Using spamd with IPFW. --------------------- FreeBSD port of the OpenBSD spamd is designed to work with IPFW or PF firewalls. This howto is related to the IPFW spamd mode. 1) To install spamd you need to compile yourkernel with the "options IPFIREWALL_FORWARD" option. 2) You will need to add rules to your firewall configuration script. E.g.: # bsd spamd rules set. Use table 1 and 2 for white and black listing ${fwcmd} add fwd 127.0.0.1,8025 tcp from table\(2\) to me 25 in ${fwcmd} add allow tcp from table\(1\) to me 25 in ${fwcmd} add fwd 127.0.0.1,8025 tcp from any to me 25 in 4) Then add to rc.conf lines like: obspamd_enable="yes" obspamd_flags="-m ipfw" see spamd(8) manual for additional keys. Also you need to use "-m ipfw" with spamd-setup and spamlogd utility. If you want to change default IPFW table number - use '-t' option. 5) If you are using greylisting and want to use spamd whitelist update daemon - 'spamlogd', you will need to setup netgraph interface for this. Here is an example: 5.1) Load netgraph modules: # kldload netgraph.ko # kldload ng_iface.ko # kldload ng_ipfw.ko 5.2) add IPFW rules to deny all traffic on pseudo interface. # ipfw add 1 deny ip from any to any via ng0 5.3) add IPFW rules to tee traffic to the netgraph system, using ng_ipfw. You need to add this line before 'allow tcp from table\(1\) to me 25 in' in your firewall configuration ${fwcmd} add ngtee 555 tcp from table\(1\) to me 25 in 5.4) Create ng0 interface and connect it to the ipfw hook: # ngctl mkpeer ipfw: iface 555 inet # ifconfig ng0 up 5.5) Add to rc.conf line like: obspamlogd_enable="YES" obspamlogd_flags="-m ipfw -l ng0" 5.6) Make startup script for the step 5.1-5.4 and add it to your startup commands. KNOWN BUGS AND LIMITATIONS * You need to create netgraph interface to catch tee packets. I plane to add direct divert support in the next versions of the spamlogd daemon. * IPFW child of the spamd is running with superuser permissions. This is because only superuser can change IPFW tables, and i don't think that this is a real problem.