Firewall blocks not working



  • Hello
    last night I made 2 changes:
    1- upgraded to 1.2-RC4
    2- added a 2-nd WAN.

    We run a local mailserver.  connections come in and out only on WAN1.  For a long time I have blocked spamming i/p ranges.
    After last night the blocks are not working.

    Here is a block rule:

    <rule><type>block</type>
                            <interface>wan</interface>
                            <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
                            <os><protocol>tcp</protocol>
                            <source>

    <address>203.0.0.0/8</address>

    <destination><any></any></destination></os></statetimeout></max-src-states></max-src-nodes></rule>

    From our mail log:
    Feb 21 10:12:40 fbc4.fantinibakery.com postfix/error[7239]: 7454597528: to=fanyu20031026@yahoo.com.tw, relay=none, delay=193440, delays=192339/1101/0/0, dsn=4.7.0,
    status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.0 [TS01] Messages from 70.91.216.121 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)

    Feb 21 10:12:40 fbc4.fantinibakery.com postfix/error[7260]: 793CB6EB7C: to=gufen1357@yahoo.com.tw, relay=none, delay=260821, delays=259719/1101/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.0 [TS01] Messages from 70.91.216.121 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)

    We are getting thousands of spam email attempts per hour.

    Could someone point me to a solution?

    thanks
    Rob/gufen1357@yahoo.com.tw/fanyu20031026@yahoo.com.tw



  • If I read the logs correctly you are trying to SEND these mails out  and not to receive them and run in a temporarily block on a server at 203.188.197.10? Maybe you have a bot inside your network?



  • Hello
    you are correct these are sends .

    thanks, looks like problem is on my end.


Locked