stuck on spamd

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

stuck on spamd

Hasse Hansson-3
Hello list

I have a problem with spamd. It just don't seem to grey list or block,
or do anything else either. I can receive and send mail as usual.

First I had spamlogd_flags="" in my rc.conf local, but then it immediatly
whitelisted every conection on port 25, even the spammer I try to tarpit,
so after some "googling" I changed it to spamlogd_flags="-I -i lo0"
but now it don't seem to do anything useful at all, just pass traffic.
"spamdb | sort" shows nothing. It's empty, and so is "smtp# pfctl -t spamd-white -T show"

The spammer I try to tarpit is showing up in the maillog with IP-address 158.69.204.241
which also added to the file /etc/mail/spammers.txt
 
Below are som info on my setup and some logfiles.

------------------------
smtp# uname -a
OpenBSD smtp.bara1.se 6.3 GENERIC.MP#0 amd64
-------------------------

smtp# cat /etc/rc.conf.local
pkg_scripts=postfix dovecot saslauthd dbus_daemon avahi_daemon messagebus
smtpd_flags=NO
spamd_black=NO
spamd_flags="-v -G 2:4:864"
spamlogd_flags="-I -i lo0"
unbound_flags=
---------------------------

smtp# cat /etc/pf.conf
ext_if = "em0"
int_if = "fxp0"
localnet = $int_if:network
tcp_services = "{ domain, ntp, imap, imaps, pop3, pop3s }"
mail_services = "{ smtp, smtps, submission }"
udp_services = "{ domain, ntp }"
icmp_types = "echoreq"

table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16     \
                   172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
                   192.168.0.0/16 198.18.0.0/15 198.51.100.0/24        \
                   203.0.113.0/24 }

table <bruteforce> persist
table <abusers> persist file "/etc/abusers"
table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"

set block-policy drop
set loginterface egress
set skip on lo0

match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)

antispoof quick for { egress $ext_if int_if }

#pass in on egress inet proto tcp from any to any port smtp divert-to 127.0.0.1 port spamd
pass in on egress inet proto tcp from any to any port $mail_services divert-to 127.0.0.1 port spamd
pass in on egress proto tcp from <nospamd> to any port smtp
pass in log on egress proto tcp from <spamd-white> to any port smtp
pass out log on egress proto tcp to any port smtp

block in quick on egress from <martians> to any
block return out quick on egress from any to <martians>

block in quick log on egress from <abusers> to any label "abusers"

block all
pass out quick inet

pass in on { $ext_if } inet

pass log quick proto tcp from any to (egress) port ssh flags S/SA keep state (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush global)
pass log quick proto tcp from any to (egress) port $tcp_services flags S/SA keep state (max-src-conn 50, max-src-conn-rate 15/5, overload <bruteforce> flush global)
pass log quick proto tcp from any to (egress) port $mail_services flags S/SA keep state (max-src-conn 50, max-src-conn-rate 25/5, overload <bruteforce> flush global)

# pass in on egress inet proto tcp from any to (egress) port { 80 443 } rdr-to 192.168.1.2

pass inet proto tcp from { self, $localnet }

pass quick inet proto tcp to port $tcp_services keep state
pass quick inet proto tcp to port $mail_services keep state

pass quick inet proto udp to port $udp_services keep state
pass out on $ext_if inet proto udp to port 33433 >< 33626
pass inet proto icmp all icmp-type $icmp_types
--------------------------------------------

smtp# cat /etc/mail/spamd.conf
all:\
        :nixspam:

# Nixspam recent sources list.
# Mirrored from http://www.heise.de/ix/nixspam
nixspam:\
        :black:\
        :msg="Your address %A is in the nixspam list\n\
        See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
        :method=http:\
        :file=www.openbsd.org/spamd/nixspam.gz

ymer:\
        :black:\
        :msg="SPAM.  All spmmers get reported !
        :method=file:\
        :file=/etc/mail/spammers.txt
-------------------------------------

