Quantcast

Spamtrap doesn't work for me

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Spamtrap doesn't work for me

Mik J
Hello,
I'm trying to make spamtrap to work
I added a spamtrap address# spamdb | grep trap
SPAMTRAP|<[hidden email]>

I started spamd with these parametersspamd_flags="-v -s 5 -S 2 -w 1 -G5:12:2400 -l 127.0.0.1 -h mx.mydomain.org -n String"

When I send an email to [hidden email], it's greylisted instead of being trapped
May 17 13:38:16 spamd.mydomain.org spamd[74662]: (GREY) x.x.x.x: <[hidden email]> -> <[hidden email]>That comes from /var/log/spamd# spamdb | grep x.x.x.x
GREY|x.x.x.x|relay2-d.domain.org|<[hidden email]>|<[hidden email]>|1495021096|1495064296|1495064296|1|0

The PF table remains empty# pfctl -t spamd-greytrap -T show
With pf.conf# Table Spamd
table <spamd-greytrap> persist

I read the documentation multiple times but couldn't point out the problem
Thank you

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spamtrap doesn't work for me

Boudewijn Dijkstra-3
Op Wed, 17 May 2017 13:55:58 +0200 schreef Mik J <[hidden email]>:
> Hello,
> I'm trying to make spamtrap to work
> I added a spamtrap address# spamdb | grep trap
> SPAMTRAP|<[hidden email]>

 From spamdb(8):
      If adding or deleting a SPAMTRAP address (-T), keys should be  
specified
      as email addresses:

            [hidden email]


So without angle brackets.



--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spamtrap doesn't work for me

Peter N. M. Hansteen-3
On 05/17/17 16:51, Boudewijn Dijkstra wrote:

> Op Wed, 17 May 2017 13:55:58 +0200 schreef Mik J <[hidden email]>:
>> Hello,
>> I'm trying to make spamtrap to work
>> I added a spamtrap address# spamdb | grep trap
>> SPAMTRAP|<[hidden email]>
>
> From spamdb(8):
>      If adding or deleting a SPAMTRAP address (-T), keys should be
> specified
>      as email addresses:
>
>            [hidden email]
>
>
> So without angle brackets.

It looks like spamdb actually accepts addresses both with and without
angle brackets - I have both kinds in my spamdb:

[Wed May 17 16:56:00] peter@skapet:~/upgrade$ doas spamdb | grep
SPAMTRAP | grep lorgnette
SPAMTRAP|<[hidden email]>
SPAMTRAP|<[hidden email]>
SPAMTRAP|[hidden email]
SPAMTRAP|[hidden email]
SPAMTRAP|[hidden email]

but exactly matching or not) what's in the database could be the problem
here.

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spamtrap doesn't work for me

Mik J
Hello Boudewijn, Peter,
I did a new test (without brackets) and now it seems to work because the IP address is marked as TRAPPED (before it was GREY)
# spamdb | grep x.x.x.x
TRAPPED|x.x.x.x|1495121479

But the spamd-greytrap table remains empty
Peter, do you have any entries when you do pfctl -t spamd-greytrap -T show

Regards
 

    Le Mercredi 17 mai 2017 17h00, Peter N. M. Hansteen <[hidden email]> a écrit :
 

 On 05/17/17 16:51, Boudewijn Dijkstra wrote:

> Op Wed, 17 May 2017 13:55:58 +0200 schreef Mik J <[hidden email]>:
>> Hello,
>> I'm trying to make spamtrap to work
>> I added a spamtrap address# spamdb | grep trap
>> SPAMTRAP|<[hidden email]>
>
> From spamdb(8):
>      If adding or deleting a SPAMTRAP address (-T), keys should be
> specified
>      as email addresses:
>
>            [hidden email]
>
>
> So without angle brackets.

