Spamd Package - set up to handle multiple smtp host domains
Redshift82r last edited by
Hi - just installed pfSense 2.01 into a Parallels VM on a Mac Pro running OS X 10.8.2 and OS X Server. If anyone is interested in the firewall vm within a server setup, I'm using 2 Apple USB Ethernet Adaptors for the ADSL2 and LAN connections - not running a filtered bridge! Server has its own NIC and LAN address.
Many thanks to the devs and community for a great package.
Just a quick tip to set up spamd to handle multiple smtp host domains like apple.com, iCloud.com, google.com / Gmail ( here in Australia, some universities and corporates using it via Google Docs - obsmtp.com) , YouTube.com or Bigpond.com here in Australia. This is aimed at experienced users who aren't afraid of the command line but want to get it up and running without messing about in package inc's.
The spamd.inc script does not work as intended as the firewall rules will always pass any port 25 traffic from the wan to the spamd port 8025 unless the ip exists in the /usr/local/sbin/spamdb. Also, the spamd GUI whitelist feature, even if fixed, does not lend itself to bulk update and my whitelist is over 100 address ranges.
1. Visit https://calomel.org/spamd_config.html and copy the spamd_whitelist.sh script and modify for your own needs
2. Diagnostics>Command Prompt - upload the spamd-spf.txt file to /tmp and then "cp" to /var/db ( otherwise it will disappear next reboot …. The voice of experience here!)
3. Create a new list in Firewall>pfBlocker>Lists using the uploaded file.
4. Add a NAT rule to pass any traffic from Source>alias>pfBlockernewspamlist Destination>Wan Ports>smtp and Redirect to your email server host ip. ( creates a filter rule automatically)
4.5 I added a floating WAN rule to also log this traffic so that spamd automatically adds it to its spamdb whitelist -not strictly necessary, but Peter H suggests it in his spamd setup guide.
5. For spamd to automatically whitelist hosts that your smtp server sends to, create a LAN firewall rule to log any traffic from your internal email server ip to any destination address - port>smtp
Extra Credit Step 6.
If you want to set up a manual whitelist for the odd ip address or two, you could set up an alias table in Firewall>Aliases and repeat the NAT setup above with that extra table, or you can execute /usr/local/sbin/spamd -a zzz.xxx.yyy.vvv from the Diagnostics>Command Prompt window. More permanent to keep in an alias table as the spamdb whitelist does expire if it hasn't received an email from an address in
36 days (using defaults)
You need to watch the logs to make sure you get all the multi-smtp host domains added over the first month.
Hope that helps. My spam traffic has gone from 150 / day down to 3 or 4 per week due to spamd / pfBlocker in pfSense in combo with Postfix / Postscreen (spamhaus ZEN) / pySPF policy /spamassassin / clamav on the Mac. I may now replace the VM with a low power 2 NIC box as a dedicated firewall appliance now that the proof of concept has worked so beautifully!