{"id":3191,"date":"2026-05-02T12:42:28","date_gmt":"2026-05-02T03:42:28","guid":{"rendered":"https:\/\/www.next-hop.net\/blog\/hiraga\/?p=3191"},"modified":"2026-05-08T09:34:09","modified_gmt":"2026-05-08T00:34:09","slug":"sendmail-with-blacklistd","status":"publish","type":"post","link":"https:\/\/www.next-hop.net\/blog\/hiraga\/freebsd\/sendmail-with-blacklistd\/","title":{"rendered":"blacklistd\u3067Sendmail\u3078\u306e\u653b\u6483\u3092\u30d6\u30ed\u30c3\u30af\u3059\u308b"},"content":{"rendered":"

\u524d\u56de\u306eblacklistd\u3067sshd\u3078\u306e\u653b\u6483\u3092\u30d6\u30ed\u30c3\u30af\u3059\u308b<\/a>\u306b\u7d9a\u304d\u3001\u4eca\u56de\u306f\u540c\u69d8\u306bSendmail\u3078\u306e\u653b\u6483\u3092\u30d6\u30ed\u30c3\u30af\u3057\u307e\u3059\u3002
\n\u3057\u304b\u3057\u3001OS\u30d0\u30f3\u30c9\u30eb\u7248Sendmail\u306fblacklistd\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u307e\u305b\u3093\u306e\u3067\u3001ports\u304b\u3089sendmail\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3053\u3068\u3067\u5b9f\u73fe\u3057\u307e\u3059\u3002<\/p>\n

Ansible Playbook<\/h3>\n

\u30bf\u30b9\u30af\u306bports_sendmail.yaml\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n

