Jeremy Harris via Exim-users schreef op 2022-12-08 15:33:
> On 08/12/2022 13:26, The Doctor via Exim-users wrote:
>> tcp4 0 0 midwest.ab.ca.smtps 5.34.207.58.62078
>> SYN_RCVD
(...)
>> tcp4 0 64 fortchipewyanlod.smtps 5.34.207.198.21030
>> ESTABLISHED
>>
>> I am using exim-4.95 from FreeBSD ports.
>
>
> Ah, those are all ".smtps" - I suspect netstat on FreeBSD means "port
> 465" there.
> If those are hung waiting to complete TLS negotiation, you'd see that.
>
> For those, use the main-config option "host_reject_connection" rather
> than the
> connect ACL - it operates before the TLS startup for TLS-on-connect
> ports,
> while the ACL is run after.
>
>
> I'm considering changing that, even though it's an incompatible change.
> Having the ACL operate before TLS startup (for TLS-on-connect) would
> align
> with the operation for STARTTLS, and possibly cause less surprise.
> Anybody want to comment?
> --
> Cheers,
> Jeremy
Port 465 is indeed smtps on FreeBSD.
As a FreeBSD user myself I commit suspicious or caught addresses like
these to a table in PF (either as a single address or a CIDR range) so
they can't reach Exim at all anymore.