It looks like spamdb actually accepts addresses both with and without
angle brackets - I have both kinds in my spamdb:

[Wed May 17 16:56:00] peter@skapet:~/upgrade$ doas spamdb | grep
SPAMTRAP | grep lorgnette
SPAMTRAP|<[hidden email]>
SPAMTRAP|<[hidden email]>
SPAMTRAP|[hidden email]
SPAMTRAP|[hidden email]
SPAMTRAP|[hidden email]

but exactly matching or not) what's in the database could be the problem
here.

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.



   
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spamtrap doesn't work for me

Peter N. M. Hansteen-3
On 05/17/17 17:34, Mik J wrote:

> I did a new test (without brackets) and now it seems to work because the
> IP address is marked as TRAPPED (before it was GREY)
> # spamdb | grep x.x.x.x
> TRAPPED|x.x.x.x|1495121479

That sounds like the normal and expected behavior, then. Good!

> But the spamd-greytrap table remains empty
> Peter, do you have any entries when you do pfctl -t spamd-greytrap -T show

Actually, I don't have that table at all.

The greytrapping parts uses the database, not tables. The thinking is
roughly that it makes sense to have the whitelisted addresses in a table
(spamd-whitelist) for performance, but performance in response towards
grey or trapped hosts is not needed or expected, so the (possibly)
slower database lookup is considered sufficient.

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spamtrap doesn't work for me

Mik J
Thank you Peter.


> Actually, I don't have that table at all.

> The greytrapping parts uses the database, not tables. The thinking is
> roughly that it makes sense to have the whitelisted addresses in a table
> (spamd-whitelist) for performance, but performance in response towards
> grey or trapped hosts is not needed or expected, so the (possibly)
> slower database lookup is considered sufficient.

I was reading the man spamd
http://man.openbsd.org/spamd

Which was saying

"When a host that is currently greylisted attempts to send mail to a spamtrap address, it is blacklisted for 24 hours by adding the host to the spamd blacklist <spamd-greytrap>. Spamtrap addresses are added to the /var/db/spamd database with the following spamdb(8) command:"

So I'm expecting a spamd-greytrap table



Le Mercredi 17 mai 2017 19h10, Peter N. M. Hansteen <[hidden email]> a écrit :



On 05/17/17 17:34, Mik J wrote:

> I did a new test (without brackets) and now it seems to work because the
> IP address is marked as TRAPPED (before it was GREY)
> # spamdb | grep x.x.x.x
> TRAPPED|x.x.x.x|1495121479

That sounds like the normal and expected behavior, then. Good!

> But the spamd-greytrap table remains empty
> Peter, do you have any entries when you do pfctl -t spamd-greytrap -T show

Actually, I don't have that table at all.

The greytrapping parts uses the database, not tables. The thinking is
roughly that it makes sense to have the whitelisted addresses in a table
(spamd-whitelist) for performance, but performance in response towards
grey or trapped hosts is not needed or expected, so the (possibly)
slower database lookup is considered sufficient.


--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spamtrap doesn't work for me

Boudewijn Dijkstra-3
In reply to this post by Peter N. M. Hansteen-3
Op Wed, 17 May 2017 16:59:27 +0200 schreef Peter N. M. Hansteen  
<[hidden email]>:
> On 05/17/17 16:51, Boudewijn Dijkstra wrote:
>> Op Wed, 17 May 2017 13:55:58 +0200 schreef Mik J <[hidden email]>:
>>> SPAMTRAP|<[hidden email]>
>
> It looks like spamdb actually accepts addresses both with and without
> angle brackets -

It accepts anything that has contains an '@'.




--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spamtrap doesn't work for me

Peter N. M. Hansteen-3
In reply to this post by Mik J
On Thu, May 18, 2017 at 06:09:19AM +0000, Mik J wrote:
> I was reading the man spamd
> http://man.openbsd.org/spamd
>
> Which was saying
>
> "When a host that is currently greylisted attempts to send mail to a spamtrap address, it is blacklisted for 24 hours by adding the host to the spamd blacklist <spamd-greytrap>. Spamtrap addresses are added to the /var/db/spamd database with the following spamdb(8) command:"
>
> So I'm expecting a spamd-greytrap table

That does sound like we should look into rephrasing that bit of the man page.

