No idea whether spamd is working or not

D

dennylin93

I recently installed mail/spamd, and I'm using it for blacklists. The problem is I have no idea whether spamd is loading the blacklists at all.

I tried adding a "debug" blacklist as well, but it didn't work. Nothing pops up when I use # pfctl -t spamd -T show unless IPs are added manually.

My settings:
/etc/rc.conf:
Code: 
obspamd_enable="YES"
obspamd_flags="-v -n 'spamd' -b"

/etc/pf.conf:
Code: 
table <sshguard> persist
rdr proto tcp from <spamd> to any port smtp -> 127.0.0.1 port spamd

/usr/local/etc/spamd/spamd.conf:
Code: 
all:\
        :uatraps:nixspam:

# University of Alberta greytrap hits.
# Addresses stay in it for 24 hours from time they misbehave.
uatraps:\
        :black:\
        :msg="Your address %A has sent mail to a ualberta.ca spamtrap\n\
        within the last 24 hours":\
        :method=http:\
        :file=www.openbsd.org/spamd/traplist.gz

# Nixspam recent sources list.
# Mirrored from http://www.heise.de/ix/nixspam
nixspam:\
        :black:\
        :msg="Your address %A is in the nixspam list\n\
        See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
        :method=http:\
        :file=www.openbsd.org/spamd/nixspam.gz

I'm logging to a file, but I rarely get any spam, so nothing might show up for a few weeks. How can I confirm that the blacklists actually work? Thanks.
 
If you view the log which in my case is

Code: 
/var/log/spamd.log

don't you see the keyword
Code: 
(BLACK)
in it?

You can use this tool to see what is in the spamdb database

# spamdb |less
 
I'm only using blacklisting, so spamdb isn't in use. I tried adding a custom blacklist for debugging, but when I tried to connect, nothing showed up in the log.

Does # pfctl -s spamd -T show show the IPs that have been loaded from the blacklists?
 
First of all, to view the contents of a table in pf
# pfctl -Ts -t tablename

Second, to view which tables are active
# pfctl -sT

Mainly I use spamd for greylisting, although I use some blacklists. If an entry that is blacklisted connects to my mail server I see the keyword "BLACK" in my log.
 
I got fed up with spamd and made a script to update the blacklists hourly instead:
Code: 
#!/bin/sh

PATH=/etc/pf/spamd
FETCH=/usr/bin/fetch
GUNZIP=/usr/bin/gunzip
PFCTL=/sbin/pfctl
RM=/bin/rm

# Fetch blacklists
$FETCH -q -o $PATH/traplist.gz http://www.openbsd.org/spamd/traplist.gz
$FETCH -q -o $PATH/nixspam.gz http://www.openbsd.org/spamd/nixspam.gz

# Gunzip files and add IPs to <spamd>
$GUNZIP -c $PATH/traplist.gz | $PFCTL -q -t spamd -T replace -f -
$GUNZIP -c $PATH/nixspam.gz | $PFCTL -q -t spamd -T add -f -

Thanks anyway.
 
A small update.

I found out why the blacklists didn't load. Although I was running obspamd with -b, the command that updates the lists, spamd-setup, doesn't append -b automatically (looks like a bug in /usr/local/etc/rc.d/obspamd). Doing # spamd-setup -bD manually does the trick. I'll try to correct the error and send a patch.
 
You must log in or register to reply here.
Back
Top