SPAMD stop passing mail from WHITE-list

Vladimir Kapustin msgs_for_me at mail.ru
Mon Feb 5 16:56:14 UTC 2007 

> > I have spamd configured like in
> > http://home.nuug.no/~peter/pf/en/spamd.html
> > with greylisting enabled
> >
> > and i meet some problems with it:
>
> Well, you have my attention.  I am would be very interested in getting
> to know about any inaccuracies in that document, and certainly any
> that trip people up.
>
> > 1. My 2 FreeBSD routers stopped to pass mail from WHITE-list. First
> > one - when spamd grows to 500 Megabytes. Second - 350 Meg.
>
> At the point where things stop working, what content does the
> whitelist table have?  ie, anything recognizable or (incredibly) zero
> size?  One possibility - a far fetched one, admittedly - is that
> hosts in your whitelist got themselves greytrapped (if you did set
> that up).  


Nothing unusual, but that the mail stops forwarding from the whitelist.
i.e. the sender resends  the mail, gets in WHITE-list in spamd, but the mail
does not actually pass the router.
Many users started to complain and I forgot to look into

pfctl -t spamd-white -T show

but actually I have no BLACK list, and I still don't have a good idea
how to use TRAPs automatically...I try to put some adresses in TRAP-list
manually, but I can catch only myself in test purposes.


>
> > When I do:
> > cat /dev/null > /var/db/spamd
> > all starts to work again
>
> This sounds like somehow your initally whitelisted hosts got
> themselves blacklisted, or the whitelist is somehow bypassed.
>


As I wrote above they could not get into BLACK-list because i don't have
any. And it could not bypass anyhow, because I have such redirect rules:

pfctl -sn
rdr pass inet proto tcp from <spamd> to any port = smtp -> 127.0.0.1 port 8025
rdr pass inet proto tcp from ! <spamd-white> to any port = smtp -> 127.0.0.1 port 8025
....


> > 2. If i have some malware on my PC and use mail-client program. If I
> > send the same message some times I automatically get into WHITE-list
> > and my malware can spam as much as it must?
>
> If your malware manages to behave RFC-correctly, that is, resend after
> what the greylisting host considers a reasonable interval, it will
> manage to send whatever it's trying to send.


No...not malware...suppose that a user doesn't know about malware and uses Outlook to send
his mail. He'll get into THE WHITE-list and spamd can't stop HIS malware?


tusen takk at du har blitt interessert i problemet mitt

More information about the freebsd-pf mailing list