Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Jul 2009 16:27:21 -0500
From:      Jay Hall <jhall@socket.net>
To:        freebsd-questions@freebsd.org
Subject:   ipf rules question
Message-ID:  <0E15E941-3CC2-4C9B-BAF2-C8910F7592ED@socket.net>
next in thread | raw e-mail | index | archive | help 
Ladies and Gentlemen,

I think I am missing something.  I am running a FreeBSD 6. server with  
ipf compiled into the kernel.

Following are the headers from an email.

From: 	oeajqs@brantbenun.com
	Subject: 	****SUSPECTED SPAM**** REAL Doctors, REAL Science, REAL  
Results!

	Date: 	July 27, 2009 2:33:25 PM CDT

	To: 	xxxxxxxxx@mnea.org
	Reply-To: 	oeajqs@brantbenun.com
	Received: 	from mail.mnea.org ([10.129.10.45]) by mo-hq-s1.mo.loc  
with Microsoft SMTPSVC(6.0.3790.1830); Mon, 27 Jul 2009 14:33:29 -0500

	Received: 	by mail.mnea.org (Postfix, from userid 10071) id  
572563F661; Mon, 27 Jul 2009 14:33:29 -0500 (CDT)

	Received: 	from speedtouch.lan (213-84-78-162.adsl.xs4all.nl  
[82.95.130.154]) by mail.mnea.org (Postfix) with ESMTP id DD9233F659  
for <xxxxxxxx@mnea.org>; Mon, 27 Jul 2009 14:33:24 -0500 (CDT)

	Received: 	from 82.95.130.154 by smtp.secureserver.net; Mon, 27 Jul  
2009 20:33:25 +0100

	

Following are the relevant entries from /var/log/maillog

Jul 27 14:33:22 mail postfix/smtpd[8557]: connect from  
213-84-78-162.adsl.xs4all.nl[82.95.130.154]

Jul 27 14:33:24 mail postfix/smtpd[8557]: DD9233F659:  
client=213-84-78-162.adsl.xs4all.nl[82.95.130.154]

Jul 27 14:33:26 mail postfix/cleanup[7974]: DD9233F659: message-id=<824460019.99376997845866@brantbenun.com 
 >

Jul 27 14:33:26 mail postfix/qmgr[52904]: DD9233F659: from=<oeajqs@brantbenun.com 
 >, size=1245, nrcpt=1 (queue active)



And, following is the output from ipfstat showing the relevant rule(s).

@140 block in quick proto tcp from 82.0.0.0/8 to any port = smtp



If I am looking at everything correctly all traffic coming into the  
system from the 82.0.0.0/8 network to port 25 on the mail server  
should be blocked.

What am I missing?



Thanks for your help.





Jay

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0E15E941-3CC2-4C9B-BAF2-C8910F7592ED>