[pfSense] How could I block messages trying to pass as from my net?
Hi all. I use PfSense 2.2.1. Of course I know it would very convenient to upgrade, but right now it isn't possible. Im trying to block spam (for instance, from 185.234.217.232). As far as I know, it's trying to pass as a message from my very net: Transcript of session follows. De: Mail Delivery System Para: Postmaster Asunto: Postfix SMTP server: errors from unknown[185.234.217.232] Fecha: Fri, 18 May 2018 10:10:39 -0400 (CDT) Out: 220 partagas.ettpartagas.co.cu ESMTP Partagas In: EHLO 190.6.79.98 Out: 250-partagas.ettpartagas.co.cu Out: 250-PIPELINING Out: 250-SIZE 1524 Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: AUTH LOGIN Out: 503 5.5.1 Error: authentication not enabled Session aborted, reason: lost connection For other details, see the local mail logfile but the MTA correctly rejects it as a fake. I have created an alias list (rechaza) in the menu Firewall/Aliases, where I put all the addresses known to be spammers, and tried to reject them with the rule in Firewall/Rules/WAN Action: Block Interface: WAN TCP/IP version: IPV4 Protocol: TCP Source: (single hots or alias) rechaza Destination: 190.6.79.98 Destination port range: any but I can not stop the spam right in the WAN interface. How could I create a convenient rule? TIA, Fumero -- M.Sc. Alberto García Fumero Usuario Linux 97 138, registrado 10/12/1998 http://interese.cubava.cu No son las horas que pones en tu trabajo lo que cuenta, sino el trabajo que pones en esas horas. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] How could I block messages trying to pass as from my net?
I think your rule should work. Are you sure there is not another rule above that one in the list of rules, that allows the inbound connection? In other words the block rule has to be above the rule allowing traffic on port 25 to your mail server. -- Steve Yates ITS, Inc. -Original Message- From: List On Behalf Of Alberto José García Fumero Sent: Friday, May 18, 2018 9:42 AM To: pfSense Support and Discussion Mailing List Subject: [pfSense] How could I block messages trying to pass as from my net? Hi all. I use PfSense 2.2.1. Of course I know it would very convenient to upgrade, but right now it isn't possible. Im trying to block spam (for instance, from 185.234.217.232). As far as I know, it's trying to pass as a message from my very net: Transcript of session follows. De: Mail Delivery System Para: Postmaster Asunto: Postfix SMTP server: errors from unknown[185.234.217.232] Fecha: Fri, 18 May 2018 10:10:39 -0400 (CDT) Out: 220 partagas.ettpartagas.co.cu ESMTP Partagas In: EHLO 190.6.79.98 Out: 250-partagas.ettpartagas.co.cu Out: 250-PIPELINING Out: 250-SIZE 1524 Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: AUTH LOGIN Out: 503 5.5.1 Error: authentication not enabled Session aborted, reason: lost connection For other details, see the local mail logfile but the MTA correctly rejects it as a fake. I have created an alias list (rechaza) in the menu Firewall/Aliases, where I put all the addresses known to be spammers, and tried to reject them with the rule in Firewall/Rules/WAN Action: Block Interface: WAN TCP/IP version: IPV4 Protocol: TCP Source: (single hots or alias) rechaza Destination: 190.6.79.98 Destination port range: any but I can not stop the spam right in the WAN interface. How could I create a convenient rule? TIA, Fumero -- M.Sc. Alberto García Fumero Usuario Linux 97 138, registrado 10/12/1998 http://interese.cubava.cu No son las horas que pones en tu trabajo lo que cuenta, sino el trabajo que pones en esas horas. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] How could I block messages trying to pass as from my net?
