[Greylist-users] spamd question

Graham Toal gtoal at gtoal.com
Wed Oct 12 13:14:27 PDT 2005 

Again I was in too much of a hurry to post :-(

This is still not quite right: if a host is in
<whitelist> - but is also in <spamd> - the whitelist
table should take priority.  However because I moved
the rule from the rdr section to the pass section,
the <spamd> rdr comes first and takes precedence
over the pass quick.

If I move the rule back up to the rdr section, I'm
forced to hard-code the IP address of the target mailer
which I also do not want to do.


Graham

######### pf.conf

ext_if="xl0"
int_if="fxp1"

table <spamd> persist file "/etc/spammers.txt"
table <spamd-white> persist
table <whitelist> persist file "/etc/whitelist.txt"

scrub in

#                 spamd redirection tests

# not yet whitelisted but already seen once?  send them to spamd
# which will move them to the spamd-white list (but unfortunately
# will also reject the connection an unnecessary extra time)
# (Note: DO NOT use "pass" in these rules or they will break)
rdr on $ext_if \
	inet \
	proto tcp \
	from <spamd> \
	to any \
	port smtp -> 127.0.0.1 port spamd

# not whitelisted, spamd will add them to the database:
# (We know they were not in spamd at this point)
# If spamd finds them in /etc/blacklist.txt, it will also tarpit them.
rdr on $ext_if \
	inet \
	proto tcp \
	from !<spamd-white> \
	to any \
	port smtp -> 127.0.0.1 port spamd

# bypass tests, for whitelisted IPs:
# unfortunately this executes after the rdr's above.  Would prefer it
# to come first so that the whitelist works correctly even if the IP
# is in the <spamd> table.
pass in quick on $ext_if \
	inet \
	proto tcp \
	from <whitelist> \
	to port smtp

# Default case: Allowed connections go through untouched:
# (actually "from <spamd-white>" below may be redundant and
# could probably be removed, or replaced with "from any")
pass in quick on $ext_if \
	inet \
	proto tcp \
	from <spamd-white> \
	to port smtp


pass in on $ext_if \
	route-to lo0 \
	inet \
	proto tcp \
	from any \
	to 127.0.0.1 \
	port spamd

pass out quick on $ext_if \
	inet \
	proto tcp \
	from $ext_if \
	to any \
	port smtp \
	flags S/SA \
	keep state

pass out quick on $int_if \
	inet \
	proto tcp \
	from $int_if \
	to any \
	port smtp \
	flags S/SA \
	keep state

pass out keep state

pass quick on { lo $int_if }

antispoof quick for { lo $int_if }

More information about the Greylist-users mailing list