From owner-freebsd-questions@FreeBSD.ORG  Mon Jul 27 21:41:00 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9A3AF10656E3
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Jul 2009 21:41:00 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from asmtpout018.mac.com (asmtpout018.mac.com [17.148.16.93])
	by mx1.freebsd.org (Postfix) with ESMTP id 87EBE8FC16
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Jul 2009 21:41:00 +0000 (UTC) (envelope-from cswiger@mac.com)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Received: from cswiger1.apple.com ([17.227.140.124])
	by asmtp018.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01
	(built Dec
	16 2008; 32bit)) with ESMTPSA id <0KNG004Y1MVSLX10@asmtp018.mac.com> for
	freebsd-questions@freebsd.org; Mon, 27 Jul 2009 14:40:59 -0700 (PDT)
Message-id: <931F1DCA-C3DF-496B-93F9-035DC491208A@mac.com>
From: Chuck Swiger <cswiger@mac.com>
To: Jay Hall <jhall@socket.net>
In-reply-to: <0E15E941-3CC2-4C9B-BAF2-C8910F7592ED@socket.net>
Date: Mon, 27 Jul 2009 14:40:40 -0700
References: <0E15E941-3CC2-4C9B-BAF2-C8910F7592ED@socket.net>
X-Mailer: Apple Mail (2.935.3)
Cc: freebsd-questions@freebsd.org
Subject: Re: ipf rules question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2009 21:41:01 -0000

On Jul 27, 2009, at 2:27 PM, Jay Hall wrote:
[ ... ]
> If I am looking at everything correctly all traffic coming into the  
> system from the 82.0.0.0/8 network to port 25 on the mail server  
> should be blocked.
>
> What am I missing?

Maybe they are connecting to the MSP aka 587/tcp rather than port 25?   
It's hard to tell from your message which mailserver lines are from  
machines under your control; try editting the mail headers a little  
less and we might be able to do better.

Otherwise, maybe your firewall rules are not working, are applied to  
the wrong network interface, etc.

Regards,
-- 
-Chuck