When I check my maillog I see the some attacker tries to login to postfix using non existing email account and fails due to 'Relay access denied'. it's always from the same IP address and it's been going on for few days.
I've added a rule to my IPFW ruleset with the hopes to block it but I still see the IP in the log.
If I run [cmd=]ipfw list[/cmd] my rules read:
Is there anything wrong in my setup? Shouldn't the firewall block the IP before I see it in the postfix log?
Thanks for any help.
I've added a rule to my IPFW ruleset with the hopes to block it but I still see the IP in the log.
If I run [cmd=]ipfw list[/cmd] my rules read:
Code:
00001 check-state
00002 allow ip from any to any via lo0
00003 allow tcp from any to any established
00100 allow tcp from any to 199.48.xxx.xxx dst-port 1500 in setup keep-state
00101 allow tcp from any to 199.48.xxx.xxx dst-port 80 in setup keep-state
00102 allow tcp from any to 199.48.xxx.xxx dst-port 443 in setup keep-state
00103 allow tcp from any to 199.48.xxx.xxx dst-port 25 in setup keep-state
00104 allow tcp from any to 199.48.xxx.xxx dst-port 465 in setup keep-state
00105 allow tcp from any to 199.48.xxx.xxx dst-port 110 in setup keep-state
00106 allow tcp from any to 199.48.xxx.xxx dst-port 143 in setup keep-state
00107 allow tcp from any to 199.48.xxx.xxx dst-port 5666 in setup keep-state
00108 allow tcp from any to 199.48.xxx.xxx dst-port 587 in setup keep-state
00109 deny ip from 61.8.13.38 to any
00200 allow udp from 199.48.xxx.xxx to any out keep-state
00201 allow tcp from 199.48.xxx.xxx to any out setup keep-state
00400 allow icmp from 199.48.xxx.xxx to any icmptypes 0,3,8,11,12,13,14
00401 allow icmp from any to 199.48.xxx.xxx icmptypes 0,3,8,11,12,13,14
00500 allow tcp from any to any out via re1 setup keep-state
00999 deny ip from any to any
65535 deny ip from any to anyIs there anything wrong in my setup? Shouldn't the firewall block the IP before I see it in the postfix log?
Thanks for any help.
