This is a port of the OpenBSD spam deferral daemon spamd to Linux and iptables.
-
Make and install
$ make # make install -
Install config files
# mkdir /etc/obspamd # echo "@example.com" > /etc/obspamd/alloweddomains # cp etc/obspamd.conf.sample /etc/obspamd/obspamd.conf # $EDITOR /etc/obspamd/obspamd.conf -
Setup cron
Configure cron to run
/usr/local/sbin/obspamd-setuponce every few hours to setup any blacklists you've configured inobspamd.conf. -
Install required service entries
obspamdusesgetservbynameto find what ports to use:# cat etc/services >> /etc/services -
Redirect iptables logs to
obspamlogdMake iptables log all SMTP connections so
obspamlogdcan update its database:# iptables -A INPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "obspamlogd: " # iptables -A OUTPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "obspamlogd: "obspamlogdreads the above iptables kernel logs via a pipe. If you're using rsyslog, there is a sample config file you can use:# cp etc/rsyslog.conf /etc/rsyslog.d/obspamlogd.conf -
Setup iptables
Create a chain in the nat table where whitelisted connections are placed:
# iptables -t nat -N spamd-whiteSetup iptables to redirect incoming connections to
obspamd:# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 25 -j spamd-white # iptables -t nat -A PREROUTING -p tcp -m tcp --dport 25 -j REDIRECT --to-ports 8025 # iptables -t nat -A spamd-white -j RETURNYou also need to accept whitelisted connections to port 25 and 8025 (the
obspamdport):# iptables -A INPUT -p tcp -m tcp --dport 8025 -j ACCEPT # iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
OpenBSD spamd uses the ISC and BSD licenses. See each individual file for details.
It was done into a Ubuntu 14.04. It required:
- GNU make
- gcc
- libdb-dev