At Calomel.org we were able to go from over 600 spam attempts per day hitting the mail server to less than one actually getting through (that host was subsequently blacklisted). The spammers are still knocking at the door, but they are talking to spamd and not the real mail server. Spamd is a lot more efficient than a mail server because it does not do DNS lookups or spam blacklist checks. It just expects the remote server to respect RFC protocols and try to deliver their mail again before being white listed. Simple, but powerful.
Setting up Spamd is incredibly easy and will not take more then a few minutes. Before we show the steps of setting up the daemon lets go through the basics of how spamd works, what the database entries look like and what you can expect from spamd.
How does it work?
Spamd works like this: When a remote mail server wants to deliver mail to your server it connects and sends the "From:" and "To:" headers. Spamd takes this information and puts it into a database (/var/db/spamd). The entry in the database is called a "tuple" made up of the three entries of remote ip address, "From:" and "To:" fields. Spamd does _not_ accept any other part of the email, like the body and thus it reduces bandwidth usage significantly.During the first connection and every subsequent connection until a host is white listed spamd will stutter sending and accepting data to 1 character per second for the first 25 seconds. After this period, the rest of the connection will go at full speed. The purpose of stuttering is to take up the time of the remote system because spammers get paid by the amount of mail the deliver. If we can slow their systems down then they make less money. Some spammers know about this stuttering and they will simply disconnect and go away. This is our goal.
Once we have the "tuple" in the database spamd sends the remote server the error "451 Temporary failure, please try again later." This means the remote server will need to try to send the email again at a later time. Legitimate mail servers like Sendmail, Postfix, Qmail, and proprietary mailers like Exchange are RFC compliant. They will send the email again and again until a timeout period (between 1 and 4 hours) at which the email is considered undeliverable.
Spamd's default config (-G25:4:864) is setup to make the remote server retry delivering the email for at least 25 minutes. After 25 minutes and before the grey timeout of 4 hours the remote server must attempt to deliver the email to be white listed. If the remote server does not try again before the timeout of 4 hours the database entry is deleted and they must go through the entire process again. If they try again between 25 minutes and 4 hours of the first connection they are white listed and their connection goes directly to the mail server for any future connections. A white listed connection will stay in the database for 864 hours (36 days) at which time if they have not connected again at least once they will be removed from the database.
When accepting mail spamd considers sending hosts to be of three types:
blacklisted hosts are redirected to spamd and tar pitted. They are communicated with very slowly at 1 character per second to consume the sender's resources. Mail is rejected with either a 450 or 550 error message making the sender machine use up CPU time and memory to queue the message. A blacklisted host will not be allowed to talk to a real mail server and will be stuttered at every time they connect.
greylisted hosts are redirected to spamd, but spamd has not yet decided if they are likely spammers. They are given a temporary failure message by spamd when they try to deliver mail. This means they must wait a period of time before they are allowed in. A real mail server will try to deliver its mail over and over for a period of time, sendmail for example is 4 hours before it gives up.
whitelisted hosts do not talk to spamd. White listed hosts sent to a real mail server and are not delayed at any time. This is because they have already gone through the grey listing method and are now considered a "mostly" trusted server. The remote host must still go through all of the normal mail daemon checks you may have setup.
What do the database entries look like?
To see the entries in the Spamd database you can execute the command "spamdb" without arguments. This will print out all of the entries in the database. You can use sort to help put the entries in order by typing "spamd | sort". All dates and times are in Unix time. Use the command "date -rA GREY "tuple" entry is keyed on the ip, From: and To: values. If the remote server has the same ip and sends a different From: or To: email address then it is a different "tuple" and will entered as a different database entry. Here is an example of a single GREY listed database entry of spamd:
GREY|87.182.96.240|p57b660f0.dip.t-dialin.net|A GREY listed entry is a "tuple" that has not been whitelisted yet.| |1200326584|1200337384|1200337384|1|0
- 87.182.96.240 - remote ip address (p57B660F0.dip.t-dialin.net)
- p57b660f0.dip.t-dialin.net - hostname the remote server said they were (can be fake)
- tennis5@pctcu.com - the "From:" email header (can be fake)
- spamd@your_host.org - the "To:" email header (can be fake)
- 1200326584 - the first time we have see this "tuple" connect
- 1200337384 - when this "tuple" was whitelisted (not applicable since it is still GREY listed)
- 1200337384 - when this "tuple" will be remove from the database (same number as above)
- 1 - how many times the host has tried to deliver mail while greylisted
- 0 - how many times a whitelisted entry delivered mail to the real mail server (not applicable since it is still GREY listed)
A WHITE listed entry is an ip address that has passed the spamd checks and can deliver mail without interruption.
