Date: Sun, 17 Jun 2012 03:45:24 -0700 From: Doug Hardie <bc979@lafn.org> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Problem with spamlogd Message-ID: <F9842FD4-2197-4787-9185-C58DB633A938@lafn.org>
next in thread | raw e-mail | index | archive | help
I am using spamd on several systems and started encountering a problem =
awhile ago with FreeBSD 7.2 servers, but let it go since I am in the =
process of upgrading the servers. However, I now am encountering the =
same issue on FreeBSD 9.0 with spamlogd. It never reads pflog0. pflogd =
reads the entries just fine. I set up syslog to log all the spamlogd =
messages and when spamlogd is started it gives:
spamlogd: Listening on pflog0 for all interfaces.=20
lsof shows that it is connected to bpf0 as is pflogd. However, pflogd =
shows an offset into the file that appears to be the end of the file. =
spamlogd shows an offset of 0. It is periodically reading the file as =
shown by ktrace but always getting back a 0 size return. spamd itself =
is working just fine. However, the expiration times are not being =
updated so white entries are timed out way too often. spamlogd used to =
update them. The rc.conf entries are:
obspamd_enable=3D"YES"
obspamd_flags=3D"-G 2:1:1728"
obspamd_setup_flags=3D""
obspamd_grey=3DYES
obspamlogd_enable=3D"YES"
obspamlogd_flags=3D"-W 1728"
These were established a few years ago and worked up till short while =
ago. I don't recall any changes I made to anything, but=85
Looking through the spamlogd source it appears to be building a filter =
for the pcap routines with:
"ip and port 25 and action pass and tcp[13]&0x12=3D0x2"
Using that filter on pflog yields no output. I believe the pass item =
requires there to be some logging of the pass actions and those are not =
appearing in the pflog or in the pfctl counts for those rules. I =
suspect that is the problem. The pf.conf is: (mail server is on this =
machine)
ext_if=3D"em0"
table <blackhole> persist file "/etc/blackhole"
table <spamd> persist
table <spamd-white> persist
table <spamd-white-local> persist file "/etc/mail/whitelist"
no rdr on { lo0, lo1 } from any to any
no rdr on { lo0, lo1 } from any to any
MAILHOSTS =3D "{zool.lafn.org 10.0.1.10}"
rdr pass log on $ext_if inet proto tcp from <spamd-white-local> to port =
smtp -> 127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp from <spamd-white> to port smtp =
-> 127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp to $MAILHOSTS port smtp -> =
127.0.0.1 port spamd
pass in on lo0
pass in log on $ext_if inet proto tcp to 127.0.0.1 port smtp
pass out log on $ext_if inet proto tcp from 127.0.0.1 to any port smtp
block in quick log on $ext_if from <blackhole> to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F9842FD4-2197-4787-9185-C58DB633A938>