Autor: Jeremy Harris Data: A: exim-users Assumpte: Re: [exim] Blocking a Class C
On 10/12/2022 16:27, Slavko via Exim-users wrote: > Dňa 8. decembra 2022 21:37:32 UTC používateľ Jeremy Harris via Exim-users <exim-users@???> napísal:
>
>> We could just drop the connection at the TCP level, silently; that wouldn't
>> be hard to code. I don't think it'd make any difference to a client
>> that didn't have a human peering at a packet capture of the connection
>> attempt.
>
> Drop silently is what i suggested
I've gone with "silently": 4243a209fd94
[SNI] >> Not so. It's available early and can be used to select the server cert.
>
> AFAIK SNI is part of TLS Client Hello. For now i understand that we
> are talking about rejection before TLS handshake starts, thus no
> SNI is available (nor other TLS related variables). Are you talking
> about rejection in "middle" of TLS handshake or even after it is
> finished?
Yes, for SNI it have to be after the first bit of the TLS startup
exchange.
>> There is an "encrypted=" ACL condition. Or you can check $tls_in_cipher,
>> as you said - it's fully equivalent.
>
> When i recently tried to use "encrypted=" ACL condition in helo ACL
> i got error, thus while fully equivalent, they are not interchangable
> in all related ACLs and it was not documented. Details on that, please?
--
Cheers,
Jeremy