# Firewall-Rules for spamd (pfspamd/obspamd)



## Ben (Sep 11, 2011)

Hi,

I followed this article to set up spamd: http://onlamp.com/pub/a/bsd/2007/01/18/greylisting-with-pf.html?page=1

However I have a problem then connecting to the Email-Server with my Mailclient.

How can I solve this? I did something wrong?

Thanks for help.


----------



## quintessence (Sep 12, 2011)

Hello,

By adding in /usr/local/etc/spamd.conf for example:


```
whitelist:\
    :white:\
    :method=file:\
    :file=/etc/mywhite:
```

Then, in /etc/mywhite add IPs you don't want to pass through spamd (e.g. your local network).Then restarting 2 daemons.

If you use default settings for greylisting you have to wait 25 minutes if you don't try again to send the same message. Or you can always drop spamd db file and then restart 2 daemons.


----------



## Ben (Sep 12, 2011)

Well, for dynamic IP-Adresses this is difficult or almost impossible to maintain.

I guess I will have to use another port for the clients then or let Postfix handle the Greylisting.

Thanks for your help.


----------



## quintessence (Sep 12, 2011)

Hello,

It is not problem to PF to translate hostname to an IP address, so you can also add hostname in /etc/mywhite.


----------



## Ben (Sep 12, 2011)

I don't know how the IP addresses are handled in Bulgaria, but here every 24h I get a new IP address which results in a new hostname (reverse lookup).

e.g. 12-23-44-55.dyn-hosts.provider.tld

After 24h your have

23-45-33-12.dyn-hosts.provider.tld

So this is no option


----------



## quintessence (Sep 12, 2011)

Hello,

No, this is not a hostname, it is a PTR.

You can use DynDNS service (multi-OS service) for example (there is a lot more like it) to get a hostname for your IP address, and then to place the hostname in the file.


----------



## Ben (Sep 12, 2011)

Right, I thought you were talking about PTR.

The DynDNS service might be a solution for a few systems/network, but is there a DynDNS-Service for the iPhone e.g?


----------



## quintessence (Sep 12, 2011)

Hello,

Yes, of course 
http://code.google.com/p/idyndns/ 

Try to search in Google.


----------