roles\/freebsd\/tasks\/main.yml<\/h4>\n
\r\n- name: blacklistd\r\n  import_tasks: blacklistd.yaml\r\n\r\n- name: sshd\r\n  import_tasks: sshd.yaml\r\n\r\n- name: sendmail\r\n  import_tasks: ports_sendmail.yaml\r\n<\/pre>\n
\u30cf\u30f3\u30c9\u30e9\u30fc\u306bsendmail\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n
roles\/freebsd\/handlers\/main.yml<\/h4>\n
\r\n- name: Reload sshd service\r\n  service:\r\n    name: sshd\r\n    state: reloaded\r\n  listen:\r\n    - reload_sshd\r\n\r\n- name: Restart blacklistd service\r\n  service:\r\n    name: blacklistd\r\n    state: restarted\r\n  listen:\r\n    - restart_blacklistd\r\n\r\n- name: Restart sendmail service\r\n  service:\r\n    name: sendmail\r\n    state: restarted\r\n  listen:\r\n    - restart_sendmail\r\n<\/pre>\n
ports\u304b\u3089sendmail\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u30bf\u30b9\u30af\u3092\u8a18\u8ff0\u3057\u307e\u3059\u3002
\nUseBlocklist\u30aa\u30d7\u30b7\u30e7\u30f3\u306fOS\u30d0\u30f3\u30c9\u30eb\u7248\u30de\u30af\u30ed\u3067\u306f\u30d1\u30fc\u30b9\u3055\u308c\u306a\u3044\u306e\u3067\u3001\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u6e21\u3059\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n
roles\/freebsd\/tasks\/ports_sendmail.yaml<\/h4>\n
\r\n---\r\n- name: Initialize portupgrade command\r\n  set_fact:\r\n    portupgrade_cmd: \/usr\/local\/sbin\/portupgrade\r\n\r\n- name: Set ports sendmail installation status\r\n  set_fact:\r\n    ports_sendmail_installed: true\r\n    ports_sendmail_name: sendmail\r\n    ports_sendmail_category: mail\r\n\r\n- name: Set valiables\r\n  set_fact:\r\n    ports_name: "{{ ports_sendmail_name }}"\r\n    ports_category: "{{ ports_sendmail_category }}"\r\n  when:\r\n    - ports_sendmail_installed\r\n\r\n- name: Check if {{ ports_name }} installed\r\n  command: pkg info "{{ ports_name }}"\r\n  register: pkg_info\r\n  when:\r\n    - ports_sendmail_installed\r\n  changed_when: false\r\n  failed_when: false\r\n\r\n- name: Add new option to portupgrade command\r\n  set_fact:\r\n    portupgrade_cmd: "\/usr\/local\/sbin\/portupgrade --new"\r\n  when:\r\n    - ports_sendmail_installed\r\n    - "'pkg: No package(s) matching' in pkg_info.stderr"\r\n\r\n- name: Ensure port options directory exists\r\n  file:\r\n    path: "\/var\/db\/ports\/{{ ports_category }}_{{ ports_name }}"\r\n    state: directory\r\n    mode: "0755"\r\n  when:\r\n    - ports_sendmail_installed\r\n\r\n- name: Copy {{ ports_name }} options\r\n  copy:\r\n    dest: "\/var\/db\/ports\/{{ ports_category }}_{{ ports_name }}\/options"\r\n    mode: "0644"\r\n    content: |\r\n      # This file is auto-generated by 'make config'.\r\n      _FILE_COMPLETE_OPTIONS_LIST=SHMEM SEM LA NIS IPV6 TLS DANE SASL SASLAUTHD LDAP  BDB GDBM SOCKETMAP CYRUSLOOKUP BLOCKLISTD SMTPUTF8  PICKY_HELO_CHECK MILTER MTA_STS TLS_CERT_CHAIN DOCS\r\n      OPTIONS_FILE_SET+=SHMEM\r\n      OPTIONS_FILE_SET+=SEM\r\n      OPTIONS_FILE_SET+=LA\r\n      OPTIONS_FILE_SET+=NIS\r\n      OPTIONS_FILE_SET+=IPV6\r\n      OPTIONS_FILE_SET+=TLS\r\n      OPTIONS_FILE_SET+=DANE\r\n      OPTIONS_FILE_SET+=SASL\r\n      OPTIONS_FILE_SET+=SASLAUTHD\r\n      OPTIONS_FILE_SET+=LDAP\r\n      OPTIONS_FILE_UNSET+=BDB\r\n      OPTIONS_FILE_UNSET+=GDBM\r\n      OPTIONS_FILE_SET+=SOCKETMAP\r\n      OPTIONS_FILE_UNSET+=CYRUSLOOKUP\r\n      OPTIONS_FILE_SET+=BLOCKLISTD\r\n      OPTIONS_FILE_SET+=SMTPUTF8\r\n      OPTIONS_FILE_SET+=PICKY_HELO_CHECK\r\n      OPTIONS_FILE_SET+=MILTER\r\n      OPTIONS_FILE_SET+=MTA_STS\r\n      OPTIONS_FILE_UNSET+=TLS_CERT_CHAIN\r\n      OPTIONS_FILE_SET+=DOCS\r\n  when:\r\n    - ports_sendmail_installed\r\n\r\n- name: Install\/Update {{ ports_name }}\r\n  command: '{{ portupgrade_cmd }} {{ ports_name }}'\r\n  register: daemon_port_install_result\r\n  when:\r\n    - ports_sendmail_installed\r\n  changed_when:\r\n    - "'Cleaning for' in daemon_port_install_result.stdout"\r\n  notify:\r\n    - restart_sendmail\r\n\r\n- name: sysrc sendmail_program\r\n  community.general.sysrc:\r\n    name: sendmail_program\r\n    value: "\/usr\/local\/sbin\/sendmail"\r\n  when:\r\n    - ports_sendmail_installed\r\n  notify:\r\n    - restart_sendmail\r\n\r\n- name: sysrc sendmail_procname\r\n  community.general.sysrc:\r\n    name: sendmail_procname\r\n    value: "\/usr\/local\/sbin\/sendmail"\r\n  when:\r\n    - ports_sendmail_installed\r\n  notify:\r\n    - restart_sendmail\r\n\r\n- name: sysrc sendmail_flags\r\n  community.general.sysrc:\r\n    name: sendmail_flags\r\n    value: "-L sm-mta -bd -q30m -O UseBlocklist"\r\n  when:\r\n    - ports_sendmail_installed\r\n  notify:\r\n    - restart_sendmail\r\n<\/pre>\n
Ansible Playbook\u306e\u5b9f\u884c<\/h2>\n
\r\nansible-playbook -i hosts freebsd.yaml\r\n<\/pre>\n
\u7d50\u679c<\/h2>\n
\u30eb\u30fc\u30eb\u306fblacklistd\u306b\u3088\u3063\u3066\u81ea\u52d5\u7684\u306b\u4f5c\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n
\r\n# ipfw list | grep port25\r\n02025 deny tcp from table(port25) to any 25\r\n# ipfw list | grep port587\r\n02587 deny tcp from table(port587) to any 587\r\n<\/pre>\n
blacklistd\u304c\u653b\u6483\u7684\u306a\u3075\u308b\u307e\u3044\u3092\u691c\u77e5\u3059\u308b\u3068\u81ea\u52d5\u7684\u306bIP\u30a2\u30c9\u30ec\u30b9\u3092\u30ea\u30b9\u30c8\u5316\u3057\u307e\u3059\u3002<\/p>\n
\r\n# blacklistctl dump -a\r\n        address\/ma:port id      nfail   last access\r\n  XX.144.212.98\/32:25   OK      40\/3    XXXX\/XX\/XX XX:XX:XX\r\n  XX.142.154.37\/32:587  OK      6\/3     XXXX\/XX\/XX XX:XX:XX\r\n...\r\n<\/pre>\n
\u30ea\u30b9\u30c8\u5316\u3055\u308c\u305fIP\u30a2\u30c9\u30ec\u30b9\u306fblacklistd\u306b\u3088\u3063\u3066\u81ea\u52d5\u7684\u306btable(port25)\u3068table(port587)\u306b\u8ffd\u52a0\u3055\u308c\u307e\u3059\u3002<\/p>\n
\r\n# ipfw table port25 list\r\nXX.144.212.98\/32 0\r\n...\r\n# ipfw table port587 list\r\nXX.142.154.37\/32 0\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
\u524d\u56de\u306eblacklistd\u3067sshd\u3078\u306e\u653b\u6483\u3092\u30d6\u30ed\u30c3\u30af\u3059\u308b\u306b\u7d9a\u304d\u3001\u4eca\u56de\u306f\u540c\u69d8\u306bSendmail\u3078\u306e\u653b\u6483\u3092\u30d6\u30ed\u30c3\u30af\u3057\u307e\u3059\u3002 \u3057\u304b\u3057\u3001OS\u30d0\u30f3\u30c9\u30eb\u7248Sendmail\u306fblacklistd\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u307e\u305b\u3093\u306e\u3067\u3001ports\u304b\u3089\u2026 \u7d9a\u304d\u3092\u8aad\u3080 »<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3191","post","type-post","status-publish","format-standard","hentry","category-freebsd"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/3191"}],"collection":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/comments?post=3191"}],"version-history":[{"count":22,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/3191\/revisions"}],"predecessor-version":[{"id":3219,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/3191\/revisions\/3219"}],"wp:attachment":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/media?parent=3191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/categories?post=3191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/tags?post=3191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}