smtp# ps -aux | grep "_spamd"
_spamd   69313  0.0  0.0  9708  1552 ??  Ssp    4:13PM    0:00.07 spamd: (pf <spamd-white> update) (spamd)
_spamd   98521  0.0  0.1  9892  4880 ??  Sp     4:13PM    0:00.03 spamd: [priv] (greylist) (spamd)
_spamd   73091  0.0  0.0  9652  1096 ??  Ip     4:13PM    0:00.00 spamd: (/var/db/spamd update) (spamd)
_spamd   45365  0.0  0.0   592  1180 ??  Ssp    4:13PM    0:00.07 /usr/libexec/spamlogd -I -i lo0
-------------------------------------

smtp# cat /var/log/spamd
Jun 11 12:10:33 smtp spamd[5122]: listening for incoming connections.
Jun 11 13:08:43 smtp spamd[83538]: listening for incoming connections.
Jun 11 13:17:57 smtp spamd[19498]: listening for incoming connections.
Jun 11 14:12:33 smtp spamd[56085]: listening for incoming connections.
Jun 11 15:01:20 smtp spamd[98811]: listening for incoming connections.
Jun 11 15:12:08 smtp spamd[93875]: listening for incoming connections.
Jun 11 16:07:36 smtp spamd[24550]: listening for incoming connections.
Jun 11 16:13:30 smtp spamd[98521]: listening for incoming connections.
Jun 11 19:39:54 smtp spamd[99504]: listening for incoming connections.
Jun 11 19:58:41 smtp spamd[60588]: listening for incoming connections.
--------------------------------------

smtp$ sudo tail -f /var/log/maillog
Jun 11 19:49:54 smtp postfix/anvil[24693]: statistics: max cache size 1 at Jun 11 19:43:21
Jun 11 19:56:34 smtp postfix/smtpd[16856]: connect from 241.ip-158-69-204.net[158.69.204.241]
Jun 11 19:56:35 smtp postfix/smtpd[16856]: NOQUEUE: reject: RCPT from 241.ip-158-69-204.net[158.69.204.241]: 454 4.7.1 <[hidden email]>: Relay access denied; from=<bounce-admin=[hidden email]> to=<[hidden email]> proto=ESMTP helo=<newsletters.hitupcake.eu>
Jun 11 19:56:55 smtp postfix/smtpd[16856]: disconnect from 241.ip-158-69-204.net[158.69.204.241] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
Jun 11 19:57:47 smtp dovecot: master: Warning: Killed with signal 15 (by pid=0 uid=0 code=kill)
Jun 11 19:57:48 smtp postfix/postfix-script[48101]: stopping the Postfix mail system
Jun 11 19:57:48 smtp postfix/master[33424]: terminating on signal 15
Jun 11 19:58:42 smtp postfix/postfix-script[219]: starting the Postfix mail system
Jun 11 19:58:42 smtp postfix/master[62660]: daemon started -- version 3.3.0, configuration /etc/postfix
Jun 11 19:58:42 smtp dovecot: master: Dovecot v2.2.34 (874deae) starting up for imap, pop3, lmtp
Jun 11 20:06:56 smtp postfix/smtpd[97276]: connect from 241.ip-158-69-204.net[158.69.204.241]
Jun 11 20:06:56 smtp postfix/smtpd[97276]: NOQUEUE: reject: RCPT from 241.ip-158-69-204.net[158.69.204.241]: 454 4.7.1 <[hidden email]>: Relay access denied; from=<bounce-admin=[hidden email]> to=<[hidden email]> proto=ESMTP helo=<newsletters.hitupcake.eu>
Jun 11 20:07:01 smtp postfix/smtpd[44122]: connect from ns3116588.ip-91-121-119.eu[91.121.119.198]
Jun 11 20:07:17 smtp postfix/smtpd[97276]: disconnect from 241.ip-158-69-204.net[158.69.204.241] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
Jun 11 20:07:21 smtp postfix/smtpd[44122]: disconnect from ns3116588.ip-91-121-119.eu[91.121.119.198] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 11 20:10:41 smtp postfix/anvil[34336]: statistics: max connection rate 1/60s for (smtp:158.69.204.241) at Jun 11 20:06:56
Jun 11 20:10:41 smtp postfix/anvil[34336]: statistics: max connection count 1 for (smtp:158.69.204.241) at Jun 11 20:06:56
Jun 11 20:10:41 smtp postfix/anvil[34336]: statistics: max cache size 2 at Jun 11 20:07:01
Jun 11 20:17:16 smtp postfix/smtpd[24149]: connect from 241.ip-158-69-204.net[158.69.204.241]
Jun 11 20:17:17 smtp postfix/smtpd[24149]: NOQUEUE: reject: RCPT from 241.ip-158-69-204.net[158.69.204.241]: 454 4.7.1 <[hidden email]>: Relay access denied; from=<bounce-admin=[hidden email]> to=<[hidden email]> proto=ESMTP helo=<newsletters.hitupcake.eu>
Jun 11 20:17:37 smtp postfix/smtpd[24149]: disconnect from 241.ip-158-69-204.net[158.69.204.241] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