WHITE|192.43.244.163|||1200074938|1200076797|1203439747|2|131A WHITE entry is only keyed on an ip address. All email is sent to the real mail server bypassing spamd.
- 192.43.244.163 - remote ip address (lists.openbsd.org)
- 1200074938 - the first time we saw the host connect
- 1200076797 - when this entry was whitelisted
- 1203439747 - when this entry will be remove from the database if no new emails are seen
- 2 - how many times the host tried to deliver mail while greylisted
- 131 - how many times a whitelisted entry delivered mail to the real mail server
If you are using OpenBSD or FreeBSD then you may also want to check out the highly secure mail daemon on our OpenSMTPD "how to" (smtpd.conf) Guide.
Example 1: Protect a real mail server by front ending it with Spamd
The first example is the most useful. We are going to put spamd in front of a real mail server. This will protect the mail server and allow it to deal with the real mail instead of the deluge of spam. The idea is: if the host is whitelisted they will go to the mail server. If the host is grey or black listed they will goto spamd.First, put the following entries into the /etc/rc.conf.local file.
## Add the following to /etc/rc.conf.local # spamd_flags="-G25:4:864 -h your_hostname.org -l127.0.0.1 -n \"Sendmail 8.11.4/8.11.1\" -S10 -s1 -v" spamd_black=NO spamlogd_flags="-I -i lo0"These will start spamd with the following options:
- -4 - return error code 450 "Requested mail action not taken: mailbox unavailable" to the spammer. This is really not needed. The default error code 451 "Requested action aborted: local error in processing" is more successful in getting spammers to reconnect.
- -G25:4:864 - adjust the three time parameters for grey listing to pass time of 25 minutes, grey expire to 4 hours, and white expire time to 864 hours, approximately 36 days. (-G passtime:greyexp:whiteexp)
- -h your_hostname.org - tell yet to be whitelisted hosts your hostname is "your_hostname.org"
- -l127.0.0.1 - listen on local host only
- -n \"Sendmail 8.11.4/8.11.1\" - tell yet to be whitelisted hosts your email server is this string. Since spammers are malicious it is best to annonomize your mail server. You can put anything here like a false mail server name or even a something making fun of spammers. We especially enjoy posting movie quotes like, "Obi-Wan: These aren't the droids you're looking for."
- -S10 - stutter at greylisted/blacklist hosts for the first 10 seconds of the connection (allowed 1-90)
- -s1 - stutter at a speed of 1 character per second (allowed 1-10)
- -v - verbose logging to the "daemon" log file. This will tell spamd to report the From: and To: fields in the logs.
How long should the pass time be? (-G25:4:864 "default 25 minute pass time")
The pass time is the amount of time we will grey list an ip address's "tuple" before they must connect again to be white listed. This pass time is used to keep spammers out by delaying mail delivery for newly seen ip addresses. Spammers are impatient as they get payed per delivered email, not per email delivery attempt. Spamd is used to delay their delivery attempts in order to reduce their profit margins.
According to RFC 2821 a mail server must try to deliver the same piece of mail for no less than 4 to 5 days using a 30 minute interval between retries. It is possible that a remote mail server is down so the sending system should retry again and again to deliver its mail, but not be abusive. This is a good place to start as most spammers will attempt to deliver their mail for much less time (see the following scrollable window). We do not suggest going higher than 60 minutes because some web mail sites like MSN will stop delivering mail after one hour is violation of RFC.
We suggest setting the pass time to as high as you are comfortable with. Use a time between 20 and 55 minutes. You are welcome to set it as low as 2 minutes, but it is possible that some spammers might get white listed. After setting up spamd take some time, go through the logs and look for patterns. Adjust the pass time as necessary.
