From owner-freebsd-pf@FreeBSD.ORG Fri Dec 17 05:56:36 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A29716A4CE for ; Fri, 17 Dec 2004 05:56:36 +0000 (GMT) Received: from msr36.hinet.net (msr36.hinet.net [168.95.4.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA0DA43D46 for ; Fri, 17 Dec 2004 05:56:35 +0000 (GMT) (envelope-from distro.watch@msa.hinet.net) Received: from [192.168.0.128] (61-229-2-147.dynamic.hinet.net [61.229.2.147]) by msr36.hinet.net (8.9.3/8.9.3) with ESMTP id NAA04793 for ; Fri, 17 Dec 2004 13:56:33 +0800 (CST) From: Ladislav Bodnar Organization: DistroWatch.com To: freebsd-pf@freebsd.org Date: Fri, 17 Dec 2004 13:56:34 +0800 User-Agent: KMail/1.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200412171356.34608.distro.watch@msa.hinet.net> Subject: Can pf block illegal relay access attempts? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2004 05:56:36 -0000 Hi, Over the last 7 days my Postfix mail server received almost 80,000 requests to relay mail to a third destination. Since it is not an open relay, it rejected all these requests, but it is still annoying to see this happening. The requests came from varying (almost 20,000 different) IP addresses, but they had one thing in common - the destination address was always "$some-user-name"@infomagic.com. Is there a way to prevent these attempts to access the mail server at all? I only started using pf recently, so I still have a lot to learn, but I would appreciate any advice. Or is pf not the right tool for this? Thanks a lot for your help.