Reply | Threaded
Open this post in threaded view
|

Re: stuck on spamd

Craig Skinner-3
Hi Hasse,

I see a few problems:

On Mon, 11 Jun 2018 20:36:12 +0200 Hasse Hansson wrote:
> smtp# cat /etc/rc.conf.local
> ...
> spamlogd_flags="-I -i lo0"

I'd remove the localhost interface then restart spamlogd.


> smtp# cat /etc/pf.conf
> ext_if = "em0"
> ...
> ....
>
> pass in log on egress proto tcp from <spamd-white> to any port smtp

This line follows spamd's man page, i.e. you log incoming traffic on
the egress interface (em0) for spamlogd - correct. But you have
configured spamlogd to listen on lo0 in /etc/rc.conf.local - no match.


> ....
> ...
> block all


The block rules need to be above the pass rules, otherwise their
matched traffic is blocked. Move all the block rules up above the pass
rules and reload.


> smtp# cat /etc/mail/spamd.conf
> ....
> ...
> :msg="SPAM.  All spmmers get reported !


This line is not closed. It needs ":\

Then restart spamd to invoke spamd-setup.

Cheers,
--
Craig Skinner | http://linkd.in/yGqkv7

Reply | Threaded
Open this post in threaded view
|

Re: stuck on spamd

Hasse Hansson-3
Hello and thank you for your answer.
I've adjusted my settings according to your advice, but now it looks like
it just directly whitelist every connection without greylisting.

smtp$ sudo spamdb | sort
WHITE|104.47.1.210|||1528919648|1528919648|1532030048|1|0
WHITE|104.47.6.201|||1528919611|1528919611|1532030011|1|0
WHITE|185.234.216.189|||1528917936|1528917936|1532029991|1|3
WHITE|185.234.216.204|||1528919598|1528919598|1532029998|1|0
WHITE|209.85.213.46|||1528918933|1528918933|1532029333|1|0
WHITE|209.85.213.53|||1528918873|1528918873|1532029273|1|0
WHITE|40.92.67.106|||1528918696|1528918696|1532029096|1|0
WHITE|40.92.68.98|||1528918725|1528918725|1532029125|1|0
WHITE|59.70.207.21|||1528918455|1528918455|1532028855|1|0
WHITE|91.121.119.198|||1528919326|1528919326|1532029726|1|0
WHITE|91.136.10.81|||1528919583|1528919583|1532029983|1|0

This is how my files look like now. spamd.conf is the original one.
 
smtp$ sudo cat /etc/rc.conf.local
httpd_flags=
pkg_scripts=postfix dovecot saslauthd dbus_daemon avahi_daemon messagebus mysqld php70_fpm
smtpd_flags=NO
unbound_flags=
spamd_flags="-v -G 2:4:864"
spamd_grey=YES
spamlogd_flags="-I"
-----------------------------
smtp$ sudo cat /etc/pf.conf
ext_if = "em0"
int_if = "fxp0"
localnet = $int_if:network
tcp_services = "{ domain, ntp, imap, imaps, pop3, pop3s }"
mail_services = "{ smtp, smtps, submission }"
udp_services = "{ domain, ntp }"
icmp_types = "echoreq"

table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16     \
                   172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
                   192.168.0.0/16 198.18.0.0/15 198.51.100.0/24        \
                   203.0.113.0/24 }

table <bruteforce> persist
table <abusers> persist file "/etc/abusers"
table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"

set block-policy drop
set loginterface egress
set skip on lo0

match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)

antispoof quick for { egress $ext_if int_if }

block in quick on egress from <martians> to any
block return out quick on egress from any to <martians>

block in quick log on egress from <abusers> to any label "abusers"

