ipf rules question
Jay Hall
jhall at socket.net
Mon Jul 27 21:27:24 UTC 2009
Ladies and Gentlemen,
I think I am missing something. I am running a FreeBSD 6. server with
ipf compiled into the kernel.
Following are the headers from an email.
From: oeajqs at brantbenun.com
Subject: ****SUSPECTED SPAM**** REAL Doctors, REAL Science, REAL
Results!
Date: July 27, 2009 2:33:25 PM CDT
To: xxxxxxxxx at mnea.org
Reply-To: oeajqs at brantbenun.com
Received: from mail.mnea.org ([10.129.10.45]) by mo-hq-s1.mo.loc
with Microsoft SMTPSVC(6.0.3790.1830); Mon, 27 Jul 2009 14:33:29 -0500
Received: by mail.mnea.org (Postfix, from userid 10071) id
572563F661; Mon, 27 Jul 2009 14:33:29 -0500 (CDT)
Received: from speedtouch.lan (213-84-78-162.adsl.xs4all.nl
[82.95.130.154]) by mail.mnea.org (Postfix) with ESMTP id DD9233F659
for <xxxxxxxx at mnea.org>; Mon, 27 Jul 2009 14:33:24 -0500 (CDT)
Received: from 82.95.130.154 by smtp.secureserver.net; Mon, 27 Jul
2009 20:33:25 +0100
Following are the relevant entries from /var/log/maillog
Jul 27 14:33:22 mail postfix/smtpd[8557]: connect from
213-84-78-162.adsl.xs4all.nl[82.95.130.154]
Jul 27 14:33:24 mail postfix/smtpd[8557]: DD9233F659:
client=213-84-78-162.adsl.xs4all.nl[82.95.130.154]
Jul 27 14:33:26 mail postfix/cleanup[7974]: DD9233F659: message-id=<824460019.99376997845866 at brantbenun.com
>
Jul 27 14:33:26 mail postfix/qmgr[52904]: DD9233F659: from=<oeajqs at brantbenun.com
>, size=1245, nrcpt=1 (queue active)
And, following is the output from ipfstat showing the relevant rule(s).
@140 block in quick proto tcp from 82.0.0.0/8 to any port = smtp
If I am looking at everything correctly all traffic coming into the
system from the 82.0.0.0/8 network to port 25 on the mail server
should be blocked.
What am I missing?
Thanks for your help.
Jay
More information about the freebsd-questions
mailing list