spamd: Part Two

spamd

Configuring an external source in spamd within the pfSense GUI.

In our first article covering spamd, we covered installation and configured maximum blacklisted connections, maximum concurrent connections, greylisting and expiration times. In this article, we will continue configuring basic settings, and then cover setting up external sources and whitelisting.

Services -> SpamD is where we can configure spamd settings, and the third tab, “SpamD Settings“, is where we configure general settings. When we left off, we had not yet configured “Stutter Secs“. This is the specified amount of seconds a greylisted connection is stuttered (the default is 10 seconds). At the command line, this can be specified with: spamd -S secs (where “secs” is the number of seconds). Next is “Delay Secs“. This is the delay that each character sent to the client has (in seconds). The default is 1 second. This can be specified at the command line with: spamd -s secs. “Window Size” sets the socket receive buffer to the specified size (in bytes). The command line equivalent is: spamd -w window (where window=number of bytes). “NextMTA” will cause spamd to automatically send messages after being processed by spamd to the specified IP address. You can also use aliases here (e.g. $mailservers, $localnet). Finally, the “Enable RRD graphing” enables the graphing of spamd connection and disconnection stats. Press “Save” to save the settings.


It occurred to me that a list of the general spamd settings, along with their command line equivalents, might make an interesting table, so I made one:

Setting Command Line Equivalent Description
Identifier spamd -n name The SMTP version banner reported upon connection
Maximum blacklisted connections spamd -B maxblack The maximum number of concurrent blacklisted connections to allow in greylisting mode.
Max concurrent connections spamd -c maxcon The maximum number of concurrent connections to allow
Grey listing spamd -G passtime:greyexp:whitexp If enabled, connections from addresses not blacklisted will be considered for greylisting.
Passtime The amount of time (in minutes) a greylisted host must wait before resending an e-mail to avoid being blacklisted
Grey Expiration The amount of time (in hours) spamd will wait before removing a greylisted host from the greylist database if the host has not attempted to resend the initial e-mail
White Exp The amount of time (in hours) spamd will wait to remove a whitelisted host from the whitelist database if the host has not sent any e-mail in this amount of time
Stutter Secs spamd -S secs Stutter at greylisted connection for the specifying number of seconds
Delay Secs spamd -s secs Delay each character sent to the client by the specified number of seconds.
Window Size spamd -w window Set the socket receive buffer to the specifyied number of bytes
NextMTA NA Automatically send messages after being processed by spamd to this IP address/alias
Enable RRD graphing NA Enables the graphing of spamd connection and disconnection statistics

Configuring External Sources and Whitelisting Hosts

The first tab is “SpamD External Sources“; here you can configure spamd to use blacklists or whitelists provided by a remote source. By using an external source, you can ensure that your whitelists and/or blacklists are up-to-date, provided whoever maintains the external list is diligent in updating it. Press the “plus” button on the right side of the page to add a new source. In the “Provider Name” edit box you can enter the name of the source. The “Provider Type” dropdown box allows you to specify what type of list is maintained at the external source: “Black List” or “White List“. More than likely you will be using an external blacklist, but either one can be specified. You can also enter a description for the item at “Provider Description” and a custom “Reject message” for hosts on this provider’s list. You can also specify the provider method in the “Provider Method” dropdown: “File“, “URL“, or “Execute command“. Finally, you can enter the URL or filename in the “Provider URL or Filename” edit box. Press “Save” to save this source, or “Cancel” to exit without saving.

spamd

Adding a host to the whitelist in spamd.

The next tab is “SpamD Whitelist“. Here you can enter individual hosts to exempt from blacklisting. Click on the “plus” button on the right side to add an entry. Enter the IP address in the “Exempted IP” edit box, and enter a description in the “Description” edit box. Then press “Save” to save the entry or “Cancel” to cancel.

Finally, the “SpamD Database” tab allows you to view hosts that have been whitelisted, blacklisted, or greylisted. You can enter a filter in the “Filter by test” edit box, invert the filter with “Inverse filter (NOT)“, and set a limit for the number of items that show up in the results at the “Limit” edit box. The “Add spam trap E-mail address” edit box allows you to automatically trap any server trying to send e-mail to the specified address. This is useful if spammers are constantly sending e-mail to your domain, but to a nonexistent e-mail address. If an address is added to the spamtrap, their e-mails won’t get through, but the sender will automatically be added to the blacklist.

Conclusion

We have now completed installation and configuration of spamd under pfSense, but don’t let these two articles be the sum total of your knowledge about this awesome daemon. At the very least, you’ll probably want to read this article by Peter Hansteen, as well as some of the articles in the “External Links” section of this article. Although we’re done with this overview of spamd, I’m not done with spam-deferral yet: the advantages and disadvantages of greylisting and blacklisting will be the subject of a future article.


External Links:

spamd on Wikipedia

OpenBSD’s spamd man page.

Hitting back at spammers with OpenBSD and spamd at www.hungryhacker.com

Be Sociable, Share!

Speak Your Mind

*

© 2013 David Zientara. All rights reserved. Privacy Policy