Spamd

This page is for pf & spamd from the OpenBSD team, not the SpamAssasin version. I had TLS as mandatory in my MTA, so I had to switch that to optional for this to work. Two other options are whitelist yourself initially, or open a submission port (587). This was what I did on FreeBSD 6.0:

rc.conf: pf_enable="YES" pf_flags="-f /etc/pf.conf" pflog_enable="YES" pfsync_enable="NO" obspamd_enable="YES" obspamlogd_enable="YES"

pfspamd_flags="-g -v -G 5:4:864"
 * 1) I used 5 initially until my whitelists are built, and then maybe I'll go back to the 25 minute default

pf.conf: table persist table  persist table  persist file "/var/mail/whitelist.txt" rdr pass inet proto tcp from  to $ext_if port \ smtp -> 127.0.0.1 port smtp rdr pass inet proto tcp from to $ext_if port \ smtp -> 127.0.0.1 port spamd rdr pass inet proto tcp from ! to $ext_if port \ smtp -> 127.0.0.1 port spamd pass in log inet proto tcp from any to $ext_if port smtp flags S/SA \ synproxy state pass out log inet proto tcp from $ext_if to any port smtp flags S/SA \ synproxy state

127.0.0.1 192.168.1/26
 * 1) /var/mail/whitelist.txt

all:\ :spamhaus:china:korea:whitelist: spamhaus:\ :black:\ :msg="SPAM. Your address %A is in the Spamhaus Block List\n\       See http://www.spamhaus.org/sbl and\        http://www.abuse.net/sbl.phtml?IP=%A for more details":\ :method=http:\ :file=www.openbsd.org/spamd/SBL.cidr.gz: spews1:\ :black:\ :msg="SPAM. Your address %A is in the spews level 1 database\n\       See http://www.spews.org/ask.cgi?x=%A for more details":\ :method=http:\ :file=www.openbsd.org/spamd/spews_list_level1.txt.gz: spews2:\ :black:\ :msg="SPAM. Your address %A is in the spews level 2 database\n\       See http://www.spews.org/ask.cgi?x=%A for more details":\ :method=http:\ :file=www.openbsd.org/spamd/spews_list_level2.txt.gz: china:\ :black:\ :msg="SPAM. Your address %A appears to be from China\n\       See http://www.okean.com/asianspamblocks.html for more details":\ :method=http:\ :file=www.openbsd.org/spamd/chinacidr.txt.gz: korea:\ :black:\ :msg="SPAM. Your address %A appears to be from Korea\n\       See http://www.okean.com/asianspamblocks.html for more details":\ :method=http:\ :file=www.openbsd.org/spamd/koreacidr.txt.gz: whitelist:\ :white:\ :file=/var/mail/whitelist.txt: relaydb-black:\ :black:\ :msg="SPAM. Your address %A is in my relaydb list.":\ :method=exec:\ :file=relaydb -4lb: relaydb-white:\ :white:\ :method=exec:\ :file=relaydb -4lw:
 * 1) cat /usr/local/etc/spamd.conf

0 * * * * /usr/local/sbin/spamd-setup
 * 1) crontab -l

root         19406  0.0  0.3  5016  1432  ?? Is  11:07AM   0:00.01 pflogd: [priv] (pflogd) _pflogd      19407  0.0  0.3  5080  1456  ?? S   11:07AM   0:00.09 pflogd: [running] -s 116 -f /var/log/pflog (pflogd) nobody       19428  0.0  1.8 11016  9528  ?? Is  11:08AM   0:00.10 spamd: (pf  update) (spamd) root         19516  0.0  0.4  8400  2176  ?? S   11:20AM   0:00.04 tcpdump -l -n -e -i pflog0 -q -t port 25 and action pass and tcp[13]&0x12
 * 1) /usr/local/etc/rc.d/obspamlogd start
 * 2) /usr/local/etc/rc.d/obspamd start
 * 3) pfctl -f /etc/pf.conf
 * 1) ps auwx | grep pf

nobody       19428  0.0  1.8 11016  9528  ?? Is  11:08AM   0:00.11 spamd: (pf  update) (spamd) nobody       19429  0.0  1.8 11008  9496  ?? I   11:08AM   0:00.09 /usr/local/libexec/spamd -g -v -G 5:4:864 nobody       19431  0.0  1.8 11000  9512  ?? I   11:08AM   0:00.01 spamd: (/var/db/spamd update) (spamd)
 * 1) ps auwx | grep spam

All looks good, time to find out.

GREY|127.0.0.1|||1172200562|1224040562|1224040562|1|0
 * 1) spamdb

Looks like it's working, check back in ahile and see if you have BLACK and WHITE entries.


 * 1) tail -f /var/log/spamd