Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Spamhause Blacklist & Port 25 traffic

    Scheduled Pinned Locked Moved
    Firewalling
    blacklist
    2
    2
    486
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrpfsense
      last edited by

      Recently, over the last three weeks were have been placed on the spamhause blacklist. Spamhause is suggesting port 25 is leaking traffic.

      If spamhause is correct:

      1. how do i monitor or trace what traffic (specifically on port 25) is leaving the pfsense server?
      2. how do i configure pfsense to only allow traffic on port 25 from one server?

      Thanks for your help.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @mrpfsense
        last edited by SteveITS

        @mrpfsense
        (don't do this but)
        1 ) on LAN add a firewall rule that passes port 25 outbound to any and logs it.

        instead do:
        2a) on LAN allow port 25 outbound from the one server IP, and
        2b) second rule after 2a: on LAN block port 25 outbound and log it

        If spam is being sent that implies a PC is infected. Alternately Spamhaus has other lists like the policy list were the ISP reports it shouldn't be sending mail at all...often set for DHCP IPs.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 1
        • First post
          Last post