PF Filtering TIP !! Take care with SMTP

18/08/2009 - 15:44 von Rico Le Haineux | Report spam
Hi all,

i have encountered a weird collateral effect while using a common rules
on my PF firewall which purpose is to avoid corrupted machines and
spammers to try to use my smtp gateway as a relay:

block in quick on $red proto tcp from any os {"Windows 95","Windows
98","Windows XP"} to any port smtp

After a long investigation, i found that it blocks all mails sent by a
Microsoft based smtp server !! This issue appeared obvious when i saw
that all emails coming from Frontbridge and Hotmail relays were unable
to deliver messages to my domains and were systematically in state
delayed '400 - 4.4.7'. Of course, all 'Nux/Nix based smtp servers were
able to relay all emails to us.

Hope it will save you a few nights of investigations !! All
updates/notes/remarks will be welcome on this case ;-)


Sincerely,

Erik LE VACON
 

Lesen sie die antworten

#1 Helmut Schneider
18/08/2009 - 16:14 | Warnen spam
Rico Le Haineux wrote:
i have encountered a weird collateral effect while using a common rules
on my PF firewall which purpose is to avoid corrupted machines and
spammers to try to use my smtp gateway as a relay:



Did you misconfigure your smtp gateway? I cannot see any other reason why
unauthorized machines should be able to abuse it.

block in quick on $red proto tcp from any os {"Windows 95","Windows
98","Windows XP"} to any port smtp



Why do you think that Windows machines (even 95, 98 and XP) cannot run
legitimate services?

No Swen today, my love has gone away
My mailbox stands for lorn, a symbol of the dawn

Ähnliche fragen