On 2016/03/16 10:53, Damien Miller wrote: > On Tue, 15 Mar 2016, li...@wrant.com wrote: > > > What's going on with the BGP as a transport then, is it available to > > the general public? Must be much better than the fubar DNS. Nackts > > thing and we'd be attempting carping on tunnelled over DNS syndrome. > > Years ago I added the pftable keyword to bgpd.conf for this very > reason. Assuming it hasn't bitrotted, it's trivial to use bgpd > to fill a PF table that can be used to block or tarpit spammers.
The default setup with spamd is in greylisting mode, this mode doesn't use a big PF table for blacklist but instead the blacklist-or-greylist decision is done inside spamd itself, the only PF table involved is the (usually much smaller) one containing hosts that have previously made it through greylisting. It is possible to use BGP to distribute addresses for spamd but the usual setup for this involves 'bgpctl sh rib' to write out a file for spamdb to read so it's not realtime. There is another way to use spamd, in blacklist-only mode (-b flag), which does use a PF table to hold the blacklist. In that case I think the table could be populated directly from BGP but I don't know if that combines well with also loading a blacklist via spamd-setup. Additionally for large blacklists this can end up using a bunch of kvm, some people did run into problems with this in the past before spamd changed to using the greylisting mode by default.
