Using OpenBSD's spamd as a greylist mail filter

I have an exchange server that doesn't do a very good job of filtering spam. The server sits inside the firewall/NAT and is reached through port-forwarding. I wanted to stick a device in between the Exchange server and the firewall to filter spam, so I needed a device that would work as a bridge and would not require any changes to my firewall or mail server. Spamd works with the pf firewall to redirect smtp traffic that is passing through the bridge to the spamd process. Once a server's IP address is added to the whitelist by spamd, traffic from that machine passes through the bridge unfiltered. Outbound SMTP traffic is also unfiltered. The users are unaffected because Microsoft Outlook doesn't use SMTP to inject mail into the server, and so the only thing that should be talking to port 25 (SMTP) should be other mail servers.

I have no idea what I'm doing, although this has worked for me. Remember: I'm not a BSD expert. I only interview them.

Later I put sendmail in the middle to see if I could solve some ESMTP problems with Exchange. I was getting some incoming timeouts, which might be related to the BDAT verb that is advertised through the CHUNKING verb in exchange server. I guess some email filters don't understand BDAT, so they block it in the middle of the SMTP session. I followed MS Article 257569 to try to turn off CHUNKING, but I was tired of waiting for it to take effect. I set up sendmail to just receive mail for my domain and bounce it through to the Exchange server. This is done by setting the normal sendmail flags in /etc/rc.conf.local, and then adding one line to /etc/mailertable and /etc/access. You add "mydomain.tld esmtp:[exchange.server.tld]" to the mailertable, and add "mydomain.tld RELAY" to access table. I then asked our firewall to forward SMTP connections to the spamd box.

Another quick script:


echo -n "IP address of host:"
read host
echo "Appending $host to $whitelist_file"
echo $host >> $whitelist_file
echo "Promoting $host to a WHITE entry in spamdb"
spamdb -a $host
echo "Restarting pf..."
pfctl -d ; pfctl -e -f $pf_file