Date: Fri, 27 Apr 2007 11:05:01 -0700 From: snowcrash <schneecrash+pf@gmail.com> To: freebsd-pf@freebsd.org Subject: why are pf-blocked ips 'leaking' thru to spamd? Message-ID: <70f41ba20704271105m11fa5315kc7c3d715f2d63f61@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
hi, i've set up pf+spamd on FreeBSD 6.2-RELEASE. IPs that i've blocked seem to be sneaking through to spamd ... not always, apparently :-/ i'm guessing i've borked config, or there's an overflow of something ... dunno, yet. i've config'd pf as follows, pf.conf -------------------------- ... # OPTIONS set block-policy drop set optimization aggressive set state-policy if-bound ... # NORMALIZE scrub in all ... # TRANSLATE/REDIRECT nat on $ext_if from $int_if:network to any -> ($ext_if) ... rdr on $ext_if proto tcp from <mail-white> to $SMTP_WAN port 25 -> $SMTP_LAN port 25 rdr pass on $ext_if proto tcp from { <spamd>, !<ip-black> } \ to ($ext_if) port 25 -> 127.0.0.1 port 8025 rdr pass on $ext_if proto tcp from { !<spamd-white>, !<ip-black> } \ to ($ext_if) port 25 -> 127.0.0.1 port 8025 rdr on $ext_if proto tcp from <spamd-white> to $SMTP_WAN port 25 -> $SMTP_LAN port 25 ... # FILTER block log quick from { <ip-black> } to any block log all pass in log quick on $ext_if proto tcp from { <mail-white>, <spamd-white> } \ to $SMTP_LAN port 25 flags S/SFRA keep state pass out log quick on $ext_if proto tcp from any to port 25 flags S/SFRA keep state ... -------------------------- so, iiuc, anything in <ip-black> should NEVER be redirected to spamd, AND would be blocked anyway by the subsequent default filter ... but, in my spamd log i'm seeing, Apr 27 10:40:47 router spamd[984]: (GREY) 86.105.76.208: <euguntersville@mit.midco.net> -> <snowcrash@mydomain.com> Apr 27 10:40:47 router spamd[984]: 86.105.76.208: disconnected after 1 seconds. checking, % pfctl -t ip-black -T show | grep 86.104.0.0/14 86.104.0.0/14 where, % whatmask 86.104.0.0/14 | grep "t Usable" First Usable IP Address = .....: 86.104.0.1 Last Usable IP Address = ......: 86.107.255.254 so, why is the addr in question, 86.105.76.208, even getting to spamd? any suggestions are appreciated! thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?70f41ba20704271105m11fa5315kc7c3d715f2d63f61>