On Thu, Dec 08, 2022 at 02:33:01PM +0000, Jeremy Harris via Exim-users wrote:
> On 08/12/2022 13:26, The Doctor via Exim-users wrote:
> > tcp4 0 0 midwest.ab.ca.smtps 5.34.207.58.62078 SYN_RCVD
> > tcp4 0 0 204.209.81.122.smtps 5.34.207.77.62962 SYN_RCVD
> > tcp4 0 0 204.209.81.102.smtps 5.34.207.195.9246 ESTABLISHED
> > tcp4 0 0 stagehypnotistco.smtps 5.34.207.114.55268 ESTABLISHED
> > tcp4 0 0 204.209.81.97.smtps 5.34.207.198.63598 ESTABLISHED
> > tcp4 0 6153 204.209.81.174.smtps 5.34.207.114.4726 ESTABLISHED
> > tcp4 0 6153 dwellmodern.ca.smtps 5.34.207.190.48444 ESTABLISHED
> > tcp4 0 0 204.209.81.110.smtps 5.34.207.198.63764 ESTABLISHED
> > tcp4 0 0 204.209.81.51.smtps 5.34.207.198.38686 ESTABLISHED
> > tcp4 0 0 204.209.81.87.smtps 5.34.207.77.43412 ESTABLISHED
> > tcp4 0 0 environmental-so.smtps 5.34.207.49.53302 ESTABLISHED
> > tcp4 0 0 204.209.81.51.smtps 5.34.207.153.61228 ESTABLISHED
> > tcp4 0 0 lpeser.ca.smtps 5.34.207.198.43508 ESTABLISHED
> > tcp4 0 0 204.209.81.142.smtps 5.34.207.198.4664 ESTABLISHED
> > tcp4 0 0 gibb.ab.ca.smtps 5.34.207.189.8904 ESTABLISHED
> > tcp4 0 0 robertsonsplumbi.smtps 5.34.207.189.1834 ESTABLISHED
> > tcp4 0 151 attilahypnotist..smtps 5.34.207.198.5432 ESTABLISHED
> > tcp4 0 0 techsupplies.ca.smtps 5.34.207.58.62492 ESTABLISHED
> > tcp4 0 0 proflamefireplac.smtps 5.34.207.198.56078 ESTABLISHED
> > tcp4 0 0 204.209.81.97.smtps 5.34.207.191.21406 ESTABLISHED
> > tcp4 0 0 204.209.81.151.smtps 5.34.207.95.43326 ESTABLISHED
> > tcp4 0 0 unityintegration.smtps 5.34.207.191.29918 ESTABLISHED
> > tcp4 0 47 albertadogs.com.smtps 5.34.207.77.59246 ESTABLISHED
> > tcp4 0 0 lpeser.ca.smtps 5.34.207.153.16136 ESTABLISHED
> > tcp4 0 0 valpy.com.smtps 5.34.207.153.7492 ESTABLISHED
> > tcp4 0 0 travelersfirstch.smtps 5.34.207.153.45748 ESTABLISHED
> > tcp4 0 43 massageresultsco.smtps 5.34.207.185.20282 ESTABLISHED
> > tcp4 0 0 204.209.81.102.smtps 5.34.207.186.47794 ESTABLISHED
> > tcp4 0 0 204.209.81.110.smtps 5.34.207.193.51362 ESTABLISHED
> > tcp4 0 0 valpy.com.smtps 5.34.207.198.50486 ESTABLISHED
> > tcp4 0 64 204.209.81.167.smtps 5.34.207.198.34662 ESTABLISHED
> > tcp4 0 64 stage-hypnosis-c.smtps 5.34.207.198.64002 ESTABLISHED
> > tcp4 0 64 204.209.81.102.smtps 5.34.207.198.23784 ESTABLISHED
> > tcp4 0 64 promoteyourbusin.smtps 5.34.207.198.51544 ESTABLISHED
> > tcp4 0 64 fortchipewyanlod.smtps 5.34.207.198.21030 ESTABLISHED
> >
> > I am using exim-4.95 from FreeBSD ports.
>
>
> Ah, those are all ".smtps" - I suspect netstat on FreeBSD means "port 465" there.
> If those are hung waiting to complete TLS negotiation, you'd see that.
>
> For those, use the main-config option "host_reject_connection" rather than the
> connect ACL - it operates before the TLS startup for TLS-on-connect ports,
> while the ACL is run after.
>
>
> I'm considering changing that, even though it's an incompatible change.
> Having the ACL operate before TLS startup (for TLS-on-connect) would align
> with the operation for STARTTLS, and possibly cause less surprise.
> Anybody want to comment?
Just reading this.
Tried
host_reject_connection = 5.34.207.*
Still not doing the rejection job.
--
Member - Liberal International This is doctor@??? Ici doctor@???
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism
https://www.empire.kred/ROOTNK?t=94a1f39b
Happy Christmas 2022 and Merry New Year 2023 Beware
https://mindspring.com
