svn commit: r43992 - head/en_US.ISO8859-1/books/handbook/firewalls

Dru Lavigne dru at
Wed Feb 19 17:51:01 UTC 2014

Author: dru
Date: Wed Feb 19 17:51:00 2014
New Revision: 43992

  Editorial pass through greylisting section.
  At some point, expanding on how to use spamdb would be useful.
  Sponsored by: iXsystems


Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
--- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml	Wed Feb 19 17:45:12 2014	(r43991)
+++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml	Wed Feb 19 17:51:00 2014	(r43992)
@@ -1336,117 +1336,60 @@ rdr pass on $ext_if inet proto tcp from 
 	  hosts will soon start getting trapped within a few seconds to
 	  several minutes.</para>
-	<sect4 xml:id="pftut-spamd-greylist">
-	  <title>Adding Greylisting to the Setup</title>
-	  <para><application>spamd</application> also supports
-	    <firstterm>greylisting</firstterm>, which works by
-	    rejecting messages from unknown hosts temporarily with
-	    <replaceable>45n</replaceable> codes, letting messages
-	    from hosts which try again within a reasonable time
-	    through.  Traffic from well behaved hosts, that is,
+	  <para><application>PF</application> also supports
+	    <firstterm>greylisting</firstterm>, which temporarily
+	    rejects messages from unknown hosts with
+	    <replaceable>45n</replaceable> codes.  Messages
+	    from greylisted hosts which try again within a reasonable time
+	    are let through.  Traffic from
 	    senders which are set up to behave within the limits set
-	    up in the relevant RFCs
-	    <footnote><para>The relevant RFCs are mainly RFC1123
-	      and RFC2821.</para></footnote>, will be let
+	    by RFC 1123
+	    and RFC 2821 are immediately let
-	  <para>Greylisting as a technique was presented in a 2003
-	    paper by Evan Harris
-	    <footnote><para>The original
-	      Harris paper and a number of other useful articles
-	      and resources can be found at the <link
+	  <para>More information about greylisting as a technique
+	      can be found at the <link
-	      web site.</para></footnote>, and a number of
-	    implementations followed over the next few months.
-	    OpenBSD's <application>spamd</application> acquired its
-	    ability to greylist in OpenBSD 3.5, which was released
-	    in May 2004.</para>
-	  <para>The most amazing thing about greylisting, apart
+	      web site.  The most amazing thing about greylisting, apart
 	    from its simplicity, is that it still works.  Spammers
-	    and malware writers have been very slow to adapt.</para>
+	    and malware writers have been very slow to adapt in order
+	    to bypass this technique.</para>
-	  <para>The basic procedure for adding greylisting to your
-	    setup follows below.</para>
+	  <para>The basic procedure for configuring greylisting is as
+	    follows:</para>
+	    <title>Configuring Greylisting</title>
-	      <para>If not done already, make sure the
-		file descriptor file system (see &man.fdescfs.5;) is
-		mounted at <filename>/dev/fd/</filename>.  Do this
-		by adding the following line to
-		<filename>/etc/fstab</filename>:</para>
-	      <programlisting>fdescfs /dev/fd fdescfs rw 0 0</programlisting>
-	      <para>and make sure the &man.fdescfs.5; code is in the
-		kernel, either compiled in or by loading the module
-		with &man.kldload.8;.</para>
+	      <para>Make sure that &man.fdescfs.5; is
+		mounted as described in Step 1 of the previous Procedure.</para>
 	      <para>To run <application>spamd</application> in
-		greylisting mode, <filename>/etc/rc.conf</filename>
-		must be changed slightly by adding</para>
+		greylisting mode, add this line to <filename>/etc/rc.conf</filename>:</para>
 	      <programlisting>spamd_grey="YES"  # use spamd greylisting if YES</programlisting>
-	      <para>Several greylisting related parameters can be
-		fine-tuned with <command>spamd</command>'s command
-		line parameters and the corresponding
-		<filename>/etc/rc.conf</filename> settings.  Check
-		the <application>spamd</application> man page to see
-		what the parameters mean.</para>
+	      <para>Refer to the <application>spamd</application> man page
+	        for descriptions of additional related parameters.</para>
-	      <para>To complete the greylisting setup, restart
-		<application>spamd</application> using the
-		<filename>/usr/local/etc/rc.d/obspamd</filename>
-		script.</para>
+	      <para>To complete the greylisting setup:</para>
+	      <programlisting>&prompt.root; <command>service restart obspamd</command>
+&prompt.root; <command>service start spamlogd</command></programlisting>
-	  <para>Behind the scenes, rarely mentioned and barely
-	    documented are two of <application>spamd</application>'s
-	    helpers, the <application>spamdb</application> database
+	  <para>Behind the scenes, the <application>spamdb</application> database
 	    tool and the <application>spamlogd</application>
-	    whitelist updater, which both perform essential
-	    functions for the greylisting feature.  Of the two
-	    <application>spamlogd</application> works quietly in the
-	    background, while <application>spamdb</application> has
-	    been developed to offer some interesting
-	    features.</para>
-	  <note>
-	    <title>Restart <application>spamd</application> to
-	      Enable Greylisting</title>
-	    <para>After following all steps in the tutorial
-	      exactly up to this point,
-	      <application>spamlogd</application> has been started
-	      automatically already.  However, if the initial
-	      <application>spamd</application> configuration did not
-	      include greylisting,
-	      <application>spamlogd</application> may not have been
-	      started, and there may be strange symptoms, such as
-	      greylists and whitelists not getting updated
-	      properly.</para>
-	    <para>Under normal circumstances, it should not be
-	      necessary to start <application>spamlogd</application>
-	      by hand.  Restarting <application>spamd</application>
-	      after enabling greylisting ensures
-	      <application>spamlogd</application> is loaded and
-	      available too.</para>
-	  </note>
-	  <para><application>spamdb</application> is the
+	    whitelist updater perform essential
+	    functions for the greylisting feature.  <application>spamdb</application> is the
 	    administrator's main interface to managing the black,
-	    grey and white lists via the contents of the
+	    grey, and white lists via the contents of the
 	    <filename>/var/db/spamdb</filename> database.</para>
-	</sect4>
       <sect3 xml:id="pftut-hygiene">

More information about the svn-doc-all mailing list