Hello misc!
I have opensmtpd smarthost on my router.
It seems, some host on my lan network, sometimes send spam through my
gateway (not through smarthost)
and because of it, my ip get blacklisted.
I want to deny using of 25 port from lan to wan. I need some advice here.
This is my simplified pf.conf (i've cropped some variables, i think they
are intuitive):
----
block in on $ext_if
pass in on $ext_if inet proto tcp from $admin to $ext_if port ssh
pass in quick on em0 inet proto tcp to em0 port { smtp, www, https,
submission }
#Block 25 port from lan
#block out quick on egress proto tcp from !self to any port 25
#Enable NAT
pass out on $ext_if inet from $newlan nat-to $ext_ip
pass out on $ext_if inet from $guest_vpn to ! <mynets> received-on pppx
nat-to $ext_ip
----
Please have a look at the "#block 25 port from lan" string, unfortunate,
it blocks all of mail traffic, including opensmtpd on self.
Maybe there is better solution?
