Have you check your root mail for secruity messages?
There is useally a messages about what the various
secruity features check?
If the box you are trying to access it from has a static ip or
real FQDN, you should be able to add a rule to get past it.
Also rumage around in /etc and find out where it's pulling the rewrite from, you might try grep -r "ALL:ALL