The following scrollable window shows a sample of verified spammer ip addresses which connected to calomel.org, how many times they connected and for how long (duration). After the duration they disconnected and were not seen using the same "tuple" for at least 4 hours. For example, the ip 91.147.198.157 made 10 attempts using 10 different "tuples" in 12 minutes. Since they did not try to deliver the same "tuple" past the "pass time" of 25 minutes they were never white listed.
attempts ip address duration 10 91.147.198.157 12 min 10 213.203.110.103 8 min 6 81.195.17.214 2 min 5 91.122.244.158 2 min 5 88.231.111.22 14 min 5 87.69.100.123 12 min 5 86.70.206.253 15 min 5 86.49.88.124 11 min 5 85.110.92.70 14 min 5 84.101.16.108 12 min 5 83.27.72.227 17 min 5 82.210.155.134 6 min 5 81.190.157.126 5 min 5 78.37.199.149 16 min 5 77.41.85.134 6 min 5 70.67.160.112 6 min 5 61.19.30.194 6 min 5 61.187.188.110 3 min 5 60.21.69.179 3 min 5 60.14.136.106 7 min 5 59.38.200.134 3 min 5 58.18.85.138 6 min 5 222.91.172.250 5 min 5 221.216.37.155 3 min 5 220.76.48.226 6 min 5 219.159.63.15 6 min 5 219.130.66.30 5 min 5 218.23.86.11 6 min 5 218.201.44.54 5 min 5 200.104.24.70 8 min 5 190.157.45.66 3 minUsing a "passtime" of 25 minutes should work fine. Test out how people connect to your server and increase or decrease as necessary. We prefer our settings to be on the high side ( more than 25 min) as only one in 1000 spammers might get through. The negative is it will take longer for a new ip to get white listed and longer for that first piece of mail to be delivered. Remember, once the ip is whitelisted they go directly to the real mail server and are not delayed.
What about spamlogd? Please use the "-I -i lo0" argument.
Spamlogd is the white list updater. It watches mail from ip addresses using the log facility of pf. Spamlogd updated the spamd-white list table used in the rules of pf.conf. When hosts connect, spamlogd sees the successful delivery and updates the spamdb database for that ip. It advances the last column counting how many emails were delivered and it resets the whiteexp entry to give the ip another 864 hours (36 days) to connect again. In order for spamlogd to work properly you must add the "log" directive onto the pf rules that pass connections to and from your real mail server.
As of OpenBSD v4.7, spamdlogd will white list ip address that connect to your real smtp daemon (sendmail, postfix, etc.) _AND_ hosts that your mail server connects to. The idea being that if you send mail to a mail server then you would want that mail server to reply without having to go through spamd.
The problem is if you are NAT'ing connections from your firewall to randomize outgoing ports like we do in the Calomel.org pf.conf. Lets say a spammer sends us mail. We accept the connection and then we NAT the return TCP connection back to the spammer. By NAT'ing the outgoing return connection spamlogd sees this as if our box is initiating a connection back to them. Spamlogd will then white list the spammer on their very first attempt! When the spammer connects a second time they are already in the spamd-whitelist table and they sail through to the real mail server. Not good. So, in order to be safe execute spamlogd with the "-I" argument, for example "spamlogd -I -i lo0". This specifies spamlogd is only to whitelist _inbound_ SMTP connections.
IMPORTANT: If you need some assistance with Pf then check out our Pf firewall config "how to" which explains all the options of pf and includes fully working examples.
Setting up pf
Next, we need to setup Pf to send mail that has been whitelisted to the real mail server and all other mail to spamd to be greylisted. This will involve setting up a persistent Pf table called
The following rules will do this; if the host is in the
## Add the following to /etc/pf.conf ################ Tables #################################### # tablepersist # ################ Translation ############################### # # Mail Server ( external mail to mail server through spamd ) match in log on $ExtIf inet proto tcp from to ($ExtIf) port smtp received-on $ExtIf tag SMTPD rdr-to lo0 port smtp match in log on $ExtIf inet proto tcp from ! to ($ExtIf) port smtp received-on $ExtIf tag SPAMD rdr-to lo0 port spamd # ################ Filtering ################################# # # $ExtIf inbound pass in log on $ExtIf inet proto tcp from to lo0 port smtp synproxy state tagged SMTPD pass in log on $ExtIf inet proto tcp from ! to lo0 port spamd synproxy state tagged SPAMD
Checking /etc/mail/spamd.conf
The spamd.conf file is used to list out black list files. We do _not_ suggest using blacklist because of the unknowns involved in their collection. We do not know what affiliations the people collecting the ips may have or their agenda. To be safe we suggest avoiding blacklists. Use spamd to make your own lists.
The following is all you need in your /etc/mail/spamd.conf as to void out all black lists.
all:\ ::
HELPFUL HINT: For an added layer of protection again spam you can use a bayesian spam filter. Check out our Bogofilter "how to" Anti-Spam Guide. With a little time and understanding you could easily filter up to 99% of any remaining spam.
