filter.inc.patch: necessary for the correct operation of spamd
Table <whitelist> exists but was never populated or used. Fixed.
Table <blacklist> exists but was never populated. Fixed.
Broken rule logic for whitelist entries, either (rdr) or (no rdr). Fixed.
Comments:
I guess no one noticed that the static whitelisting didn't work, since
the same entries would eventually be dynamically whitelisted anyway.
You can observe the broken behavior clearly by whitelisting a test IP
that is known to not be dynamically whitelisted already, then telneting
to any IP behind pfsense on port 25 from the test IP.
Having been whitelisted, you should not be rdr(ed) to spamd. But you are.
The problem was in using <spamd-white> as the same table for both static
and dynamic entries. spamlogd removes the entries immediately after
they're loaded.
Blacklisting (via /var/db/blacklist.txt) did not work.
813,822d812
< if(file_exists("/var/db/whitelist.txt"))
< $natrules .= "table <whitelist> persist file
\"/var/db/whitelist.txt\"\n";
< else
< $natrules .= "table <whitelist> persist\n";
< if(file_exists("/var/db/blacklist.txt"))
< $natrules .= "table <blacklist> persist file
\"/var/db/blacklist.txt\"\n";
< else
< $natrules .= "table <blacklist> persist\n";
< $natrules .= "table <spamd> persist\n";
< $natrules .= "table <spamd-white> persist\n";
823a814,821
> $natrules .= "table <whitelist> persist\n";
> $natrules .= "table <blacklist> persist\n";
> $natrules .= "table <spamd> persist\n";
> if(file_exists("/var/db/whitelist.txt"))
> $natrules .= "table <spamd-white> persist file
> \"/var/db/whitelist.txt\"\n";
> $natrules .= "rdr pass on {$wanif} proto tcp from <blacklist>
> to port smtp -> 127.0.0.1 port spamd\n";
> $natrules .= "rdr pass on {$wanif} proto tcp from <spamd> to
> port smtp -> 127.0.0.1 port spamd\n";
> $natrules .= "rdr pass on {$wanif} proto tcp from
> !<spamd-white> to port smtp -> 127.0.0.1 port spamd\n";
825,832c823,827
<
foreach($config['installedpackages']['spamdsettings']['config'] as $ss)
< $nextmta = $ss['nextmta'];
< if($nextmta <> "")
< $natrules .= "rdr pass on {$wanif} proto tcp from {
<spamd-white> <whitelist> } to port smtp -> {$nextmta} port smtp\n";
< else
< $natrules .= "no rdr on {$wanif} proto tcp from
<whitelist> to any port = smtp\n";
< $natrules .= "rdr pass on {$wanif} proto tcp from { <blacklist>
<spamd> } to port smtp -> 127.0.0.1 port spamd\n";
< $natrules .= "rdr pass on {$wanif} proto tcp from {
!<spamd-white> } to port smtp -> 127.0.0.1 port spamd\n";
---
>
> foreach($config['installedpackages']['spamdsettings']['config'] as $ss)
> $nextmta = $ss['nextmta'];
> if($nextmta <> "") {
> $natrules .= "rdr pass on {$wanif} proto tcp from
> <spamd-white> to port smtp -> {$nextmta} port smtp\n";
> }
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