El vie, 18-05-2018 a las 16:24 +, Steve Yates escribió: > I think your rule should work. Are you sure there is not > another rule above that one in the list of rules, that allows the > inbound connection? In other words the block rule has to be above > the rule allowing traffic on port 25 to your mail server. > > -- > > Steve Yates > ITS, Inc. > That rule is the third in the WAN section, after the one blocking rfc 1918 networks and the one blocking bogon networks. Could I create a rule saying, for instance: "reject packets originating (apparently!) from the WAN address and directed to my WAN address? (as they are trying to forge identity) Should that work? -- M.Sc. Alberto García Fumero Usuario Linux 97 138, registrado 10/12/1998 http://interese.cubava.cu No son las horas que pones en tu trabajo lo que cuenta, sino el trabajo que pones en esas horas. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] How could I block messages trying to pass as from my net?
The "EHLO 190.6.79.98" greeting is not looked at by the firewall so that can be ignored. Can you enable logging on the rule allowing port 25, and verify where the packets are actually coming from? In most cases we set our clients up with our spam filter and the inbound port 25 rule allows connections only from the spam filter server IP ranges... -- Steve Yates ITS, Inc. -Original Message- From: List On Behalf Of Alberto José García Fumero Sent: Friday, May 18, 2018 11:52 AM To: list@lists.pfsense.org Subject: Re: [pfSense] How could I block messages trying to pass as from my net? El vie, 18-05-2018 a las 16:24 +, Steve Yates escribió: > I think your rule should work. Are you sure there is not > another rule above that one in the list of rules, that allows the > inbound connection? In other words the block rule has to be above > the rule allowing traffic on port 25 to your mail server. > > -- > > Steve Yates > ITS, Inc. > That rule is the third in the WAN section, after the one blocking rfc 1918 networks and the one blocking bogon networks. Could I create a rule saying, for instance: "reject packets originating (apparently!) from the WAN address and directed to my WAN address? (as they are trying to forge identity) Should that work? -- M.Sc. Alberto García Fumero Usuario Linux 97 138, registrado 10/12/1998 http://interese.cubava.cu No son las horas que pones en tu trabajo lo que cuenta, sino el trabajo que pones en esas horas. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] How could I block messages trying to pass as from my net?
You should use postscreen/blacklist to block spam? Eero pe 18. toukok. 2018 klo 17.43 Alberto José García Fumero < albe...@ettpartagas.co.cu> kirjoitti: > Hi all. > > I use PfSense 2.2.1. Of course I know it would very convenient to > upgrade, but right now it isn't possible. > > Im trying to block spam (for instance, from 185.234.217.232). > As far as I know, it's trying to pass as a message from my very net: > > Transcript of session follows. > De: Mail Delivery System cu> > Para: Postmaster > Asunto: Postfix SMTP server: errors from > unknown[185.234.217.232] > Fecha: Fri, 18 May 2018 10:10:39 -0400 (CDT) > Out: 220 partagas.ettpartagas.co.cu ESMTP Partagas > In: EHLO 190.6.79.98 > Out: 250-partagas.ettpartagas.co.cu > Out: 250-PIPELINING > Out: 250-SIZE 1524 > Out: 250-ETRN > Out: 250-STARTTLS > Out: 250-ENHANCEDSTATUSCODES > Out: 250-8BITMIME > Out: 250 DSN > In: AUTH LOGIN > Out: 503 5.5.1 Error: authentication not enabled > > Session aborted, reason: lost connection > > For other details, see the local mail logfile > > but the MTA correctly rejects it as a fake. > > I have created an alias list (rechaza) in the menu Firewall/Aliases, > where I put all the addresses known to be spammers, and tried to reject > them with the rule in Firewall/Rules/WAN > > Action: Block > Interface: WAN > TCP/IP version: IPV4 > Protocol: TCP > Source: (single hots or alias) rechaza > Destination: 190.6.79.98 > Destination port range: any > > but I can not stop the spam right in the WAN interface. > > How could I create a convenient rule? > > TIA, > > Fumero > > -- > M.Sc. Alberto García Fumero > Usuario Linux 97 138, registrado 10/12/1998 > http://interese.cubava.cu > No son las horas que pones en tu trabajo lo que cuenta, sino el trabajo > que pones en esas horas. > > > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold