Problem with spamlogd

Doug Hardie bc979 at lafn.org
Sun Jun 17 10:45:32 UTC 2012 

I am using spamd on several systems and started encountering a problem awhile ago with FreeBSD 7.2 servers, but let it go since I am in the process of upgrading the servers.  However, I now am encountering the same issue on FreeBSD 9.0 with spamlogd.  It never reads pflog0.  pflogd reads the entries just fine.  I set up syslog to log all the spamlogd messages and when spamlogd is started it gives:

spamlogd: Listening on pflog0 for all interfaces. 

lsof shows that it is connected to bpf0 as is pflogd.  However, pflogd shows an offset into the file that appears to be the end of the file.  spamlogd shows an offset of 0.  It is periodically reading the file as shown by ktrace but always getting back a 0 size return.  spamd itself is working just fine.  However, the expiration times are not being updated so white entries are timed out way too often.  spamlogd used to update them.  The rc.conf entries are:

obspamd_enable="YES"
obspamd_flags="-G 2:1:1728"
obspamd_setup_flags=""
obspamd_grey=YES
obspamlogd_enable="YES"
obspamlogd_flags="-W 1728"


These were established a few years ago and worked up till short while ago.  I don't recall any changes I made to anything, but…

Looking through the spamlogd source it appears to be building a filter for the pcap routines with:

"ip and port 25 and action pass and tcp[13]&0x12=0x2"

Using that filter on pflog yields no output.  I believe the pass item requires there to be some logging of the pass actions and those are not appearing in the pflog or in the pfctl counts for those rules.  I suspect that is the problem.  The pf.conf is: (mail server is on this machine)

ext_if="em0"

table <blackhole> persist file "/etc/blackhole"
table <spamd> persist
table <spamd-white> persist
table <spamd-white-local> persist file "/etc/mail/whitelist"


no rdr on { lo0, lo1 } from any to any

no rdr on { lo0, lo1 } from any to any
MAILHOSTS = "{zool.lafn.org 10.0.1.10}"

rdr pass log on $ext_if inet proto tcp from <spamd-white-local> to port smtp -> 127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp from <spamd-white> to port smtp -> 127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp to $MAILHOSTS port smtp -> 127.0.0.1 port spamd


pass in on lo0

pass in log on $ext_if inet proto tcp to 127.0.0.1 port smtp
pass out log on $ext_if inet proto tcp from 127.0.0.1 to any port smtp

block in quick log on $ext_if from <blackhole> to any

More information about the freebsd-questions mailing list