Spamd not working as expected



  • We are running pfSense (1.2) a few weeks now. Yesterday I tried to enable spamd. (4.3.6).

    Configuration:
    External Sources:
    Provider Name: Heise; Type: Blacklist; ProviderMethod: URL; URL: http://www.openbsd.org/spamd/nixspam.gz

    Whitelist:
    64.233.184.0/24 Google Mail
    64.233.170.0/24 Google Mail
    192.168.1.3 L2SBS
    213.165.64.20 GMX
    127.0.0.0/8 Localhost
    72.14.192.0/18 Google Mail
    68.142.192.0/18 Yahoo
    66.135.192.0/19 eBay

    Settings:
    Identifier: pfSense
    Maximum blacklisted connections: 700
    Max concurrent connections: 800
    Grey listing: false
    Passtime: 5
    Grey Expiration: 4
    White Exp: 864
    Stutter Secs: 10
    Delay Secs: 0
    Window Size: 1
    NextMTA: 192.168.1.3        (alias l2sbs)
    Enable RRD graphing: true

    Firewall: NAT:

    WAN  TCP  25 (SMTP)  l2sbs (ext.:…) 25 (SMTP)

    Firewall: Rules
    Pass: TCP; Interface WAN; Source: any; Source OS: any; Destination: l2sbs; Destination Port: 25

    When running Spamd in this configuration no email is being transmitted to our internal mailserver. I waited several hours. After uninstalling spamd email was transmitted to the mailserver.

    Telnet to pfSense:
    220 pfsense-sdsl.local ESMTP pfsense; Thu Jun 19 09:51:12 2008

    The System Log after my last installation:
    Jun 19 10:13:36 spamd[63806]: 212.227.126.171: disconnected after 122 seconds.
    Jun 19 10:13:25 spamd[63806]: 212.227.126.171: disconnected after 122 seconds.
    Jun 19 10:12:54 spamd[63806]: 212.227.126.187: disconnected after 122 seconds.
    Jun 19 10:12:28 spamd[63806]: 62.221.83.217: connected (5/0)
    Jun 19 10:11:50 spamd[63806]: 195.245.230.83: connected (4/0)
    Jun 19 10:11:34 spamd[63806]: 212.227.126.171: connected (3/0)
    Jun 19 10:11:23 spamd[63806]: 212.227.126.171: connected (2/0)
    Jun 19 10:11:20 spamd[63806]: 212.227.126.186: disconnected after 121 seconds.
    Jun 19 10:11:20 spamd[63806]: 62.221.83.217: disconnected after 355 seconds.
    Jun 19 10:11:07 spamd[63806]: 212.227.15.34: disconnected after 122 seconds.
    Jun 19 10:11:04 spamd[63806]: 195.245.230.83: disconnected after 354 seconds.

    Jun 19 09:51:12 spamd[63806]: 84.175.164.60: connected (2/0)
    Jun 19 09:49:26 spamd[63806]: 193.110.43.105: connected (1/0)
    Jun 19 09:48:06 spamd[63806]: 212.227.15.34: disconnected after 121 seconds.
    Jun 19 09:46:05 spamd[63806]: 212.227.15.34: connected (1/0)
    Jun 19 09:45:39 spamd[63806]: 212.227.15.35: disconnected after 121 seconds.
    Jun 19 09:43:38 spamd[63806]: 212.227.15.35: connected (1/0)
    Jun 19 09:43:18 spamd[63806]: 212.227.126.179: disconnected after 121 seconds.
    Jun 19 09:41:21 check_reload_status: reloading filter
    Jun 19 09:41:17 spamd[63806]: 212.227.126.179: connected (1/0)
    Jun 19 09:41:16 spamd[63806]: listening for incoming connections.
    Jun 19 09:41:16 spamd[63806]: listening for incoming connections.
    Jun 19 09:41:15 check_reload_status: reloading filter
    Jun 19 09:41:14 spamlogd[63714]: exiting
    Jun 19 09:41:14 spamlogd[63714]: exiting
    Jun 19 09:41:13 spamd[63716]: listening for incoming connections.
    Jun 19 09:41:13 spamd[63716]: listening for incoming connections.
    Jun 19 09:41:11 spamlogd[61840]: exiting
    Jun 19 09:41:11 spamlogd[61840]: exiting
    Jun 19 09:41:03 syslogd: kernel boot file is /boot/kernel/kernel
    Jun 19 09:41:03 syslogd: exiting on signal 15
    Jun 19 09:41:03 php: /pkg_mgr_install.php: Beginning package installation for spamd.

    I also tried to enable greylisting. After about 1/2 hour some white-entries appear in the list and email is being transmitted to the internal mailserver. But not all “ham”-servers went to white. After a few hours I disabled spamd again and everything was fine.

    I tried to add some SpamTrap addresses. But with the buttons on the right site nothing happens. After using “Add spam trap E-mail address“ I get the message that  “…@….de added to spam trap database”, but the type in the list does not change.

    I searched the forum and asked google. But did not find any answers to my problem.

    What is wrong with my configuration? Do I have to disable NAT and the firewall rule?

    Greetings and thanks in advance Markus



  • You need to be more patient with it.  When you first start up spamd the first time, all your connections are going to be greylisted for a while and for a short while all email will take forever to pass through your spam filter.  If you require a scenario where inbound mail from a new sender gets to you instantly, then this filter will not be appropriate for you.

    We started spamd in production on a Friday and by Monday most major senders were getting through without difficulty.  Obviously sites like gmail are a problem because they have so many ranges of IPs that send emails, but even this isn't a huge burden.

    Also keep in mind that the spamd package isn't finished yet.  There are a number of issues which have been reported to the developer and we're waiting for those fixes.



  • I just have seen that the whole port 25 systemwide is blocked when you install this package.

    This should not be done if you ask me.



  • then you have misconfigured spamd.  Port 25 is not blocked.



  • @submicron:

    then you have misconfigured spamd.  Port 25 is not blocked.

    When you install the package, you can't telnet your mailservers behind it anymore on port 25, at least that is what happened.

    Is the WAN IP becoming your MX record and it will always forward mails to the $mailservers ?

    It's kinda confusing and it should be nicer, I think, when this could be used as AntiSpam Proxy.



  • If you're NATing traffic to your mail server, you should already have your pfSense WAN (or a virtual IP address for a 1:1 NAT) set up as the MX record.  We have spamd set up and working wonderfully.  Many others have this system up and working.  It's really not that hard.



  • @submicron:

    If you're NATing traffic to your mail server, you should already have your pfSense WAN (or a virtual IP address for a 1:1 NAT) set up as the MX record.  We have spamd set up and working wonderfully.  Many others have this system up and working.  It's really not that hard.

    True, but itś not going to work for a transparent bridge, or you have to use bridging and natting on the same time.



  • heh, no spamd doesn't work with bridging, that's your issue.



  • @submicron:

    heh, no spamd doesn't work with bridging, that's your issue.

    Yep, bridging should be nice :)



  • @Matts:

    @submicron:

    heh, no spamd doesn't work with bridging, that's your issue.

    Yep, bridging should be nice :)

    Patches accepted.  I have no intention of supporting this without a bounty.



  • @sullrich:

    @Matts:

    @submicron:

    heh, no spamd doesn't work with bridging, that's your issue.

    Yep, bridging should be nice :)

    Patches accepted.  I have no intention of supporting this without a bounty.

    I see what I can do here.

    As I don't need it that much directly, but thought it was nice to check this out, I don't need it with a bounty, but maybe someone else.

    I will look for a patch too.


Log in to reply