Jeremy Harris via Exim-users schreef op 2022-12-08 15:33:
On 08/12/2022 13:26, The Doctor via Exim-users wrote:
tcp4 0 0 midwest.ab.ca.smtps 5.34.207.58.62078
SYN_RCVD
(...)
tcp4 0 64 fortchipewyanlod.smtps 5.34.207.198.21030
ESTABLISHED
I am using exim-4.95 from FreeBSD ports.
Ah, those are all ".smtps" - I suspect netstat on FreeBSD means "port
465" there.
If those are hung waiting to complete TLS negotiation, you'd see that.
For those, use the main-config option "host_reject_connection" rather
than the
connect ACL - it operates before the TLS startup for TLS-on-connect
ports,
while the ACL is run after.
I'm considering changing that, even though it's an incompatible change.
Having the ACL operate before TLS startup (for TLS-on-connect) would
align
with the operation for STARTTLS, and possibly cause less surprise.
Anybody want to comment?
--
Cheers,
Jeremy
Port 465 is indeed smtps on FreeBSD.
As a FreeBSD user myself I commit suspicious or caught addresses like
these to a table in PF (either as a single address or a CIDR range) so
they can't reach Exim at all anymore.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
