Spamd
From Hackepedia
Jump to navigationJump to searchThis page is for pf & spamd from the OpenBSD team, not the SpamAssasin version. I had TLS as mandatory in my MTA, so I had to switch that to optional for this to work. Two other options are whitelist yourself initially, or open a submission port (587). This was what I did on FreeBSD 6.0:
rc.conf:
pf_enable="YES" pf_flags="-f /etc/pf.conf" pflog_enable="YES" pfsync_enable="NO" obspamd_enable="YES" obspamlogd_enable="YES"
# I used 5 initially until my whitelists are built, and then maybe I'll go back to the 25 minute default pfspamd_flags="-g -v -G 5:4:864"
pf.conf:
table <spamd> persist table <spamd-white> persist table <spamd-mywhite> persist file "/var/mail/whitelist.txt" rdr pass inet proto tcp from <spamd-white> to $ext_if port \ smtp -> 127.0.0.1 port smtp rdr pass inet proto tcp from <spamd> to $ext_if port \ smtp -> 127.0.0.1 port spamd rdr pass inet proto tcp from !<spamd-mywhite> to $ext_if port \ smtp -> 127.0.0.1 port spamd pass in log inet proto tcp from any to $ext_if port smtp flags S/SA \ synproxy state pass out log inet proto tcp from $ext_if to any port smtp flags S/SA \ synproxy state
# /var/mail/whitelist.txt 127.0.0.1 192.168.1/26
# cat /usr/local/etc/spamd.conf
all:\
:spamhaus:china:korea:whitelist:
spamhaus:\
:black:\
:msg="SPAM. Your address %A is in the Spamhaus Block List\n\
See http://www.spamhaus.org/sbl and\
http://www.abuse.net/sbl.phtml?IP=%A for more details":\
:method=http:\
:file=www.openbsd.org/spamd/SBL.cidr.gz:
spews1:\
:black:\
:msg="SPAM. Your address %A is in the spews level 1 database\n\
See http://www.spews.org/ask.cgi?x=%A for more details":\
:method=http:\
:file=www.openbsd.org/spamd/spews_list_level1.txt.gz:
spews2:\
:black:\
:msg="SPAM. Your address %A is in the spews level 2 database\n\
See http://www.spews.org/ask.cgi?x=%A for more details":\
:method=http:\
:file=www.openbsd.org/spamd/spews_list_level2.txt.gz:
china:\
:black:\
:msg="SPAM. Your address %A appears to be from China\n\
See http://www.okean.com/asianspamblocks.html for more details":\
:method=http:\
:file=www.openbsd.org/spamd/chinacidr.txt.gz:
korea:\
:black:\
:msg="SPAM. Your address %A appears to be from Korea\n\
See http://www.okean.com/asianspamblocks.html for more details":\
:method=http:\
:file=www.openbsd.org/spamd/koreacidr.txt.gz:
whitelist:\
:white:\
:file=/var/mail/whitelist.txt:
relaydb-black:\
:black:\
:msg="SPAM. Your address %A is in my relaydb list.":\
:method=exec:\
:file=relaydb -4lb:
relaydb-white:\
:white:\
:method=exec:\
:file=relaydb -4lw:
# crontab -l 0 * * * * /usr/local/sbin/spamd-setup
# /usr/local/etc/rc.d/obspamlogd start # /usr/local/etc/rc.d/obspamd start # pfctl -f /etc/pf.conf # ps auwx | grep pf root 19406 0.0 0.3 5016 1432 ?? Is 11:07AM 0:00.01 pflogd: [priv] (pflogd) _pflogd 19407 0.0 0.3 5080 1456 ?? S 11:07AM 0:00.09 pflogd: [running] -s 116 -f /var/log/pflog (pflogd) nobody 19428 0.0 1.8 11016 9528 ?? Is 11:08AM 0:00.10 spamd: (pf <spamd-white> update) (spamd) root 19516 0.0 0.4 8400 2176 ?? S 11:20AM 0:00.04 tcpdump -l -n -e -i pflog0 -q -t port 25 and action pass and tcp[13]&0x12
# ps auwx | grep spam nobody 19428 0.0 1.8 11016 9528 ?? Is 11:08AM 0:00.11 spamd: (pf <spamd-white> update) (spamd) nobody 19429 0.0 1.8 11008 9496 ?? I 11:08AM 0:00.09 /usr/local/libexec/spamd -g -v -G 5:4:864 nobody 19431 0.0 1.8 11000 9512 ?? I 11:08AM 0:00.01 spamd: (/var/db/spamd update) (spamd)
All looks good, time to find out.
# spamdb GREY|127.0.0.1|<[email protected]>|<[email protected]>|1172200562|1224040562|1224040562|1|0
Looks like it's working, check back in ahile and see if you have BLACK and WHITE entries.
# tail -f /var/log/spamd