block all
pass out quick inet

pass in on egress inet proto tcp from any to any port smtp \
    divert-to 127.0.0.1 port spamd
pass in on egress proto tcp from <nospamd> to any port smtp
pass in log on egress proto tcp from <spamd-white> to any port smtp
pass out log on egress proto tcp to any port smtp

pass in on { $ext_if } inet

pass log quick proto tcp from any to (egress) port ssh flags S/SA keep state \
        (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush global)

pass log quick proto tcp from any to (egress) port $tcp_services flags S/SA keep state \
        (max-src-conn 50, max-src-conn-rate 15/5, overload <bruteforce> flush global)

pass log quick proto tcp from any to (egress) port $mail_services flags S/SA keep state \
        (max-src-conn 50, max-src-conn-rate 25/5, overload <bruteforce> flush global)

pass in on egress inet proto tcp from any to (egress) port { 80 443 }

pass inet proto tcp from { self, $localnet }

pass quick inet proto tcp to port $tcp_services keep state
pass quick inet proto tcp to port $mail_services keep state

pass quick inet proto udp to port $udp_services keep state
pass out on $ext_if inet proto udp to port 33433 >< 33626
pass inet proto icmp all icmp-type $icmp_types

Reply | Threaded
Open this post in threaded view
|

Re: stuck on spamd

Tony Boston
Am Mittwoch, den 13.06.2018, 22:05 +0200 schrieb Hasse Hansson:

> Hello and thank you for your answer.
> I've adjusted my settings according to your advice, but now it looks
> like
> it just directly whitelist every connection without greylisting.
>
> smtp$ sudo spamdb | sort
> WHITE|104.47.1.210|||1528919648|1528919648|1532030048|1|0
> WHITE|104.47.6.201|||1528919611|1528919611|1532030011|1|0
> WHITE|185.234.216.189|||1528917936|1528917936|1532029991|1|3
> WHITE|185.234.216.204|||1528919598|1528919598|1532029998|1|0
> WHITE|209.85.213.46|||1528918933|1528918933|1532029333|1|0
> WHITE|209.85.213.53|||1528918873|1528918873|1532029273|1|0
> WHITE|40.92.67.106|||1528918696|1528918696|1532029096|1|0
> WHITE|40.92.68.98|||1528918725|1528918725|1532029125|1|0
> WHITE|59.70.207.21|||1528918455|1528918455|1532028855|1|0
> WHITE|91.121.119.198|||1528919326|1528919326|1532029726|1|0
> WHITE|91.136.10.81|||1528919583|1528919583|1532029983|1|0
>
> This is how my files look like now. spamd.conf is the original one.
>  
> smtp$ sudo cat /etc/rc.conf.local
> httpd_flags=
> pkg_scripts=postfix dovecot saslauthd dbus_daemon avahi_daemon
> messagebus mysqld php70_fpm
> smtpd_flags=NO
> unbound_flags=
> spamd_flags="-v -G 2:4:864"
> spamd_grey=YES
> spamlogd_flags="-I"
> -----------------------------
> smtp$ sudo cat /etc/pf.conf
> ext_if = "em0"
> int_if = "fxp0"
> localnet = $int_if:network
> tcp_services = "{ domain, ntp, imap, imaps, pop3, pop3s }"
> mail_services = "{ smtp, smtps, submission }"
> udp_services = "{ domain, ntp }"
> icmp_types = "echoreq"
>
> table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8
> 169.254.0.0/16     \
>                    172.16.0.0/12 192.0.0.0/24 192.0.2.0/24
> 224.0.0.0/3 \
>                    192.168.0.0/16 198.18.0.0/15
> 198.51.100.0/24        \
>                    203.0.113.0/24 }
>
> table <bruteforce> persist
> table <abusers> persist file "/etc/abusers"
> table <spamd-white> persist
> table <nospamd> persist file "/etc/mail/nospamd"
>
> set block-policy drop
> set loginterface egress
> set skip on lo0
>
> match in all scrub (no-df random-id max-mss 1440)
> match out on egress inet from !(egress:network) to any nat-to
> (egress:0)
>
> antispoof quick for { egress $ext_if int_if }
>
> block in quick on egress from <martians> to any
> block return out quick on egress from any to <martians>
>
> block in quick log on egress from <abusers> to any label "abusers"
>
> block all
> pass out quick inet
>
> pass in on egress inet proto tcp from any to any port smtp \
>     divert-to 127.0.0.1 port spamd
> pass in on egress proto tcp from <nospamd> to any port smtp
> pass in log on egress proto tcp from <spamd-white> to any port smtp
> pass out log on egress proto tcp to any port smtp
>
> pass in on { $ext_if } inet
>
> pass log quick proto tcp from any to (egress) port ssh flags S/SA
> keep state \
>         (max-src-conn 15, max-src-conn-rate 5/3, overload
> <bruteforce> flush global)
>
> pass log quick proto tcp from any to (egress) port $tcp_services
> flags S/SA keep state \
>         (max-src-conn 50, max-src-conn-rate 15/5, overload
> <bruteforce> flush global)
>
> pass log quick proto tcp from any to (egress) port $mail_services
> flags S/SA keep state \
>         (max-src-conn 50, max-src-conn-rate 25/5, overload
> <bruteforce> flush global)
>
> pass in on egress inet proto tcp from any to (egress) port { 80 443 }
>
> pass inet proto tcp from { self, $localnet }
>
> pass quick inet proto tcp to port $tcp_services keep state
> pass quick inet proto tcp to port $mail_services keep state
>
> pass quick inet proto udp to port $udp_services keep state
> pass out on $ext_if inet proto udp to port 33433 >< 33626
> pass inet proto icmp all icmp-type $icmp_types
>
As far as my knowledge goes, since you say 'pass out quick inet' early
on in the ruleset, the other 'pass out rules' don't get a chance to be
triggered. Also, quick only makes sense if you put them at first, not
somewhere at the end of your ruleset.