Optional: Greytrapping by seeding an email address spammers are supposed to find
Greytrapping is the seeding of an email address so that spammers can find it, but normal users can not. If the email address is used then the sender must be a spammer and they are black listed.
Lets use the email address "greytrap@your_domain.org" as an example. If we took this email and put it in the source HTML of our web site normal humans would not see it. Spammers on the other hand use web page scrapers and bots to harvest email address; so they would find this address.
When the spammer sends mail with the destination address of "greytrap@your_domain.org" spamd knows this is a spammer and SPAMTRAP's them. When a host that is currently greylisted attempts to send mail to a spamtrap address, it is spamtrapped for 24 hours by adding the host to the spamd spamlist
You can add as many spamtrapped email address as you want. We even suggest looking through the logs and seeing what invalid addresses spammers are sending mail to. You can then add these addresses too.
To enter a greytrap email into the spamd database use the following format. You can add multiple spamtrap email addresses.
spamdb -T -a 'greytrap@your_domain.org'To seed the SPAMTRAP email address in HTML use the following format. It looks like a real email address to the spammer's bots, but it will not be visible to any humans looking at the web page.
Optional: Greytrapping all but allowed domains and email addresses
The file /etc/mail/spamd.alloweddomains can contain a list of allowed domains and addresses which are allowed to go through the grey listing process. They are _not_ whitelisted, just allowed to prove they are good hosts by going through the grey list process. Think of it as a white list of acceptable domains or emails this machine will be willing to receive. If a remote machine is not sending mail to a valid address then they should not be contacting us.
spamd.alloweddomains can be used to specify a list of domain name suffixes or full email addresses which must match each destination email address in the grey list. Any destination address which does not match one of the suffixes listed in spamd.alloweddomains will be trapped, exactly as if it were sent to a spamtrap address. When a host that is currently greylisted attempts to send mail to a spamtrap address, it is blacklisted for 24 hours by adding the host to the spamd blacklist
In our pf example about we only have two rules, spamd-white and not (!) spamd-white. Since a host in the spamd-greytrap table is not in spamd-white then it will be stuttered at for as long as the remote machine is connected.
This is one of the most powerful options in spamd. If you can keep a list of valid email addresses current in the spamd.alloweddomains file then all other attempts will be grey trapped. At Calomel.org, this grey trapping option traps over 99% of the spammers and leaves our real mail server to handle real mail.
For example, if spamd.alloweddomains contained the following:
@your_domain.org critical.com mary@your_domain.orgThe following addresses will _NOT_ be spam trapped:
mary@your_domain.org frank@your_domain.org bob@critical.com bobby@nobby.critical.com robert@whoop.critical.comThe following address _WILL_ be spam trapped:
baker@test.your_domain.org - invalid sub domain marge@machine.your_domain.org - invalid sub domain bob@wrong_nam.com - not your hostname
Starting Spamd in grey list mode
To get spamd working you can reboot the box and make sure that the spamd processes have started. You should see the user "_spamd" running on ports 8025 and 8026. If you run "ps -aux | grep spamd" you should see the following processes listed:
root@machine: ps -aux | grep spamd _spamd 22041 0.0 0.1 9804 1160 ?? Is Mon11AM 0:01.59 spamd: (pfupdate) (spamd) _spamd 22052 0.0 1.0 9748 10276 ?? S Mon11AM 0:01.99 spamd: [priv] (greylist) (spamd) _spamd 22063 0.0 0.1 9848 1236 ?? S Mon11AM 0:00.14 spamd: (/var/db/spamd update) (spamd) _spamd 22074 0.0 0.1 560 1124 ?? Ss Mon11AM 0:02.29 /usr/libexec/spamlogd -I -i lo0
Grey list mode activated
Now, all you have to do is wait for remote mail servers to connect and get grey listed. Use the command "spamd" to list out the database and watch as the hosts get trapped. When a valid mail server connects after the grey list time (25 minutes) and before the greylist timeout (4 hours) they will be whitelisted. Those host will then connect directly to the real mail server. All other hosts who do not connect again will have their entries delete from the database and they will have to start the process all over again.
