Re: [exim] Blocking a Class C

Top Page
Delete this message
Reply to this message
Author: Oliver Heesakkers
Date:  
To: exim-users
Subject: Re: [exim] Blocking a Class C
Jeremy Harris via Exim-users schreef op 2022-12-08 15:33:
> On 08/12/2022 13:26, The Doctor via Exim-users wrote:
>> tcp4       0      0 midwest.ab.ca.smtps    5.34.207.58.62078      
>> SYN_RCVD

(...)
>> tcp4       0     64 fortchipewyanlod.smtps 5.34.207.198.21030     
>> ESTABLISHED

>>
>> I am using exim-4.95 from FreeBSD ports.
>
>
> Ah, those are all ".smtps" - I suspect netstat on FreeBSD means "port
> 465" there.
> If those are hung waiting to complete TLS negotiation, you'd see that.
>
> For those, use the main-config option "host_reject_connection" rather
> than the
> connect ACL - it operates before the TLS startup for TLS-on-connect
> ports,
> while the ACL is run after.
>
>
> I'm considering changing that, even though it's an incompatible change.
> Having the ACL operate before TLS startup (for TLS-on-connect) would
> align
> with the operation for STARTTLS, and possibly cause less surprise.
> Anybody want to comment?
> --
> Cheers,
> Jeremy


Port 465 is indeed smtps on FreeBSD.

As a FreeBSD user myself I commit suspicious or caught addresses like
these to a table in PF (either as a single address or a CIDR range) so
they can't reach Exim at all anymore.