Please learn how to write your responses. Either top-post, or post below, by snipping.
Even without doing anything, my server has been rejecting these IPs because they are listed on spamhaus. On Thu, Dec 8, 2022 at 11:58 PM The Doctor <doc...@doctor.nl2k.ab.ca> wrote: > On Thu, Dec 08, 2022 at 11:44:44PM +0300, Odhiambo Washington via > Exim-users wrote: > > On Thu, Dec 8, 2022 at 11:38 PM The Doctor via Exim-users < > > exim-users@exim.org> wrote: > > > > > On Thu, Dec 08, 2022 at 10:47:18PM +0300, Evgeniy Berdnikov via > Exim-users > > > wrote: > > > > On Thu, Dec 08, 2022 at 12:22:13PM -0700, The Doctor via Exim-users > > > wrote: > > > > > On Thu, Dec 08, 2022 at 09:24:19PM +0300, Odhiambo Washington via > > > Exim-users wrote: > > > > [...] > > > > > > >>> host in "5.34.207.0/24"? yes (matched "5.34.207.0/24") > > > > > > >>> host in host_reject_connection? yes (matched "+host_rejects") > > > > > > LOG: refused connection from [5.34.207.3] > (host_reject_connection) > > > > > > 554 SMTP service not available > > > > > > root@gw:/usr/home/wash # > > > > > > > > > > Still seeing > > > > > > > > > > netstat -a | egrep smtp > > > > > tcp4 0 0 exploreedmonton..smtps 5.34.207.189.26526 > > > SYN_RCVD > > > > > tcp4 0 0 comparealbertapo.smtps 5.34.207.190.30872 > > > FIN_WAIT_2 > > > > > tcp4 0 0 204.209.81.148.smtps 5.34.207.114.57546 > > > FIN_WAIT_2 > > > > > > > > Rejection with status code 554 requires established TCP connection. > > > > Study mainlog to check whether connections are rejected. > > > > > > > > However, absense of numerous connections in ESTABLISHED state is a > hint > > > > that rejection works. > > > > > > > > If you don't want TCP connections, use packet filtering on kernel > level > > > > instead of Exim's configuration options. > > > > > > I am surprised that my firewall ACL is not getting this > > > in a switch! > > > > > > I shared config snippets that work. > > If you wanted to deal with this at the firewall level, you did not need > > Exim to do it! > > > > As I said, the firewall wer not dropping the packets hence the > need to use exim ACL. > > By the way, > > This looks like a very interesting attack! > > Have a look at https://www.nk.ca/~doctor/5.34.207.txt > > but be careful! > > This file is 113960735 bytes. > > > -- > > Best regards, > > Odhiambo WASHINGTON, > > Nairobi,KE > > +254 7 3200 0004/+254 7 2274 3223 > > "Oh, the cruft.", egrep -v '^$|^.*#' ??\_(???)_/?? :-) > > -- > > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > > ## Exim details at http://www.exim.org/ > > ## Please use the Wiki with this list - http://wiki.exim.org/ > > -- > Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca > Yahweh, King & country!Never Satan President Republic!Beware AntiChrist > rising! > Look at Psalms 14 and 53 on Atheism > https://www.empire.kred/ROOTNK?t=94a1f39b > Happy Christmas 2022 and Merry New Year 2023 Beware > https://mindspring.com > -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
