From owner-freebsd-pf@FreeBSD.ORG Thu Feb 8 21:10:46 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 70FB416A406 for ; Thu, 8 Feb 2007 21:10:46 +0000 (UTC) (envelope-from msgs_for_me@mail.ru) Received: from mx27.mail.ru (mx27.mail.ru [194.67.23.64]) by mx1.freebsd.org (Postfix) with ESMTP id 30FF513C48D for ; Thu, 8 Feb 2007 21:10:45 +0000 (UTC) (envelope-from msgs_for_me@mail.ru) Received: from [80.244.229.35] (port=61222 helo=VLADIMIR) by mx27.mail.ru with asmtp id 1HFGXU-0006m1-00 for freebsd-pf@freebsd.org; Fri, 09 Feb 2007 00:10:44 +0300 X-Nat-Received: from [192.168.1.110]:2671 [ident-empty] by smtp-proxy.vltele.com with TPROXY id 1170968878.20377 Date: Fri, 9 Feb 2007 00:10:46 +0300 From: Vladimir Kapustin X-Mailer: The Bat! (v3.85.03) Professional Organization: vltele.com X-Priority: 3 (Normal) Message-ID: <48171004.20070209001046@mail.ru> To: freebsd-pf@freebsd.org References: E1HE6sC-000Ht1-00.msgs_for_me-mail-ru@f22.mail.ru MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: SPAMD stop passing mail from WHITE-list X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Vladimir Kapustin List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 21:10:46 -0000 >> Nothing unusual, but that the mail stops forwarding from the >> whitelist. i.e. the sender resends the mail, gets in WHITE-list in >> spamd, but the mail does not actually pass the router. > >That and the sheer size of your spamdb is weird. > I have about 1000 users behind each router, and many of them have malware on theirs PCs. >> pfctl -sn >> rdr pass inet proto tcp from to any port smtp -> 127.0.0.1 port 8025 >> rdr pass inet proto tcp from ! to any port smtp -> 127.0.0.1 port 8025 > >try making your rdr interface specific, ie rdr pass on $ext_if and see >if it makes a difference > Now all is OK. Should I change rdr-rules only if the situation repeats to see if it really helps? Is there any way to combine the spamd functionality with max-src-conn-rate limitation? I worried only about spam FROM my LOCAL NET. And the spamd itself doesn't save me from getting into different spam-lists. If only I could limit the spam-rate on $int_if by PF-rules and then use spamd on $ext_if, I think it would be a good help. >> No...not malware...suppose that a user doesn't know about malware >> and uses Outlook to send his mail. He'll get into THE WHITE-list >> and spamd can't stop HIS malware? > >Mail from a whitelisted IP address will pass. > >Please contact me off-list (the address works, with greylisting ;)) if >you want me to see if I can reproduce the problem here, I'll probably >need larger chunks of your config than you would sensibly put on a >public list. Jeg vil gjerne sende deg hvilke som helst stykker av min configs. Kan du spesifisere hva jeg bor sende?