‘spamd’ works indepedently of your Mail Transfer Agent (MTA) such as sendmail, postfix, and smptd
Table of Contents
Basic configuration is to use OpenBSD’s Packet Filter (PF) to route traffic into spamd and once spamd lets it through then it passes the connection through to your MTA.
File extract: /etc/pf.rules/spamd_settings.conf
Allow all ‘whitelisted’ servers to bypass spamd. If a packet fits this rule, then ‘quick’ complete and do not evaluate any further rules.
pass in quick log (to pflog1) on egress proto tcp from { <bgp_spamd_bypass>, <nospamd>, <spamd-white> } \
to (egress) port { smtp, smtps } flags S/SA modulate stateSend previously detected spammers into spamd to hurt them.
pass in quick log (to pflog1) proto tcp from { <bgp_spamd>, <spamd> } \
to (egress) port { smtp, smtps } rdr-to 127.0.0.1 port spamdEverything else gets passed through to your MTA with standard rate limiting.
pass in log (to pflog1) proto tcp from any \
to (egress) port { smtp, smtps } flags S/SA modulate state \
(max-src-conn 50, max-src-conn-rate 25/5, overload <bruteforce> flush global)File extract: /etc/pf.rules/spamd_rules.conf
File extract: /etc/hostname.pflog1
up description "spamlogd logging interface"