Block all output like http and smtp in my netfilter (Gnu Linux);

-A OUTPUT -p tcp -m tcp --dport 80 -j DROP
-A OUTPUT -p tcp -m tcp --dport 110 -j DROP
etc ..

I had problems with portscan originated in my output. Even without ExitPolicy accept

EX:

Dear Sir/Madam,

We have detected abuse from the IP address MYIPADDRESS, which according to a whois lookup is on your network. We would appreciate if you would investigate your logs and take action as appropriate.

Log lines are given below, but please ask if you require any further information.

(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)

Regards,

Critical Path, Inc.

Note: Local timezone is +0000 (GMT)
Jan 15 16:03:00 65.20.0.47 pop3: Failed password from MYIPADDRESS
Jan 15 17:40:07 65.20.0.47 pop3: Failed password from MYIPADDRESS
Jan 15 17:40:09 65.20.0.47 pop3: Failed password from MYIPADDRESS
Jan 15 17:40:09 65.20.0.47 pop3: Failed password from MYIPADDRESS
Jan 15 17:40:11 65.20.0.47 pop3: Failed password from MYIPADDRESS
Jan 15 17:40:14 65.20.0.47 pop3: Failed password from MYIPADDRESS
Jan 15 17:40:17 65.20.0.47 pop3: Failed password from MYIPADDRESS
Jan 15 17:40:18 65.20.0.47 pop3: Failed password from MYIPADDRESS
******************************

------------------------- END ------------------------------------

to keep me in a comfort zone, I installed OSSEC. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

example of my latest incidents:


OSSEC HIDS Notification.
2014 May 23 11:45:44

Received From: darkstar->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

May 23 12:45:44 darkstar kernel: tor: page allocation failure. order:0, mode:0x20

 --END OF NOTIFICATION