1.\"	$OpenBSD: spamlogd.8,v 1.12 2007/03/04 09:58:22 jmc Exp $
2.\"
3.\" Copyright (c) 2004 Bob Beck.  All rights reserved.
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd February 16, 2004
18.Dt SPAMLOGD 8
19.Os
20.Sh NAME
21.Nm spamlogd
22.Nd spamd whitelist updating daemon
23.Sh SYNOPSIS
24.Nm spamlogd
25.Op Fl DI
26.Op Fl i Ar interface
27.Op Fl l Ar pflog_interface
28.Op Fl Y Ar synctarget
29.Sh DESCRIPTION
30.Nm
31manipulates the
32.Xr spamd 8
33database in
34.Pa /var/db/spamd
35used for greylisting.
36.Nm
37updates the
38.Pa /var/db/spamd
39whitelist entries whenever a connection
40to port 25 is logged to the
41.Xr pflog 4
42interface.
43The source addresses of inbound connections are whitelisted
44when seen by
45.Nm
46to ensure that their entries in
47.Pa /var/db/spamd
48do not expire if the connecting host continues to send legitimate mail.
49The destination addresses of outbound connections are whitelisted
50when seen by
51.Nm
52so that replies to outbound mail may be received without initial
53greylisting delays.
54Greylisting is explained more fully in
55.Xr spamd 8 .
56.Pp
57The options are as follows:
58.Bl -tag -width Ds
59.It Fl D
60Debugging mode.
61.Nm
62does not disassociate from the controlling terminal.
63.It Fl I
64Specify that
65.Nm
66is only to whitelist inbound SMTP connections.
67By default
68.Nm
69will whitelist the source of inbound SMTP connections, and the
70target of outbound SMTP connections.
71.It Fl i Ar interface
72Specify a network interface on which packets must arrive.
73The default is to watch for connections logged from any interfaces.
74.It Fl l Ar pflog_interface
75Specify a
76.Xr pflog 4
77interface to listen for connection notifications.
78The default is to watch for connections logged on
79.Dq pflog0 .
80.It Fl Y Ar synctarget
81Add a target to receive synchronisation messages; see
82.Sx SYNCHRONISATION
83below.
84This option can be specified multiple times.
85.El
86.Pp
87It is important to be sure to log any connections to and from your real
88MTA in order for
89.Nm
90to update the whitelist entries.
91An example
92.Xr pf.conf 5
93configuration for logging such connections is as follows:
94.Bd -literal -offset indent
95EXT_IF = "fxp0"
96MAILHOSTS = "{129.128.11.10, 129.128.11.43}"
97pass in log on $EXT_IF inet proto tcp to $MAILHOSTS \e
98	port smtp
99pass out log on $EXT_IF inet proto tcp from $MAILHOSTS \e
100	to any port smtp
101.Ed
102.Pp
103.Nm
104sends log messages to
105.Xr syslogd 8
106using facility
107.Em daemon .
108.Nm
109will log each connection it sees at level
110.Dv LOG_DEBUG .
111.Sh SYNCHRONISATION
112.Nm
113supports realtime synchronisation of whitelist states by sending
114the information it updates to
115a number of
116.Xr spamd 8
117daemons running on multiple machines.
118To enable synchronisation, use the command line
119.Fl Y
120to specify the machines to which
121.Nm
122will send messages when it updates the state information.
123For more information see
124.Xr spamd 8
125.Sh FILES
126/var/db/spamd
127.Sh SEE ALSO
128.Xr syslog 3 ,
129.Xr pflog 4 ,
130.Xr spamd.conf 5 ,
131.Xr pflogd 8 ,
132.Xr spamd 8 ,
133.Xr spamd-setup 8 ,
134.Xr spamdb 8 ,
135.Xr syslogd 8 ,
136.Xr tcpdump 8
137.Sh HISTORY
138The
139.Nm
140command first appeared in
141.Ox 3.5 .
142