Re: spamd pf rules
On 2015-06-11, Jason Tubnor ja...@tubnor.net wrote: As Okan stated, your 5.6 man page is still correct for 5.7. It is only of issue when you move to 5.8-Release in November. correct. On 11 June 2015 at 11:51, Edgar Pettijohn III ed...@pettijohn-web.com wrote: On Jun 10, 2015, at 3:59 PM, Okan Demirmen wrote: On Wed 2015.06.10 at 15:43 -0500, Edgar Pettijohn III wrote: I've been using spamd for a while now. I was looking through my pf.conf and noticed that I had the following rules in regards to spamd. table spamd-white persist table nospamd persist file /etc/mail/nospamd pass in log on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd pass in on egress proto tcp from nospamd to any port smtp pass in on egress proto tcp from spamd-white to any port smtp pass out log on egress proto tcp to any port smtp Everything seems to work correctly, but I was thinking the rdr-to rule was wrong so I looked at spamd(8) and it shows a divert-to rule instead. When I change it to divert-to I get the following error: # pfctl -vf /etc/pf.conf /etc/pf.conf:19: address family mismatch for divert pfctl: Syntax error in config file: pf rules not loaded What should I do to fix this. Is the rdr-to rule sufficient or do I need to change it? Depends. 5.7 and prior used rdr-to; and -current switched to divert-to. Note that the address family mismatch error is because 5.7's pfctl parser was stricter about address families than -current. Previously it was a syntax error to specify redirecting to an IPv4 address if the other addresses on the line could match a v6 address; it was changed post-5.7 to allow the syntax (adding an implicit 'inet').
Re: spamd pf rules
On Jun 11, 2015, at 6:42 AM, Stuart Henderson wrote: On 2015-06-11, Jason Tubnor ja...@tubnor.net wrote: As Okan stated, your 5.6 man page is still correct for 5.7. It is only of issue when you move to 5.8-Release in November. correct. On 11 June 2015 at 11:51, Edgar Pettijohn III ed...@pettijohn-web.com wrote: On Jun 10, 2015, at 3:59 PM, Okan Demirmen wrote: On Wed 2015.06.10 at 15:43 -0500, Edgar Pettijohn III wrote: I've been using spamd for a while now. I was looking through my pf.conf and noticed that I had the following rules in regards to spamd. table spamd-white persist table nospamd persist file /etc/mail/nospamd pass in log on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd pass in on egress proto tcp from nospamd to any port smtp pass in on egress proto tcp from spamd-white to any port smtp pass out log on egress proto tcp to any port smtp Everything seems to work correctly, but I was thinking the rdr-to rule was wrong so I looked at spamd(8) and it shows a divert-to rule instead. When I change it to divert-to I get the following error: # pfctl -vf /etc/pf.conf /etc/pf.conf:19: address family mismatch for divert pfctl: Syntax error in config file: pf rules not loaded What should I do to fix this. Is the rdr-to rule sufficient or do I need to change it? Depends. 5.7 and prior used rdr-to; and -current switched to divert-to. Note that the address family mismatch error is because 5.7's pfctl parser was stricter about address families than -current. Previously it was a syntax error to specify redirecting to an IPv4 address if the other addresses on the line could match a v6 address; it was changed post-5.7 to allow the syntax (adding an implicit 'inet'). Thanks for all the replies. That was the conclusion I came up with. However my system was out of whack a little, so at least this non-issue brought that to my attention.
Re: spamd pf rules
As Okan stated, your 5.6 man page is still correct for 5.7. It is only of issue when you move to 5.8-Release in November. http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/pf.conf.5?query=pf%2econf - -current and 5.8, use/will use divert-to (Can't give you a link to the online pf.conf man page for 5.7 as it hasn't been snapped for 5.7-release) My man pages on my 5.7 hosts specify rdr-to Cheers, Jason. On 11 June 2015 at 11:51, Edgar Pettijohn III ed...@pettijohn-web.com wrote: On Jun 10, 2015, at 3:59 PM, Okan Demirmen wrote: On Wed 2015.06.10 at 15:43 -0500, Edgar Pettijohn III wrote: I've been using spamd for a while now. I was looking through my pf.conf and noticed that I had the following rules in regards to spamd. table spamd-white persist table nospamd persist file /etc/mail/nospamd pass in log on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd pass in on egress proto tcp from nospamd to any port smtp pass in on egress proto tcp from spamd-white to any port smtp pass out log on egress proto tcp to any port smtp Everything seems to work correctly, but I was thinking the rdr-to rule was wrong so I looked at spamd(8) and it shows a divert-to rule instead. When I change it to divert-to I get the following error: # pfctl -vf /etc/pf.conf /etc/pf.conf:19: address family mismatch for divert pfctl: Syntax error in config file: pf rules not loaded What should I do to fix this. Is the rdr-to rule sufficient or do I need to change it? Depends. 5.7 and prior used rdr-to; and -current switched to divert-to. http://www.openbsd.org/faq/current.html#20150518 Thanks I guess I missed that line. However, I think my system is out of whack. I upgraded to 5.7, but the spamd man page is from 5.6. Thanks for the lead. Edgar -- If my calculations are correct, when this baby hits 88MPH, you're gonna to see some serious shit - Emmett Doc Brown
Re: spamd pf rules
On Wed 2015.06.10 at 15:43 -0500, Edgar Pettijohn III wrote: I've been using spamd for a while now. I was looking through my pf.conf and noticed that I had the following rules in regards to spamd. table spamd-white persist table nospamd persist file /etc/mail/nospamd pass in log on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd pass in on egress proto tcp from nospamd to any port smtp pass in on egress proto tcp from spamd-white to any port smtp pass out log on egress proto tcp to any port smtp Everything seems to work correctly, but I was thinking the rdr-to rule was wrong so I looked at spamd(8) and it shows a divert-to rule instead. When I change it to divert-to I get the following error: # pfctl -vf /etc/pf.conf /etc/pf.conf:19: address family mismatch for divert pfctl: Syntax error in config file: pf rules not loaded What should I do to fix this. Is the rdr-to rule sufficient or do I need to change it? Depends. 5.7 and prior used rdr-to; and -current switched to divert-to. http://www.openbsd.org/faq/current.html#20150518 Thanks
Re: spamd pf rules
On Jun 10, 2015, at 3:59 PM, Okan Demirmen wrote: On Wed 2015.06.10 at 15:43 -0500, Edgar Pettijohn III wrote: I've been using spamd for a while now. I was looking through my pf.conf and noticed that I had the following rules in regards to spamd. table spamd-white persist table nospamd persist file /etc/mail/nospamd pass in log on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd pass in on egress proto tcp from nospamd to any port smtp pass in on egress proto tcp from spamd-white to any port smtp pass out log on egress proto tcp to any port smtp Everything seems to work correctly, but I was thinking the rdr-to rule was wrong so I looked at spamd(8) and it shows a divert-to rule instead. When I change it to divert-to I get the following error: # pfctl -vf /etc/pf.conf /etc/pf.conf:19: address family mismatch for divert pfctl: Syntax error in config file: pf rules not loaded What should I do to fix this. Is the rdr-to rule sufficient or do I need to change it? Depends. 5.7 and prior used rdr-to; and -current switched to divert-to. http://www.openbsd.org/faq/current.html#20150518 Thanks I guess I missed that line. However, I think my system is out of whack. I upgraded to 5.7, but the spamd man page is from 5.6. Thanks for the lead. Edgar
