Re: spamDB - blacklist mode

Mon, 02 Mar 2020 22:52:53 -0800 

On Tue, Mar 03, 2020 at 04:46:11AM +0000, [email protected] wrote:
> Boudewijn,
> Thank you for your reply, and clarification.
> 
> The man pages for SPAMD and SPAMDB do not directly state this relationship / 
> behavior, and therefore I had made the assumption that spamd would capture 
> and feed all entries into the spamdb, in all operational modes.
> ..hopefully i have not overlooked vital documentation.
> 

hi.

there's a few parts to spamd, and i think it can be initially confusing
until you work out how it's put together. but there has been effort put
into the spamd(8) page to make it clear what happens by default, and how
that differs in blacklisting mode:

    SPAMD(8)             System Manager's Manual             SPAMD(8)

...
         When spamd is run in default mode, it will greylist
         connections from new hosts.  Depending on its configuration,
         it may choose to blacklist the host or, if the checks
         described below are met, eventually whitelist it.  When
         spamd is run in blacklist-only mode, using the -b flag, it
         will consult a pre-defined set of blacklist addresses to
         decide whether to tarpit the host or not.

...
         When run in default mode, connections receive the pleasantly
         innocuous temporary failure of:

             451 Temporary failure, please try again later.

         This happens in the SMTP dialogue immediately after the DATA
         command is received from the client.  spamd will use the db
         file in /var/db/spamd to track these connections to spamd by
         connecting IP address, HELO/EHLO, envelope-from, and
         envelope-to, or tuple for short.  Hosts which connect but do
         not attempt to deliver mail will not generate a tuple and
         always be ignored.
...
         spamd-setup(8) should be run periodically by cron(8) to
         update the blacklists configured in spamd.conf(5).  Use
         crontab(1) to uncomment the entry in root's crontab.  When
         run in blacklist-only mode, the -b flag should be specified.

...
    BLACKLIST-ONLY MODE
         When running in default mode, the pf.conf(5) rules described
         above are sufficient.  However when running in blacklist-
         only mode, a slightly modified pf.conf(5) ruleset is
         required, diverting any addresses found in the <spamd> table
         to spamd.  Any other addresses are passed to the real MTA.
...
         /var/db/spamd                     Greylisting database.

i hope it's clear that /var/db/spamdb is used in default mode, but not in
blacklist-only mode.

jmc

Reply via email to