Re: spamd greylisting: false positives

Sun, 27 May 2012 07:51:40 -0700 

Just made a minor change to pf.conf, to modulate state all tcp
and keep state all udp:

I am getting tired, it is late here.  Hope I have not made any
silly mistakes in this :D

#-----------------------------------------------------------------------
# defaults
#-----------------------------------------------------------------------
set loginterface egress
match in all scrub (no-df max-mss 1440)
antispoof quick for egress
pass
pass proto tcp modulate state
pass proto udp keep state
block in log on egress
#-----------------------------------------------------------------------
# ssh
#-----------------------------------------------------------------------
table <ssh-black> persist file "/etc/pf/ssh-black"
table <ssh-white> persist file "/etc/pf/ssh-white"
pass in on egress inet proto tcp from <ssh-white> to egress port ssh \
modulate state
pass in on egress inet proto tcp from !<ssh-black> to egress port ssh \
modulate state \
(max-src-conn-rate 1/30, overload <ssh-black> flush)
#-----------------------------------------------------------------------
# authpf
#-----------------------------------------------------------------------
table <authpf_users> persist
pass in on egress from <authpf_users>
pass in on egress proto tcp from <authpf_users> modulate state
pass in on egress proto udp from <authpf_users> keep state
#-----------------------------------------------------------------------
# spamd - greylist mode
#-----------------------------------------------------------------------
table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"
pass in on egress proto tcp from any to egress port smtp \
    rdr-to 127.0.0.1 port spamd
pass in on egress proto tcp from <nospamd> to egress port smtp \
modulate state
pass in log on egress proto tcp from <spamd-white> to egress port smtp \
modulate state
pass out log on egress proto tcp to any port smtp modulate state
#-----------------------------------------------------------------------

There is one GREY entry from lists.openbsd.org so far.

root@skitL:~:0# spamdb|fgrep 192.43.244.163
GREY|192.43.244.163|shear.ucar.edu|<[email protected]>|<[email protected]>|1338127686|1338142086|1338142086|1|0
root@skitL:~:0# date
Mon May 28 00:44:18 EST 2012
root@skitL:~:0# date -r 1338127686
Mon May 28 00:08:06 EST 2012

I need to go sleep now, so I will check again in the morning before I
go to work.

Cheers,
.d.d.

Reply via email to