Date: Sun, 17 Jun 2012 03:45:24 -0700 From: Doug Hardie <bc979@lafn.org> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Problem with spamlogd Message-ID: <F9842FD4-2197-4787-9185-C58DB633A938@lafn.org>
next in thread | raw e-mail | index | archive | help
I am using spamd on several systems and started encountering a problem = awhile ago with FreeBSD 7.2 servers, but let it go since I am in the = process of upgrading the servers. However, I now am encountering the = same issue on FreeBSD 9.0 with spamlogd. It never reads pflog0. pflogd = reads the entries just fine. I set up syslog to log all the spamlogd = messages and when spamlogd is started it gives: spamlogd: Listening on pflog0 for all interfaces.=20 lsof shows that it is connected to bpf0 as is pflogd. However, pflogd = shows an offset into the file that appears to be the end of the file. = spamlogd shows an offset of 0. It is periodically reading the file as = shown by ktrace but always getting back a 0 size return. spamd itself = is working just fine. However, the expiration times are not being = updated so white entries are timed out way too often. spamlogd used to = update them. The rc.conf entries are: obspamd_enable=3D"YES" obspamd_flags=3D"-G 2:1:1728" obspamd_setup_flags=3D"" obspamd_grey=3DYES obspamlogd_enable=3D"YES" obspamlogd_flags=3D"-W 1728" These were established a few years ago and worked up till short while = ago. I don't recall any changes I made to anything, but=85 Looking through the spamlogd source it appears to be building a filter = for the pcap routines with: "ip and port 25 and action pass and tcp[13]&0x12=3D0x2" Using that filter on pflog yields no output. I believe the pass item = requires there to be some logging of the pass actions and those are not = appearing in the pflog or in the pfctl counts for those rules. I = suspect that is the problem. The pf.conf is: (mail server is on this = machine) ext_if=3D"em0" table <blackhole> persist file "/etc/blackhole" table <spamd> persist table <spamd-white> persist table <spamd-white-local> persist file "/etc/mail/whitelist" no rdr on { lo0, lo1 } from any to any no rdr on { lo0, lo1 } from any to any MAILHOSTS =3D "{zool.lafn.org 10.0.1.10}" rdr pass log on $ext_if inet proto tcp from <spamd-white-local> to port = smtp -> 127.0.0.1 port smtp rdr pass log on $ext_if inet proto tcp from <spamd-white> to port smtp = -> 127.0.0.1 port smtp rdr pass log on $ext_if inet proto tcp to $MAILHOSTS port smtp -> = 127.0.0.1 port spamd pass in on lo0 pass in log on $ext_if inet proto tcp to 127.0.0.1 port smtp pass out log on $ext_if inet proto tcp from 127.0.0.1 to any port smtp block in quick log on $ext_if from <blackhole> to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F9842FD4-2197-4787-9185-C58DB633A938>