Re: [exim] Blocking a Class C

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Andrew C Aitchison
Data:  
Para: The Doctor
CC: exim users
Assunto: Re: [exim] Blocking a Class C
On Thu, 19 Jan 2023, The Doctor wrote:

> On Thu, Jan 19, 2023 at 08:44:30AM +0000, Andrew C Aitchison via Exim-users wrote:
>> On Wed, 18 Jan 2023, The Doctor via Exim-users wrote:
>>
>>>> On Thu, Jan 19, 2023, 00:33 The Doctor <doctor@???> wrote:
>>>>
>>>>> Still having problems with
>>>>>
>>>>> /var/log/exim/in_rejectlog:2023-01-18 14:27:01.484 [97258] refused
>>>>> connection from [46.148.40.108]:61402 I=[204.209.81.246]:465
>>>>> (host_reject_connection)
>>>>>
>>>>> THere are still coming and not being dropped in a timely manner.
>>>>>
>>>>> can these packets be dropped in less than 0.01 ms?
>>>>>
>>>>> Legit e-mail is not getting through and costumers are complaining.
>>>
>>>> On Thu, Jan 19, 2023 at 12:36:38AM +0300, Odhiambo Washington via Exim-users wrote:
>>>> Block at the firewall before they reach the server.
>>>>
>>> Ateempted but not happening. I wonder if the IPs are being faked.
>>
>> I don't think faked packets would get through the firewall if you are
>> blocking the faked IP address.
>>
>> The logs indicate that the attacker is connecting to port 465.
>> Are you blocking that as well as port 25 ?
>>
> I cannot block port 25 if I want mail from the outside world to get it.


I assumed that you were blocking the pair
     (src ip 46.148.40.108, target port 25)
and was checking that you are also blocking
     (src ip 46.148.40.108, target port 465)


-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???