[Greylist-users] startup failure due to spamd whitelist file

Graham Toal gtoal at gtoal.com
Wed Oct 12 08:59:40 PDT 2005


Any sys admin with a good few machines to manage knows
the importance of being able to bring the machines up in
any order, eg after a power outage.  Quite a few years ago
the default configs of several unix systems were such that
if you did not have, for example, your DNS server running,
then you could not bring the system up properly.  And your
DNS server would depend on your NFS server and so on.

So it was a nightmare and we all changed our startup scripts
to remove dependencies between systems, so that things
would sort themselves out after everything was back up...

I discovered today that the default spamd configuration
of pf loads /etc/whitelist.txt, and that file contains
4 AOL addresses by name rather than by number.  If you do
not have DNS up at this point (maybe you rebooted during
an internet outage?  Or you are coming back after a
power outage and your router hasn't rebooted yet, for
example) then pf fails entirely and does not load your
firewall rules, so your machine is hosed.

Simple solution, comment out those AOL IPs and/or replace
them with the numeric equivalents.

Less simple solution, talk to the pf maintainers and see
if there's a way to not fail if a DNS lookup fails.

G



More information about the Greylist-users mailing list