--
Tony
 
GPG-FP: 913BBD25 8DA503C7 BAE0C0B6 8995E906 4FBAD580
Threema: DN8PJX4Z
XMPP: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: stuck on spamd (SOLVED)

Hasse Hansson-3
Thank you for your answer.
I made some adjustments to my pf.conf according to your advice,
and now it's working as I expected.

smtp$ cat spamd

Jun 14 11:30:39 smtp spamd[12751]: 185.234.216.204: disconnected after 12 seconds.
Jun 14 11:30:46 smtp spamd[12751]: 91.121.119.198: connected (1/0)
Jun 14 11:30:49 smtp spamd[12751]: 91.121.119.198: disconnected after 3 seconds.
Jun 14 11:33:06 smtp spamd[12751]: 185.234.216.189: connected (1/0)
Jun 14 11:33:18 smtp spamd[12751]: 185.234.216.189: disconnected after 12 seconds.
Jun 14 11:35:36 smtp spamd[12751]: 8.8.178.116: connected (1/0)
Jun 14 11:35:48 smtp spamd[12751]: (GREY) 8.8.178.116: <[hidden email]> -> <[hidden email]>
Jun 14 11:35:48 smtp spamd[12751]: 8.8.178.116: disconnected after 12 seconds.
Jun 14 11:41:38 smtp spamd[12751]: 8.8.178.116: connected (1/0)
Jun 14 11:41:49 smtp spamd[12751]: (GREY) 8.8.178.116: <[hidden email]> -> <[hidden email]>
Jun 14 11:41:50 smtp spamd[12751]: 8.8.178.116: disconnected after 12 seconds.
Jun 14 11:42:16 smtp spamd[12751]: 185.234.216.189: connected (1/0)
Jun 14 11:42:27 smtp spamd[12751]: 185.234.216.189: disconnected after 11 seconds.
------------------

$sudo spamdb | sort
GREY|91.136.10.242|mail37c50.megamailservers.eu|<[hidden email]>|<[hidden email]>|1528971077|1528985477|1528985477|1|0
GREY|91.136.10.246|mail56c50.megamailservers.eu|<<[hidden email]>|<[hidden email]>|1528971015|1528985415|1528985415|1|0
GREY|91.136.10.248|mail56c50.megamailservers.eu|<[hidden email]>|<[hidden email]>|1528970741|1528971075|1528985141|2|0
WHITE|209.85.213.47|||1528970463|1528970663|1532081115|2|0
WHITE|8.8.178.116|||1528968948|1528969309|1532080298|2|1
WHITE|91.136.10.240|||1528970713|1528971017|1532081475|2|0
WHITE|91.136.10.248|||1528970741|1528971075|1532081535|2|0

