1.\" $OpenBSD: spamd.8,v 1.35 2003/06/02 14:27:12 jmc Exp $ 2.\" 3.\" Copyright (c) 2002 Theo de Raadt. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24.\" 25.Dd December 18, 2002 26.Dt SPAMD 8 27.Os 28.Sh NAME 29.Nm spamd 30.Nd spam deferral daemon 31.Sh SYNOPSIS 32.Nm spamd 33.Op Fl 45d 34.Op Fl c Ar maxcon 35.Op Fl n Ar name 36.Op Fl p Ar port 37.Op Fl r Ar reply 38.Sh DESCRIPTION 39.Nm 40is a fake 41.Xr sendmail 8 Ns -like 42daemon which rejects false mail. 43If the 44.Xr pf 4 45packet filter is configured to redirect port 25 (SMTP) to this daemon, 46it will attempt to waste the time and resources of the spam sender. 47.Pp 48The options are as follows: 49.Bl -tag -width Ds 50.Pp 51.It Fl 4 52Return error code 450 to the spammer (default). 53.It Fl 5 54Return error code 550 to the spammer. 55.It Fl c Ar maxcon 56The maximum number of concurrent connections to allow. 57The default is 200. 58.It Fl d 59Debug mode. 60.Nm 61does not 62.Xr fork 2 63into the background. 64.It Fl n Ar name 65The SMTP version banner that is reported upon initial connection. 66.It Fl p Ar port 67Specify a different port number from the default port that 68.Nm 69should listen for redirected SMTP connections on. 70The default port is found by looking for the named service 71.Em spamd 72using 73.Xr getservbyname 3 . 74.It Fl r Ar reply 75The SMTP error to return to the spammer, i.e. 450, 451, 550. 76This defaults to 450. 77.El 78.Pp 79.Nm 80is designed to be very efficient so that it does not slow down the 81receiving machine. 82Spam is never accepted, but always rejected with either a 450 or 550 83error message. 84The normal way that spam has been dealt with in the past is to either 85accept and drop, or outright block. 86When configured to use 450 responses, 87.Nm 88takes neither of these actions: it rejects the mail back to the senders' 89queue. 90.Pp 91.Nm 92is best started from 93.Xr rc 8 94in conjunction with the 95.Xr spamd-setup 8 96which processes a list of spammers' addresses, and applies appropriate 97.Xr pfctl 8 98.Em rdr 99rules. 100.Xr spamd-setup 8 101is run from 102.Xr cron 8 . 103.Sh REDIRECTING SMTP CONNECTIONS 104With 105.Xr pf 4 , 106connections to port 25 (SMTP) can be redirected to another host or port, 107based on the source address of the sender. 108The 109.Em rdr 110rules used for this purpose are described in 111.Xr pf.conf 5 . 112The rules can be loaded into a 113.Em table 114to simplify handling. 115.Bd -literal 116 table <spamd> persist 117 rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025 118.Ed 119.Pp 120Any addresses in table 121.Em <spamd> 122are then redirected to 123.Nm 124running on port 8025. 125Addresses can be loaded into the 126.Em table , 127like: 128.Bd -literal 129 # pfctl -q -t spamd -T replace -f /usr/local/share/spammers 130.Ed 131.Pp 132.Xr spamd-setup 8 133can also be used to load addresses into the 134.Em <spamd> 135table. 136.Xr spamd-setup 8 137also has the added benefit of being able to remove addresses from 138blacklists, and will connect to 139.Nm 140over a localhost socket, giving 141.Nm 142information about each source of blacklist addresses, as well as custom 143rejection messages for each blacklist source 144that can be used to let any real person whose mail 145is deferred by spamd know why their address has been listed 146from sending mail. 147This is important as it allows legitimate mail 148senders to pressure spam sources into behaving properly so that they 149may be removed from the relevant blacklists. 150.Sh CONFIGURATION CONNECTIONS 151.Nm 152listens for configuration connections on the port identified by the 153named service 154.Em spamd-cfg 155(see 156.Xr services 5 ) . 157The configuration socket listens only on the INADDR_LOOPBACK 158address. 159Configuration of spamd is done by connecting to the configuration 160socket, and sending blacklist information, one blacklist per line. 161Each blacklist consists of a name, a message to reject mail 162with, and addresses in CIDR format, all separated by semicolons (;): 163.Bd -literal 164 tag;"rejection message";aaa.bbb.ccc.ddd/mm;aaa.bbb.ccc.ddd/mm 165.Ed 166.Pp 167The rejection message must be inside double quotes. 168A \e" will produce a double quote in the output. 169\en will produce a newline. 170%A will expand to the connecting IP address in dotted quad format. 171%% may be used to produce a single % in the output. 172\e\e will produce a single \e. 173.Nm 174will reject mail by displaying all the messages from all blacklists in which 175a connecting address is matched. 176.Xr spamd-setup 8 177is normally used to configure this information. 178.Sh FILES 179/etc/spamd.conf 180.Sh SEE ALSO 181.Xr pf.conf 5 , 182.Xr services 5 , 183.Xr spamd.conf 5 , 184.Xr pfctl 8 , 185.Xr spamd-setup 8 186.Sh HISTORY 187The 188.Nm 189command 190appeared in 191.Ox 3.3 . 192