On Mon, Apr 28, 2025 at 12:32:56PM +0000, ed bennett wrote: > I only want to receive incoming emails and only send emails from the server > itself, > either with scripts or while logged on with ssh. > I've completely blocked port 25 and the submission ports. > With 25 open, I can't even login and I have to use IPMI. > First what can I do with just pf? I haven't found any useful examples and > it's not > clear to me exactly how to only allow local connections to send out emails > work > but still receive outside emails.
It is not clear from what you write just *how* you block or set anything to 'open'. I tend to tell people who take our tutorials to copy the default /etc/pf.conf to somewhere safe, then start with the even simpler block pass from self Going from there, you could do worse than at least browse the PF user Guide https://www.openbsd.org/faq/pf/index.html or for that matter go for the PF tutorial slides https://nxdomain.no/~peter/pf_fullday.pdf (which BTW tend to be updated for each session) with links therein, including a certain book that appears to have aged surprisingly well. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