IMPORTANT NOTE: web mail sites that use multiple mail servers to deliver one email
Web mail services like Google, Hotmail and some other sites use multiple email servers. This would not normally be a problem for grey listing except those services randomly attempt to deliver a single email from any of the mail servers in the pool. The first attempts comes from server_1 then the second from server_3 and the third might be attempted from server_1 again. This causes a problem with grey listing because it is possible that none of the mail servers will be used more than a few times to try to deliver the email. Thus, none of the servers will get white listed.To fix this problem we have a few options:
Normal Volume Site: If your site gets enough emails from services like Google, Hotmail, etc then they will eventually get whitelisted due to the amount of mail being sent. You would really only need 5-10 emails to be sent at once to your mail server for all of the Gmail servers to eventually be whitelisted within an hour or so. With enough email grey listing is not a problem.
Low Volume Site: If your mail server is a personal server and you do not get a lot of emails then you may have a problem with Google, Hotmail, etc. You also have a few options available.
Option 1: You could manually whitelist the servers according to the MX records registered to the services. You would only need to white list less than 50% of them as the odds are that a single email will hit at least one of the whitelisted servers during attempted delivery. The rest of the servers will be whitelisted automatically over time.
Option 2: You could watch or have a script monitor the logs and send yourself an alert if one of the servers in question connect. This is more hands on, but it should only take a week or so to find all of the ip in question.
Option 3: Once they are white listed you can extend the whitelist time of 864 hours (-G25:4:864) with a script. If you grep for all the white listed entries and just add the ips again using "spamdb -a "ip" it will extend the whitexp time another 36 days (864 hours). Here is a shell script called "spamd_extend_whitelist.sh" that will list out the WHITE ips from spamdb and refresh their white expire time to 36 days. Run it in a cron job on the first of the month to, in effect, have a permanent white list. FYI: every time you use "spamdb -a" on an ip it looks like another new email was delivered according to spamd. In effect, the last column in the spamdb database updates by one.
#!/bin/sh # ## Calomel.org .:. spamd_extend_whitelist.sh # for i in `spamdb | grep WHITE | awk -F "|" '{print $2}'`; do /usr/sbin/spamdb -a $i doneOption 4: If the white listed ips are always going to be allowed then setup another table in Pf, put the white listed ips in there and always forward them to the real mail server.
Option 5: You could setup your own account on the free services and send yourself 10 emails at once. Looking at the spamd database you will see all of the ips that connect and they should get white listed normally. If not, just manually white list them.
Grey list unfriendly hosts: Some hosts use unique sender ids when delivering mail. Other will attempt to deliver mail once and never again. If you expect to receive mail from these types of host then they should be whitelisted manually. Use the script "spamd_whitelist.sh" and a pf table to redirect these types of hosts directly to your mail server.
How about a script? White listing using "spamd_whitelist.sh"
Whitelist script: spamd_whitelist.sh :If you wanted to create a whitelist of the most common grey list friendly mail servers that would also be a good option. Here is a script that will dig the host names of the listed domains and make a text file with the results.#!/bin/sh # ## Calomel.org spamd_whitelist.sh # FILE=spamd-spf.txt rm -f $FILE touch $FILE ### This first list are for domains who have SPF records. for domain in \ aol.com \ apple.com \ amazon.com \ s._spf.ebay.com \ m._spf.ebay.com \ p._spf.ebay.com \ p2._spf.ebay.com \ c._spf.ebay.com \ gmx.net \ _spf.google.com \ spf-a.hotmail.com \ spf-b.hotmail.com \ spf-c.hotmail.com \ spf-d.hotmail.com \ _spf-a.microsoft.com \ _spf-b.microsoft.com \ _spf-c.microsoft.com \ southwest.com do echo \#$domain >> $FILE; dig $domain TXT +short | tr "\ " "\n" | grep ^ip4: | cut -d: -f2 >> $FILE; done ### This second list is for domains you specifically want to allow ### that may not be publicly available or do not have SPF records. echo \#privatelist >> $FILE; for privatelist in \ 10.0.0.0/8 \ 127.0.0.0/8 \ 172.16.0.0/12 \ 192.168.0.0/16 do echo $privatelist >> $FILE; doneOutput of spamd_whitelist.sh would look similar to this:
#aol.com 152.163.225.0/24 205.188.139.0/24 205.188.144.0/24 205.188.156.0/23 205.188.159.0/24 64.12.136.0/23 64.12.138.0/24 64.12.143.99/32 64.12.143.100/32 216.34.51.0/24 #_spf-a.microsoft.com 216.99.5.67 216.99.5.68 207.46.50.82 #_spf-b.microsoft.com 131.107.65.22 217.77.141.52 217.77.141.59 #_spf-c.microsoft.com 203.32.4.25 131.107.70.12 131.107.70.16 86.61.88.25 ...many more lines...Now that you have a list of hosts you can add them all as white list entries to a PF table we will call "company-white". We have to make a PF table because we can not add CIDR-formatted network blocks (i.e. 192.168/16 or 10/8) to spamdb. Using the following three(3) lines in pf will populate the table, redirect traffic and pass the packets to the mail server.
