this.. Is it permissable to set int_if and ext_if to be the same (same IP) or should I clone the interface? or is there another way that I haven't thought of? PF (and spamd) can be used as a termination point, the machine running spamd does not need to be a router. Here is an exerpt from my pf.conf configuration for spamd, where PF is running on the mail server: -- # spamd is automatically maintained by spamd(8) and related apps. # spamd-white is automatically maintained by spamd(8) and related apps. # mywhite is a manually maintained whitelist table spamd persist table spamd-white persist table mywhite persist file /etc/whitelist . . . # redirect blacklisted and greylisted email connections # rdr pass log proto tcp from spamd to any port smtp \ - 127.0.0.1 port spamd # do not redirect whitelisted: # no rdr proto tcp from mywhite to any port smtp # redirect everything else not in spamdb's whitelist: rdr pass log proto tcp from !spamd-white to any port smtp \ - 127.0.0.1 port spamd . . .