Can pf block illegal relay access attempts?
Ladislav Bodnar
distro.watch at msa.hinet.net
Mon Dec 20 16:40:44 PST 2004
On Friday 17 December 2004 14:14, Pyun YongHyeon wrote:
> On Fri, Dec 17, 2004 at 01:56:34PM +0800, Ladislav Bodnar wrote:
> > Hi,
> >
> > Over the last 7 days my Postfix mail server received almost 80,000
> > requests to relay mail to a third destination. Since it is not an open
> > relay, it rejected all these requests, but it is still annoying to see
> > this happening. The requests came from varying (almost 20,000
> > different) IP addresses, but they had one thing in common - the
> > destination address was always "$some-user-name"@infomagic.com.
> >
> > Is there a way to prevent these attempts to access the mail server at
> > all? I only started using pf recently, so I still have a lot to learn,
> > but I would appreciate any advice. Or is pf not the right tool for
> > this?
>
> Try spamd in ports/mail.
Thank you for your suggestion.
I investigated spamd and found out that it blocks connections based on IP
address only. Unfortunately, I generated almost 20,000 different IP
addresses over the last 7 days, so I don't think the IP addresses I would
block are valid. I am looking for a solution where a connection is refused
based on the recipient's email address (which is always @infomagic.com).
Basically I am wondering if pf can refused a connection based on some other
criteria than IP address.
Thanks a lot.
More information about the freebsd-pf
mailing list