That doesn't seem possible to me. NMAP uses, at least for its SYN/connect() type scans the same sequence of packets that your mail software would have to use, so if you block one sequence of packets, they are going to be blocked regardless of the place they are coming from.
To achieve a similar result, try: (1) if you are going to be sending mail from a limited set of IP addresses, try filtering all traffic to that port, except your "semi-trusted" hosts. This isn't perfect, but will avoid casual scans. (2) better yet, set up a VPN between your trusted hosts and your mail server and you don't need to have a port open for the public internet. On Thu, 17 Jan 2002, [iso-8859-1] Eduardo Gon�alves wrote: > Hi all, > > I have a ipchains rule like this: > #ipchais -A input -s 0/0 -p tcp -y -j REJECT > > so I can block all the SYN packets used by port scanners and avoid them... > but now I run a smtp server (postfix), and my box must accept SYN packets to > port 25. > > I don't want that anybody knows ( using a scanner ) which is the open port. > > My question: > How can I block port scanners(like nmap) and run my server without > problems? > > > thanks a lot > []'s > Eduardo
