The "EHLO 190.6.79.98" greeting is not looked at by the firewall so that can be ignored.
Can you enable logging on the rule allowing port 25, and verify where the packets are actually coming from? In most cases we set our clients up with our spam filter and the inbound port 25 rule allows connections only from the spam filter server IP ranges... -- Steve Yates ITS, Inc. -----Original Message----- From: List <list-boun...@lists.pfsense.org> On Behalf Of Alberto José García Fumero Sent: Friday, May 18, 2018 11:52 AM To: list@lists.pfsense.org Subject: Re: [pfSense] How could I block messages trying to pass as from my net? El vie, 18-05-2018 a las 16:24 +0000, Steve Yates escribió: > I think your rule should work. Are you sure there is not > another rule above that one in the list of rules, that allows the > inbound connection? In other words the block rule has to be above > the rule allowing traffic on port 25 to your mail server. > > -- > > Steve Yates > ITS, Inc. > That rule is the third in the WAN section, after the one blocking rfc 1918 networks and the one blocking bogon networks. Could I create a rule saying, for instance: "reject packets originating (apparently!) from the WAN address and directed to my WAN address? (as they are trying to forge identity) Should that work? -- M.Sc. Alberto García Fumero Usuario Linux 97 138, registrado 10/12/1998 http://interese.cubava.cu No son las horas que pones en tu trabajo lo que cuenta, sino el trabajo que pones en esas horas. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold