SPAMD stop passing mail from WHITE-list (Peter N. M. Hansteen)

Olli Hauer ohauer at gmx.de
Mon Feb 5 17:12:09 UTC 2007 

Datum: Mon, 05 Feb 2007 19:10:40 +0300
Von: "Владимир Капустин" <msgs_for_me at mail.ru>
An: freebsd-pf at freebsd.org
CC: 
Betreff: Re: Re: SPAMD stop passing mail from WHITE-list (Peter N. M.	Hansteen)

> > > I have spamd configured like in
> > > http://home.nuug.no/~peter/pf/en/spamd.html
> > > with greylisting enabled
> > >
> > > and i meet some problems with it:
> > 
> > Well, you have my attention.  I am would be very interested in getting
> > to know about any inaccuracies in that document, and certainly any
> > that trip people up.
> > 
> > > 1. My 2 FreeBSD routers stopped to pass mail from WHITE-list. First
> > > one - when spamd grows to 500 Megabytes. Second - 350 Meg.
> > 
> > At the point where things stop working, what content does the
> > whitelist table have?  ie, anything recognizable or (incredibly) zero
> > size?  One possibility - a far fetched one, admittedly - is that
> > hosts in your whitelist got themselves greytrapped (if you did set
> > that up).  
> 
> 
> Nothing unusual, but that the mail stops forwarding from the whitelist.
> i.e. the sender resends  the mail, gets in WHITE-list in spamd, but the
> mail 
> does not actually pass the router.
> Many users started to complain and I forgot to look into
> 
> pfctl -t spamd-white -T show
> 
> but actually I have no BLACK list, and I still don't have a good idea
> how to use TRAPs automatically...I try to put some adresses in TRAP-list
> manually, but I can catch only myself in test purposes.
> 
> 
> > 
> > > When I do: 
> > > cat /dev/null > /var/db/spamd
> > > all starts to work again
> > 
> > This sounds like somehow your initally whitelisted hosts got
> > themselves blacklisted, or the whitelist is somehow bypassed.
> > 
> 
> 
> As I wrote above they could not get into BLACK-list because i don't have 
> any. And it could not bypass anyhow, because I have such redirect rules:
> 
> pfctl -sn
> rdr pass inet proto tcp from <spamd> to any port = smtp -> 127.0.0.1 port
> 8025
> rdr pass inet proto tcp from ! <spamd-white> to any port = smtp ->
> 127.0.0.1 port 8025
> ....
> 
> 
> > > 2. If i have some malware on my PC and use mail-client program. If I
> > > send the same message some times I automatically get into WHITE-list
> > > and my malware can spam as much as it must?
> > 
> > If your malware manages to behave RFC-correctly, that is, resend after
> > what the greylisting host considers a reasonable interval, it will
> > manage to send whatever it's trying to send.
> 
> 
> No...not malware...suppose that a user doesn't know about malware and uses
> Outlook to send
> his mail. He'll get into THE WHITE-list and spamd can't stop HIS malware?
> 
> 
> tusen takk at du har blitt interessert i problemet mitt
> _______________________________________________


Is the spamd database really 350MB-500MB??

If you do a 
 spamdb | grep WHITE | wc -l
 spamdb | grep TRAPPED | wc -l

How many records are there?
Do you also have another table that loads many records to pf tables?

Some checks to count these records.
pfctl -sT
  spamd
  spamd-white
  another-table

Then count these tables.
  pfctl -t spam -Ts | wc -l
  pfctl -t spamd-pass | wc -l
  pfctl -t another-table | wc -l


For example:
If PF can store with regular settings ~200.000 records in tables, 
then the 200.001 record is not stored in the table and you dont 
get an error for that.

The spamdb deamon calls for every whitelisted IP 
 'pfctl -tspam-white -Ta $IP'








-- 
"Feel free" - 5 GB Mailbox, 50 FreeSMS/Monat ...
Jetzt GMX ProMail testen: http://www.gmx.net/de/go/promail?ac=OM.GX.GX003K11711T4781a

More information about the freebsd-pf mailing list