Strange behaviour with smtp
-
Hello, on 1.2.2 I have the folliwing setup
wan interface with ip a.b.c.1
dmz 1 192.168.13.0/24
lanon the wan I've setup a virtual IP a.b.c.2 and setup the port forwarding for it on port 25
WAN TCP 25 (SMTP) 192.168.13.10 (ext.: a.b.c.2) 25 (SMTP)
to 192.168.13.10 (linux antispam). after processing the mail the antispam forwards it to the internal email server
I've added a rule like this
TCP * * 192.168.13.10 25 (SMTP) *
to enable the traffic from the outside to the antispam server.
I can receive emails fine, but from some hosts I get this:
39. 458397 rule 62/0(match): block in on em1: 111.171.65.25.44705 > 192.168.13.10.25: [|tcp]
2. 865872 rule 62/0(match): block in on em1: 111.171.65.25.44705 > 192.168.13.10.25: [|tcp]
6. 018565 rule 62/0(match): block in on em1: 111.171.65.25.44705 > 192.168.13.10.25: [|tcp]
71. 224688 rule 62/0(match): block in on em1: 111.171.65.25.45288 > 192.168.13.10.25: [|tcp]
3. 059049 rule 62/0(match): block in on em1: 111.171.65.25.45288 > 192.168.13.10.25: [|tcp]I've got only korean an at&t IPs.
Any idea on what's this ?
thanks
giuliano
-
IF the log was from a pfSense system (you don't seem to have said) then I suggest you dump the firewall rules to see what rule 62 is and that might tell you why the traffic was blocked.
I presume em1 is your WAN interface and that you added the SMTP firewall rule to the WAN interface.
-
Hello,
Yes, the system is pfsense 1.2.2
the rule for smtp was added to the wan interface (em1).
pfctl -vvs rules reports this@62 block drop in log quick on em1 from bogons:50to any label "block bogon networks from wan"
[ Evaluations: 369980 Packets: 557 Bytes: 27864 States: 0 ]
[ Inserted: uid 0 pid 48699 ]running /etc/rc.update_bogons.sh seems to solve the issue (outdated bogons definitions)
thanks
giuliano</bogons:50>