Op Tue, 17 Oct 2017 13:49:45 +0200 schreef Todd C. Miller
<[email protected]>:
When running spamd in greylisting mode, it is not uncommon for an
IP to get whitelisted that later shows up on a spam blacklist.
However, that blacklist entry never takes effect because the IP is
already whitelisted and thus appears in the spamd-white of table,
bypassing spamd.
This is exacerbated by spamlogd which will keep the whitelist entry
updated as long as the IP keeps connecting, which is something
spammers are good at.
The following diff causes spamd to check the blacklists before
adding a WHITE entry to the spamd-white pf table. If the IP matches
a blacklist, the WHITE entry will be removed.
It has helped a lot on the mailing list server which often receives
spam from an IP and passes greylisting before the IP ends up on a
blacklist.
This does means that you cannot simply use "spamdb -a" to temporarily
override a blacklist, but the proper way to override a blacklist
is via a :white: entry in spamd.conf.
Sorry for the late reply, but I recently moved my spamd to a machine that
I *do* upgrade regularly. There is a downside to this feature. You can
no longer use "spamdb -a" to change a TRAPPED entry to WHITE, as spamd
will delete it ("blacklisted, removing from whitelist"). I'd like to
submit a patch to fix this, but there are several approaches possible:
1. In spamdb(8), update spamd's traplist before updating /var/db/spamd.
2. In spamd(8), don't check spamd blacklists in main process if the
address is in the local traplist. If the address is in another blacklist,
it will pick that up in the next loop.
3. In spamd(8), let sdl_check() disregard tag "spamd-greytrap".
4. ???
Which is preferred?
--
Boudewijn Dijkstra
Indes-IDS B.V.
+31 345 545 535