I'll see if I can come up with suitable wording unless somebody beats me to it.

- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spamtrap doesn't work for me

Boudewijn Dijkstra-3
Op Thu, 18 May 2017 10:23:40 +0200 schreef Peter N. M. Hansteen  
<[hidden email]>:

> On Thu, May 18, 2017 at 06:09:19AM +0000, Mik J wrote:
>> I was reading the man spamd
>> http://man.openbsd.org/spamd
>>
>> Which was saying
>>
>> "When a host that is currently greylisted attempts to send mail to a  
>> spamtrap address, it is blacklisted for 24 hours by adding the host to  
>> the spamd blacklist <spamd-greytrap>. Spamtrap addresses are added to  
>> the /var/db/spamd database with the following spamdb(8) command:"
>>
>> So I'm expecting a spamd-greytrap table
>
> That does sound like we should look into rephrasing that bit of the man  
> page.
>
> I'll see if I can come up with suitable wording unless somebody beats me  
> to it.

Every time a pf table is mentioned, it says "pf table" or "table" with the  
name of the table in angle brackets.  In this case it doesn't say "table"  
but "list", but perhaps the name could be between quotes.

--- libexec/spamd/spamd.8       16 Mar 2017 15:16:21 -0000      1.133
+++ libexec/spamd/spamd.8       19 May 2017 07:43:41 -0000
@@ -385,7 +385,7 @@ spamtrap address,
  it is blacklisted for 24 hours by adding the host to the
  .Nm
  blacklist
-<spamd-greytrap>.
+'spamd-greytrap'.
  Spamtrap addresses are added to the
  .Pa /var/db/spamd
  database with the following


--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spamtrap doesn't work for me

Mik J
Hello,I would say "to a spamd blacklist called spamd-greytrap"
It seems that spamd-greytrap is a list such as my other blacklist"spamd[74662]: x.x.x.1: disconnected after 1885 seconds. lists: spamd-greytrap blackliste"
Thank you for you help
 

    Le Vendredi 19 mai 2017 9h49, Boudewijn Dijkstra <[hidden email]> a écrit :
 

 Op Thu, 18 May 2017 10:23:40 +0200 schreef Peter N. M. Hansteen 
<[hidden email]>:

> On Thu, May 18, 2017 at 06:09:19AM +0000, Mik J wrote:
>> I was reading the man spamd
>> http://man.openbsd.org/spamd
>>
>> Which was saying
>>
>> "When a host that is currently greylisted attempts to send mail to a 
>> spamtrap address, it is blacklisted for 24 hours by adding the host to 
>> the spamd blacklist <spamd-greytrap>. Spamtrap addresses are added to 
>> the /var/db/spamd database with the following spamdb(8) command:"
>>
>> So I'm expecting a spamd-greytrap table
>
> That does sound like we should look into rephrasing that bit of the man 
> page.
>
> I'll see if I can come up with suitable wording unless somebody beats me 
> to it.

Every time a pf table is mentioned, it says "pf table" or "table" with the 
name of the table in angle brackets.  In this case it doesn't say "table" 
but "list", but perhaps the name could be between quotes.

--- libexec/spamd/spamd.8      16 Mar 2017 15:16:21 -0000      1.133
+++ libexec/spamd/spamd.8      19 May 2017 07:43:41 -0000
@@ -385,7 +385,7 @@ spamtrap address,
  it is blacklisted for 24 hours by adding the host to the
  .Nm
  blacklist
-<spamd-greytrap>.
+'spamd-greytrap'.
  Spamtrap addresses are added to the
  .Pa /var/db/spamd
  database with the following


--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/



   
Loading...