我有一个运行带有 spamd 的 OpenSMTPD 的 OpenBSD 7.1 邮件服务器。
我注意到 /var/log/maillog 中存在神秘的 IP 地址,例如:
smtp connected address=162.142.125.222 host=scanner-25.ch1.censys-scanner.com
这些 IP 不断被列入 spamdb 的白名单,我不希望发生这种情况。它们是否应该先与 spamd 通信,而不是直接与 SMTPD 通信?
我的 /etc/pf.conf 内容如下:
emailserver = "192.168.7.5"
email = "{ smtp, imaps }"
set skip on lo
block all
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
#pass in on egress proto tcp to any port smtp
pass in on egress proto tcp to any port submission
table <badhosts> persist file "/etc/badhosts"
table <sshguard> persist
table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"
block in quick from <sshguard>
block in quick from <badhosts>
pass in log on egress proto tcp to any port smtp \
divert-to 127.0.0.1 port spamd
pass in log on egress proto tcp from <nospamd> to any port smtp
pass in log on egress proto tcp from <spamd-white> to any port smtp
pass out log on egress proto tcp to any port smtp
pass log (to pflog1) proto tcp to $emailserver port $email
pass log (to pflog1) proto tcp from $emailserver to port smtp
我不明白为什么这些 IP 会被列入白名单。它们没有出现在 /etc/mail/nospamd 白名单中。
这和下面两条陈述有关系吗?
pass log (to pflog1) proto tcp to $emailserver port $email
pass log (to pflog1) proto tcp from $emailserver to port smtp
在阅读了《PF 之书》后,我尝试将外发电子邮件的 IP 添加到白名单,并添加了这两个语句并创建了 pflog1 接口。