ports/97579: [patch] ports mail/spamd to reflect the public hostname in helo dialog

Olli Hauer ohauer at gmx.de
Sun May 21 21:40:14 UTC 2006

>Number:         97579
>Category:       ports
>Synopsis:       [patch] ports mail/spamd to reflect the public hostname in helo dialog
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 21 21:40:06 GMT 2006
>Originator:     Olli Hauer
>Release:        FreeBSD 6.1-RELEASE i386
spamd gets the hostname via gethostname(3)
spamd reports the inside hostname in the initial dialog

sample public hostname: mx.example.org
sample real hostname:   mx.dmz.example.local

the patches are replacments for


 $ echo "helo test" | nc localhost 8025
 220 mx.dmz.example.local ESMTP Fake-Banner

With the patch and the following directive:
 pfspamd_flags="-4 -g -b -G 6:4:846 -H mx.example.org -n Fake-Banner"
 $ echo "helo test" | nc localhost 8025
 220 mx.example.org ESMTP Fake-Banner

--- spamd/spamd.c.orig	Tue Apr 12 19:21:48 2005
+++ spamd/spamd.c	Sun May 21 18:14:51 2006
@@ -123,6 +123,10 @@
 pid_t jail_pid = -1;
 u_short cfg_port;
+#ifdef IPFW
+int tabno=1;
 extern struct sdlist *blacklists;
 int conffd = -1;
@@ -150,9 +154,13 @@
 	    "usage: spamd [-45dgv] [-B maxblack] [-b address] [-c maxcon]\n");
-	    "             [-G mins:hours:hours] [-n name] [-p port]\n");
+	    "             [-G mins:hours:hours] [-H hostname] [-n name] [-p port]\n");
 	    "             [-r reply] [-s secs] [-w window]\n");
+#ifdef IPFW
+	fprintf(stderr,
+	    "             [-t table_no]\n");
@@ -958,7 +966,11 @@
 	if (gethostname(hostname, sizeof hostname) == -1)
 		err(1, "gethostname");
-	while ((ch = getopt(argc, argv, "45b:c:B:p:dgG:r:s:n:vw:")) != -1) {
+#ifdef IPFW
+	while ((ch = getopt(argc, argv, "45b:c:B:p:dgG:r:s:H:n:vw:t:")) != -1) {
+	while ((ch = getopt(argc, argv, "45b:c:B:p:dgG:r:s:H:n:vw:")) != -1) {
 		switch (ch) {
 		case '4':
 			nreply = "450";
@@ -1009,12 +1021,22 @@
 			stutter = i;
+		case 'H':
+			/* get hostname from optarg */
+			if (strlcpy(hostname, optarg, sizeof(hostname) ) >= sizeof(hostname))
+				err(1, "strlcpy hostname");
+ 			break;
 		case 'n':
 			spamd = optarg;
 		case 'v':
 			verbose = 1;
+#ifdef IPFW
+		case 't':
+			tabno = atoi(optarg);
+			break;
 		case 'w':
 			window = atoi(optarg);
 			if (window <= 0)

--- spamd/spamd.8.orig	Tue Apr 12 19:21:48 2005
+++ spamd/spamd.8	Sun May 21 18:27:45 2006
@@ -36,6 +36,7 @@
 .Op Fl b Ar address
 .Op Fl c Ar maxcon
 .Op Fl G Ar passtime:greyexp:whiteexp
+.Op Fl H Ar hostname
 .Op Fl n Ar name
 .Op Fl p Ar port
 .Op Fl r Ar reply
@@ -49,6 +50,8 @@
 daemon which rejects false mail.
 If the
 .Xr pf 4
+.Xr ipfw 4
 packet filter is configured to redirect port 25 (SMTP) to this daemon,
 it will attempt to waste the time and resources of the spam sender.
@@ -95,6 +98,10 @@
 Greylisting mode; see
+.It Fl H Ar hostname
+The SMTP hostname that is reported upon initial connection.
+If unused the hostname is found with 
+.Xr gethostname 3 .
 .It Fl n Ar name
 The SMTP version banner that is reported upon initial connection.
 .It Fl p Ar port
@@ -151,11 +158,15 @@
 which processes a list of spammers' addresses, and applies appropriate
 .Xr pfctl 8
 .Em rdr
+.Xr ipfw 8
+.Em fwd
 .Xr spamd-setup 8
 is run from
 .Xr cron 8 .
+.Ss "When using PF"
 .Xr pf 4 ,
 connections to port 25 (SMTP) can be redirected to another host or port,
@@ -189,6 +200,8 @@
 can also be used to load addresses into the
 .Em <spamd>
 .Xr spamd-setup 8
 also has the added benefit of being able to remove addresses from
 blacklists, and will connect to
@@ -203,6 +216,52 @@
 This is important as it allows legitimate mail
 senders to pressure spam sources into behaving properly so that they
 may be removed from the relevant blacklists.
+.Ss "If compiled with IPFW"
+.Xr ipfw 4 ,
+the syntax for redirection of TCP sessions is quite different
+from that of
+.Xr pf 4 .
+.Em fwd
+rule used for this purpose are described in
+.Xr ipfw 8 .
+The rules should be added to the ruleset called by /etc/rc.firewall
+to be present at boot time.
+.Bd -literal -offset 4n
+fwd,8025 tcp from table(2) to me 25 in
+allow tcp from table(1) to me 25 in
+fwd,8025 tcp from any to me 25 in
+Any addresses in the blacklist table
+.Em 2
+and not in the whitelist table
+.Em 1
+are then redirected to
+running on port 8025.
+Addresses can be loaded into the blacklist
+.Em table ,
+.Bd -literal -offset 4n
+# ipfw table 1 add a.b.c.d/x
+.Xr spamd-setup 8
+can also be used to load addresses into the blacklist table
+.Em 2 .
+.Op Fl t Ar table_no
+option to 
+.Em spamd 
+.Em spamd-setup 
+can be used to change the default table
 listens for configuration connections on the port identified by the


More information about the freebsd-ports-bugs mailing list