SPAMD - non WAN interface



  • Hi folks  :)

    I've been running pfsense (2) as a VM on my lan to act as a gateway between a couple of networks. It's been great.

    I run a mail server and have quite a complicated setup with scripting, iptables and labrea to identify and tarpit spammers. I'd like to replace this with SPAMD.

    Crap network diagram follows:

    (not used)
                              |
                            WAN
                              |
                            EM2
      DMZ –----EM1 PFSENSE  EM0 ----- LAN (.4)---------GATEWAY(.1)-----<<<--EVIL SPAMMERS FROM THE INTERNETS


    I thought I'd be able to set up SPAMD on PFSENSE & forward SMTP (25) from the gateway to (8025) on PFSENSE ... get SPAMD to do the dirty work and then eventually whitelist and forward mail to a mailscanner on the LAN.

    From what I can see - SPAMD listens on all interfaces and so does SPAMLOGD. When I connect on 8025 I get the staggered connection (love it) but I can never get anything whitelisted and forwarded to to next mailhost.

    In addition - if I import a blacklist (like Okean) it never shows them added to the blacklist file or displays them on the web page. I restart the service from the CLI and it can see and count the number of entries in the Okean blacklist but they never get added.

    There are two things that don't appear to work in this configuration:
    1 - I don't think that the associated forwarding rules work on anything other than the WAN interface. A quick check of /tmp/rules.debug seems to show this:

    # spam table 
    table <whitelist>persist
    table <blacklist>persist
    table <spamd>persist
    table <spamd-white>persist file "/var/db/whitelist.txt"
    rdr pass on em2 proto tcp from <blacklist>to port smtp -> 127.0.0.1 port spamd
    rdr pass on em2 proto tcp from <spamd>to port smtp -> 127.0.0.1 port spamd
    rdr pass on em2 proto tcp from ! <spamd-white>to port smtp -> 127.0.0.1 port spamd
    rdr pass on em2 proto tcp from <spamd-white>to port smtp -> 192.168.1.76 port smtp</spamd-white></spamd-white></spamd></blacklist></spamd-white></spamd></blacklist></whitelist> 
    ``` 
    
    So I can see that onward forwarding will only happen from EM2 (WAN)
    
    2 - Whitelist and blacklist are not getting updated. I can't work out why.
    
    I can't find any spamd log file created (anywhere) either.
    
    So really - I'm curious if anyone has managed to set this up to run on anything other than the WAN interface (if so - how) & whether anyone knows why black/whitelists are not updating.
    
    Does this just work out of the box for people running it on the WAN interface?
    
    Any advice would be appreciated. Please be gentle  :P


  • Just for the record (in case anyone else looks in to this)

    I ended up reconfiguring my network to fit SPAMD.

    The PFSENSE VM WAN now connects to the internet and acts as a gateway for the entire LAN - rather than just being another LAN client.

    SPAMD kicked in straight away.

    Sometimes you have to accept that things won't work if your setup is arse about face.



  • Spamd has some cool features, but did you tried postfix package?

    I did many improvements to this package and it realy keeps trash away.

    It may reduce your mailscanner load about 300%.

    I'm suggesting it because i did not understood if spamd worked for you or not.



  • @marcelloc:

    Spamd has some cool features, but did you tried postfix package?

    I did many improvements to this package and it realy keeps trash away.

    It may reduce your mailscanner load about 300%.

    I'm suggesting it because i did not understood if spamd worked for you or not.

    Hi there - yes I also use postfix as my MTA. Infact - mail comes in now via SPAMD then gets passed to MAILSCANNER followed by a dedicated mailserver with postfix.

    SPAMD is grey-listing and I can whitelist servers if I need to. I've already seen a massive drop in hits to my mailscanner.

    I can't seem to blacklist any servers though. I understand with SPAMD that when you assign something in the DB to whitelist or blacklist from the web page - you have to refresh the page to see the change - I totally get that, but only the whitelist function seems to do anything. I suspect this has something to do with the difference between greylist and blacklist operation but I've yet to RTFM so that's just a guess.



  • I mean postfix antispam and relay package for pfsense 2.0.

    It's postfix 2.8.5 + SPF + RBL + postscreen

    Postscreen enables greylists on postfix.



  • Marcelloc - thanks for that - I really appreciate it. I'll check it out.

    SPAMD should do what I want but getting it configured nicely is a pain. I've found that some of the spammers have already overrun the grey listing so I switched to black listing instead. It seems that I need to manually whitelist valid incoming connections using the SPAMD whitelist tab rather than the SPAMD Database tab - whitelist buttons.

    I think I see the difference in the mechanics at play here. But without a method for working out who's connecting (other than tailing the damn logs and checking the IP addresses) how am I supposed to know what incoming mail to whitelist?

    SO - your option may well turn out to be the best choice.


Locked