At 04:45 AM 5/30/2007, you wrote:
We limit SMTP traffic to and from ONLY our email servers and nothing else, so we have specific IP addresses listed for incoming and out going SMTP traffic. Here is an example from our filter rules:pass out quick on `outside_interface' proto tcp from `SMTP_server' to any port = smtp flags S keep state keep frags pass in quick on `outside_interface' proto tcp from any to `SMTP_server' port = smtp flags S keep state keep frags`outside_interface' being the network interface connected to the outside world. `SMTP_server' is the IP address of the SMTP server. Each server has it's own pair of lines. After all the email servers have been listed, we have the following lines: block in log quick proto tcp from any to any port = smtp block out log quick proto tcp from any to any port = smtp We only allow SMTP traffic to and from allowed IP addresses just in case some PC gets a virus that tries to email the world. Since only valid servers can send out, the virus is blocked and it's activity logged. I hope this is of some help. Good luck.
Thanks Brent, but I'm unclear how this is relevant. My mailserver is attempting to send mail only to the public MX servers listed in DNS for att/sbcglobal/pacbell. Since the mail goes through - on its own via the MTA - when the rules are set to 'pass in/out all', then it's clear that my server's not attempting to send the mail to a blocked IP address at att/sbcglobal/pacbell.
Perhaps I didn't make the distinction clear in my initial message. With the existing ruleset, email that is *in the queue on my server* cannot reach the MX servers at att/sbcglobal/pacbell. So this is strictly smtp traffic on port 25 attempting to be delivered to [any randomly selected] MX server published in DNS by att/sbcglobal/pacbell (and to add to the name soup, all of the MX servers are within the 'prodigy.net' domain if you look them up).
Paul Theodoropoulos http://www.anastrophe.com
