ok, thanks Bill
I am still learning about pf.conf - and by adding your fix, I now get this.
Which seems entirely reasonable now :-)
Thanks, I’ll keep learning …
Robert
zeus:etc robert$ sudo pfctl -vnf /etc/pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
table <badhosts> persist file "/etc/badguys1" file "/etc/badguys2"
scrub-anchor "/*" all fragment reassemble
nat-anchor "/*" all
rdr-anchor "/*" all
anchor "/*" all
anchor "emerging-threats" all
pass in proto tcp from any to any port = 21 flags S/SA keep state
pass in proto tcp from any to any port = 22 flags S/SA keep state
pass in proto tcp from any to any port = 23 flags S/SA keep state
pass in proto tcp from any to any port = 25 flags S/SA keep state
pass in proto tcp from any to any port = 53 flags S/SA keep state
pass in proto udp from any to any port = 53 keep state
pass in proto tcp from any to any port = 110 flags S/SA keep state
pass in proto tcp from any to any port = 143 flags S/SA keep state
pass in proto tcp from any to any port = 194 flags S/SA keep state
pass in proto tcp from any to any port = 389 flags S/SA keep state
pass in proto tcp from any to any port = 443 flags S/SA keep state
pass in proto tcp from any to any port = 445 flags S/SA keep state
pass in proto tcp from any to any port = 465 flags S/SA keep state
pass in proto tcp from any to any port = 587 flags S/SA keep state
pass in proto tcp from any to any port = 993 flags S/SA keep state
pass in proto tcp from any to any port = 5900 flags S/SA keep state
pass in proto tcp from any to any port = 6112 flags S/SA keep state
pass in proto udp from any to any port = 6277 keep state
pass in proto udp from any to any port = 1023 keep state
block drop on en1 from <badhosts> to any
block return in log quick inet proto tcp from 174.46.142.137 to any port = 25
block return in log quick inet proto tcp from 174.46.142.137 to any port = 465
block return in log quick inet proto tcp from 174.46.142.137 to any port = 587
dummynet-anchor "/*" all
Loading anchor com.apple from /etc/pf.anchors/com.apple
anchor "/*" all
anchor "/*" all
Loading anchor emerging-threats from /etc/pf.anchors/emerging-threats
table <emerging_threats> persist file "/etc/emerging-Block-IPs.txt"
block drop from <emerging_threats> to any
> On 5 Mar 2016, at 00:42, Bill Cole
> <postfixlists-070...@billmail.scconsult.com> wrote:
>
> block return in log quick proto tcp from 174.46.142.137 to any port
> {25,465,587}
Robert Chalmers
rob...@chalmers.com <mailto:rob...@chalmers.com>.au Quantum Radio:
http://tinyurl.com/lwwddov
Mac mini 6.2 - 2012, Intel Core i7,2.3 GHz, Memory:16 GB. El-Capitan 10.11.
XCode 7.2.1
2TB: Drive 0:HGST HTS721010A9E630. Upper bay. Drive 1:ST1000LM024 HN-M101MBB.
Lower Bay