------------------------------------------------------

localnet = $int_if:network
tcp_services = "{ domain, ntp, imap, imaps, pop3, pop3s }"
#mail_services = "{ smtp, smtps, submission }"
mail_services = "{ smtps, submission }"
udp_services = "{ domain, ntp }"
icmp_types = "echoreq"

table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16     \
                   172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
                   192.168.0.0/16 198.18.0.0/15 198.51.100.0/24        \
                   203.0.113.0/24 }

table <bruteforce> persist
table <abusers> persist file "/etc/abusers"
table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"

set block-policy drop
set loginterface egress
set skip on lo0

match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)

antispoof quick for { egress $ext_if int_if }

block in quick on egress from <martians> to any
block return out quick on egress from any to <martians>

block in quick log on egress from <abusers> to any label "abusers"

block all
#pass out quick inet

pass in on egress inet proto tcp from any to any port smtp \
        divert-to 127.0.0.1 port spamd
pass in on egress proto tcp from <nospamd> to any port smtp
pass in log on egress proto tcp from <spamd-white> to any port smtp
pass out log on egress proto tcp to any port smtp

#pass in on { $ext_if } inet

pass log quick proto tcp from any to (egress) port ssh flags S/SA keep state \
        (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush global)

pass log quick proto tcp from any to (egress) port $tcp_services flags S/SA keep state \
        (max-src-conn 50, max-src-conn-rate 15/5, overload <bruteforce> flush global)

pass log quick proto tcp from any to (egress) port $mail_services flags S/SA keep state \
        (max-src-conn 50, max-src-conn-rate 25/5, overload <bruteforce> flush global)

pass in on egress inet proto tcp from any to (egress) port { 80 443 }

pass inet proto tcp from { self, $localnet }

pass log inet proto tcp to port $tcp_services keep state
pass log inet proto tcp to port $mail_services keep state

pass quick inet proto udp to port $udp_services keep state
pass out on $ext_if inet proto udp to port 33433 >< 33626
pass inet proto icmp all icmp-type $icmp_types

Reply | Threaded
Open this post in threaded view
|

Re: stuck on spamd

Craig Skinner-3
In reply to this post by Hasse Hansson-3
Hej hej Hasse,

On Wed, 13 Jun 2018 22:05:29 +0200 Hasse Hansson wrote:
> I've adjusted my settings according to your advice, but now it looks
> like it just directly whitelist every connection without greylisting.
>
> .....
> ....
> ...
>
> This is how my files look like now. spamd.conf is the original one.

Your spamd.conf file was missing a line terminator. Double quotes are
opened, but not closed. Could this confuse spamd? Fix & restart spamd.

Next, check your syslogs for spamd, spamlogd & spamd-setup activity.

If that doesn't provide the answer, try removing all quick words from
pf.conf. Block everything, then progressively pass traffic down the
file. Reload your new rules & check spam* syslog entries.

Cheers,
--
Craig Skinner | http://linkd.in/yGqkv7

Reply | Threaded
Open this post in threaded view
|

Re: stuck on spamd (SOLVED)

Hasse Hansson-3
On Thu, Jun 14, 2018 at 11:42:12AM +0100, Craig Skinner wrote:

> Hej hej Hasse,
>
> On Wed, 13 Jun 2018 22:05:29 +0200 Hasse Hansson wrote:
> > I've adjusted my settings according to your advice, but now it looks
> > like it just directly whitelist every connection without greylisting.
> >
> > .....
> > ....
> > ...
> >
> > This is how my files look like now. spamd.conf is the original one.
>
> Your spamd.conf file was missing a line terminator. Double quotes are
> opened, but not closed. Could this confuse spamd? Fix & restart spamd.
>
> Next, check your syslogs for spamd, spamlogd & spamd-setup activity.
>
> If that doesn't provide the answer, try removing all quick words from
> pf.conf. Block everything, then progressively pass traffic down the
> file. Reload your new rules & check spam* syslog entries.
>
> Cheers,
> --
> Craig Skinner | http://linkd.in/yGqkv7
>
Hello and thank you for answering.
Yes, the problem was with my pf.conf :-)
after adjusting the rules, and using the original spamd.conf,
it's now working as I expected.
TY for all help.
/Hasse