Lately, there seems burst of spam bot attack, I see rising of spamhous blacklist queries from Postfix maillog, this does raise the network traffic and spamhous is blocking heavy queries even from small site.

OpenBSD spamd http://www.openbsd.org/spamd/ is the right tool to combat spam bot attack, it act as MTA front end protector, combined with OpenBSD packet filtering (PF), it stops spam reaching to MTA.

I setup the OpenBSD as transparent bridge firewall to filter smtp packet coming to my MTA, so there is no need to reconfigure the network, I have two ethernet interfaces (msk0, xl0) on OpenBSD, msk0 connect to switch port, xl0 connect to MTA with cross over ethernet cable. the configuration goes like this:
---------

external ethernet: (/etc/hostname.msk0)
inet ip_address 255.255.255.0 NONE

internal ehternet: (/etc/hostname.xl0)
up

bridge: (/etc/bridgename.bridge0)

add xl0 blocknonip xl0
add msk0 blocknonip msk0
up

/etc/rc.conf.local:

pf=YES
spamd_flags="-v -S 90 -n Postfix -h hostname_of_MTA -G 25:4:864"
spamd_grey=YES
pf_rules=/etc/pf.conf

/etc/pf.conf:

int_if="xl0"
ext_if="msk0"
admin_ip="my_admin_ip

table <spamd> persist
table <spamd-white> persist
table <whitelist> persist file "/etc/whitelist.txt"
table <blacklist> persist file "/etc/blacklist.txt"

#-------------------trick 0 start--------

no rdr proto tcp from <whitelist> to any

rdr on $ext_if inet proto tcp from <spamd> to port smtp \
-> 127.0.0.1 port spamd
rdr on $ext_if inet proto tcp from !<spamd-white> to port smtp \
-> 127.0.0.1 port spamd

# "log" so you can watch the connections getting trapped

pass in log on $ext_if route-to lo0 inet proto tcp to 127.0.0.1 port spamd

#-------------------trick 0 end-------------
#ssh
pass in quick on $ext_if inet proto tcp from $admin_ip to $ext_if port 22
block in on $ext_if inet proto tcp from any to $ext_if port 22

pass out on $ext_if
pass in on $int_if
pass out on $int_if

/etc/sysctl.conf:

net.inet.ip.forwarding=1

-------------------

That is all configurations, I run OpenBSD on a cheap PC bought from staples with only 300 bucks, since I put it in front of my MTA, It almost reduced 90% of spam traffic to my MTA, and Postfix, SpamAssassin just rest there, feels nothing to do.

While setting up a new user from Panther server, the user mailbox is not created automatically, leads to non-delieverble email to this user. it has always been working and why suddenly stops working as usual.run cyradm -u cyrus localhost and sam the_user_mailbox id all always give me system I/O error, so there is no way I could delete it, rename it...what about cyrus reconstruct command? so I su to user cyrus and run reconstruct -r user/the_user, it works, still not sure why the system misbehaves though???

I coded up a simple math subtraction addition script game using Asterisk Perl AGI library, this script will call Festival app to read question and answers to callers, check the script here:

http://bl0g.blogdns.com/asterisk/math.agi

Just setup text2speech software festival to work with asterisk, festival should be patched to work with asterisk, but there is simple way to patch it, read the festival.README in asterisk source contrib directory.

start festival first, then add extension in asterisk:

[incoming]

; incoming calls from the FXO port are directed to this context from zapata.conf

exten => s,1,Answer
exten => s,n,Festival(Welcome to open source asterisk pbx telephone system. this is vincent. press one reach me at office. press two reach me at home. press three leave me message. press four play subtraction addition game. press five listen my favorite song. press six ping an eye-p address type pound sign as dot)

With following config, I can make cheap long distance voip call to China

sip.conf

[voipstunt]
type=friend ; (or "peer" if we don't need incoming call)s
host=sip.voipstunt.com
disallow=all
allow=ulaw
allow=alaw
allow=gsm
allow=g726
username=myusername
fromuser=myusername
secret=secret
qualify=1000 ; optional
canreinvite=no ; new SIP servers don't like reINVITEs
dtmfmode=inband ; only inband currently works, and not that well

extensions.conf

[out-voipstunt]
; outgoing voipstunt
exten => _0086.,1,Dial(SIP/${EXTEN}@voipstunt)

[default]

; include outgoing voipstunt
include => out-voipstunt