################ Tables #################################### tablepersist file "/tools/pf_company_whitelist" ################ Translation ############################### rdr on $ExtIf inet proto tcp from to ($ExtIf) port smtp tag SMTPD -> lo0 port smtp ################ Filtering ################################# pass in log on $ExtIf inet proto tcp from to lo0 port smtp flags S/SA synproxy state tagged SMTPD
Example 2: Run Spamd with the sole purpose of annoying spammers
If you do not run a real mail server, but wish to annoy spammers then using spamd in blacklist mode is perfect. It will trap any connection sent to port 25 of your ip/host and stutter the connection. This will waste the time and queue memory of the remote system. The theory being, if you do not have a real mail server then why would a host connect to you unless they are a spammer.Add the following lines. The line "spamd_black=YES" turns black list only mode on.
## Add the following to /etc/rc.conf.local # spamd_flags="-G25:4:864 -h your_hostname.org -l127.0.0.1 -n \"Sendmail 8.11.4/8.11.1\" -S10 -s1 -v" spamd_black=YES spamlogd_flags="-I"These will start spamd with the following options:
- -4 - return error code 450 "Requested mail action not taken: mailbox unavailable" to the spammer. This is really not needed. The default error code 451 "Requested action aborted: local error in processing" is more successful in getting spammers to reconnect.
- -G25:4:864 - adjust the three time parameters for grey listing to pass time of 25 minutes, greyexp to 4 hours, and white expire time to 864 hours, approximately 36 days
- -h your_hostname.org - tell yet to be whitelisted hosts your hostname is "your_hostname.org"
- -l127.0.0.1 - listen on local host only
- -n \"Sendmail 8.11.4/8.11.1\" - tell yet to be whitelisted hosts your email server is this string. Since spammers are malicious it is best to annonomize your mail server. You can put anything here like a false mail server name or even a something making fun of spammers.
- -S10 - stutter at greylisted/blacklist hosts for the first 10 seconds of the connection (allowed 1-90)
- -s1 - stutter at a speed of 1 character per second (allowed 1-10)
- -v - verbose logging to the "daemon" log file. This will tell spamd to report the From: and To: fields in the logs.
Setting up pf
Now, add the following to your pf.conf. All these rules do is direct all connections from any remote host to port 25 on your machine directly to spamd. There they will be stuttered at and their time wasted.
## Add the following to /etc/pf.conf # ################ Translation ############################### # # Spamd ( external mail attempts to spamd server ) rdr on $ExtIf inet proto tcp from any to ($ExtIf) port smtp tag SPAMD -> lo0 port spamd # ################ Filtering ################################# # # $ExtIf inbound pass in log on $ExtIf inet proto tcp from any to lo0 port spamd flags S/SA synproxy state tagged SPAMD
Checking /etc/mail/spamd.conf
The spamd.conf file is used to list out black list files. We do _not_ suggest using blacklists because of the unknowns involved in their collection. We do not know what affiliations the people collecting the ips may have or their agenda. To be safe we suggest avoiding blacklists. Spamd in blacklist mode stutters all connections so this is really a moot point.
The following is all you need in your /etc/mail/spamd.conf as to void out all black lists.
all:\ ::
Starting Spamd in black list mode
To get spamd working you can reboot the box and make sure that the spamd processes have started. You should see he user "_spamd" running on port 8025. If you run "ps -aux | grep spamd" you should see the following processes listed:
root@machine: ps -aux | grep spamd _spamd 22063 0.0 0.1 9848 1236 ?? S Mon11AM 0:00.14 spamd: (/var/db/spamd update) (spamd) _spamd 22074 0.0 0.1 560 1124 ?? Ss Mon11AM 0:02.29 /usr/libexec/spamlogd -I
Black list mode activated
Now, all you have to do is wait for remote mail servers to connect and they will be blacklisted. If you use the program "pftop" or use the command "systat states" you can watch the connections.
No comments:
Post a Comment