Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange behaviour with smtp

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giulianoz
      last edited by

      Hello, on 1.2.2 I have the folliwing setup
      wan interface with ip a.b.c.1
      dmz 1 192.168.13.0/24
      lan

      on the wan I've setup a virtual IP a.b.c.2 and setup the port forwarding  for it on port 25

      WAN  TCP  25 (SMTP)  192.168.13.10 (ext.: a.b.c.2) 25 (SMTP)

      to 192.168.13.10 (linux antispam). after processing the mail the antispam forwards it to the internal email server

      I've added a rule like this

      TCP  *  *  192.168.13.10  25 (SMTP)  *

      to enable the traffic from the outside to the antispam server.

      I can receive emails fine, but from some hosts I get this:

      39. 458397 rule 62/0(match): block in on em1: 111.171.65.25.44705 > 192.168.13.10.25: [|tcp]
      2. 865872 rule 62/0(match): block in on em1: 111.171.65.25.44705 > 192.168.13.10.25: [|tcp]
      6. 018565 rule 62/0(match): block in on em1: 111.171.65.25.44705 > 192.168.13.10.25: [|tcp]
      71. 224688 rule 62/0(match): block in on em1: 111.171.65.25.45288 > 192.168.13.10.25: [|tcp]
      3. 059049 rule 62/0(match): block in on em1: 111.171.65.25.45288 > 192.168.13.10.25: [|tcp]

      I've got only korean an at&t IPs.

      Any idea on what's this ?

      thanks

      giuliano

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        IF the log was from a pfSense system (you don't seem to have said) then I suggest you dump the firewall rules to see what rule 62 is and that might tell you why the traffic was blocked.

        I presume em1 is your WAN interface and that you added the SMTP firewall rule to the WAN interface.

        1 Reply Last reply Reply Quote 0
        • G
          giulianoz
          last edited by

          Hello,
          Yes, the system is pfsense 1.2.2
          the rule for smtp was added to the wan interface (em1).
          pfctl -vvs rules reports this

          @62 block drop in log quick on em1 from bogons:50to any label "block bogon networks from wan"                    
           [ Evaluations: 369980    Packets: 557       Bytes: 27864       States: 0     ]                                    
           [ Inserted: uid 0 pid 48699 ]

          running /etc/rc.update_bogons.sh seems to solve the issue (outdated bogons definitions)

          thanks

          giuliano</bogons:50>

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.