On 19/01/2023 17:32, The Doctor via Exim-users wrote:
I assumed that you were blocking the pair
(src ip 46.148.40.108, target port 25)
and was checking that you are also blocking
(src ip 46.148.40.108, target port 465)
Could this cause a 601 error?
Possibly a typo? SMTP does
On Thu, Jan 19, 2023 at 11:57:04AM +, Andrew C Aitchison via Exim-users
wrote:
> On Thu, 19 Jan 2023, The Doctor wrote:
>
> > On Thu, Jan 19, 2023 at 08:44:30AM +, Andrew C Aitchison via Exim-users
> > wrote:
> >> On Wed, 18 Jan 2023, The Doctor via Exim-users wrote:
> >>
> On Thu,
On Thu, Jan 19, 2023 at 08:44:30AM +, Andrew C Aitchison via Exim-users
wrote:
> On Wed, 18 Jan 2023, The Doctor via Exim-users wrote:
>
> >> On Thu, Jan 19, 2023, 00:33 The Doctor wrote:
> >>
> >>> Still having problems with
> >>>
> >>> /var/log/exim/in_rejectlog:2023-01-18 14:27:01.484 [97
On Thu, 19 Jan 2023, The Doctor wrote:
On Thu, Jan 19, 2023 at 08:44:30AM +, Andrew C Aitchison via Exim-users
wrote:
On Wed, 18 Jan 2023, The Doctor via Exim-users wrote:
On Thu, Jan 19, 2023, 00:33 The Doctor wrote:
Still having problems with
/var/log/exim/in_rejectlog:2023-01-18 1
On Wed, 18 Jan 2023, The Doctor via Exim-users wrote:
On Thu, Jan 19, 2023, 00:33 The Doctor wrote:
Still having problems with
/var/log/exim/in_rejectlog:2023-01-18 14:27:01.484 [97258] refused
connection from [46.148.40.108]:61402 I=[204.209.81.246]:465
(host_reject_connection)
THere are s
On Thu, Jan 19, 2023 at 12:36:38AM +0300, Odhiambo Washington via Exim-users
wrote:
> Block at the firewall before they reach the server.
>
> On Thu, Jan 19, 2023, 00:33 The Doctor wrote:
>
> > Still having problems with
> >
> > /var/log/exim/in_rejectlog:2023-01-18 14:27:01.484 [97258] refused
Still having problems with
/var/log/exim/in_rejectlog:2023-01-18 14:27:01.484 [97258] refused connection
from [46.148.40.108]:61402 I=[204.209.81.246]:465 (host_reject_connection)
THere are still coming and not being dropped in a timely manner.
can these packets be dropped in less than 0.01 ms
Block at the firewall before they reach the server.
On Thu, Jan 19, 2023, 00:33 The Doctor wrote:
> Still having problems with
>
> /var/log/exim/in_rejectlog:2023-01-18 14:27:01.484 [97258] refused
> connection from [46.148.40.108]:61402 I=[204.209.81.246]:465
> (host_reject_connection)
>
> THer
On Tue, Dec 13, 2022 at 05:06:51PM +, Slavko via Exim-users wrote:
> D??a 12. decembra 2022 23:25:53 UTC pouvate?? Jeremy Harris via
> Exim-users nap??sal:
>
> >The latter was in April 2003. There isn't any commentary for the
> >rationale for the lockout; the docs do say "called for HEL
Dňa 12. decembra 2022 23:25:53 UTC používateľ Jeremy Harris via Exim-users
napísal:
>The latter was in April 2003. There isn't any commentary for the
>rationale for the lockout; the docs do say "called for HELO or EHLO"
>for the ACL. Perhaps just the EHLO after STARTTLS was forgotten.
Perhaps,
On 11/12/2022 18:34, Slavko via Exim-users wrote:
In case of STARTTLS, it makes no sense for me in connect ACL,
but there it works. In helo ACL it makes sense for me, eg. to skip
checks for second EHLO (after STARTTLS), especially with the
same HELO (EHLO) name as before. What i miss here?
Fair
On Mon, Dec 12, 2022 at 11:13:19AM -0500, Robert Blayzor via Exim-users wrote:
> On 12/7/22 10:34, The Doctor via Exim-users wrote:
> > How do you block a whole Class C like
> > 5.34.207.0/24 using the configuration file?
>
> Step 1.. understand that it's not a class C. It's a /24 prefix in legacy
I also wonder why:...
# iptables -v -A INPUT -s 5.34.207.0/24 -j REJECT
(or similar) has not been suggested.
On 2022/12/12 18:13, Robert Blayzor via Exim-users wrote:
On 12/7/22 10:34, The Doctor via Exim-users wrote:
How do you block a whole Class C like
5.34.207.0/24 using the configuration
On 12/7/22 10:34, The Doctor via Exim-users wrote:
How do you block a whole Class C like
5.34.207.0/24 using the configuration file?
Step 1.. understand that it's not a class C. It's a /24 prefix in legacy
"Class A" address space.
--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP: https:/
Dňa 11. decembra 2022 17:15:10 UTC používateľ Jeremy Harris via Exim-users
napísal:
>> I am using the SNI variable in connect ACL, to filter rogue
>> connections eg. with my MX name or no SNI at all (465).
>
>Doing that never would have worked for non- TLS-on-connect,
>and now it won't work ever
On 10/12/2022 20:13, Slavko via Exim-users wrote:
Dňa 10. decembra 2022 17:01:52 UTC používateľ Jeremy Harris via Exim-users
napísal:
Yes, for SNI it have to be after the first bit of the TLS startup
exchange.
Now i am confused. I read that commit (docs changes), but it
is not clear for me,
Dňa 10. decembra 2022 17:01:52 UTC používateľ Jeremy Harris via Exim-users
napísal:
>Yes, for SNI it have to be after the first bit of the TLS startup
>exchange.
Now i am confused. I read that commit (docs changes), but it
is not clear for me, will have $tls_in_* variables values in
connect ACL
On 10/12/2022 16:27, Slavko via Exim-users wrote:
Dňa 8. decembra 2022 21:37:32 UTC používateľ Jeremy Harris via Exim-users
napísal:
We could just drop the connection at the TCP level, silently; that wouldn't
be hard to code. I don't think it'd make any difference to a client
that didn't hav
I am sorry for delay...
Dňa 8. decembra 2022 21:37:32 UTC používateľ Jeremy Harris via Exim-users
napísal:
>We could just drop the connection at the TCP level, silently; that wouldn't
>be hard to code. I don't think it'd make any difference to a client
>that didn't have a human peering at a pa
On Fri, Dec 9, 2022 at 9:47 AM The Doctor via Exim-users <
exim-users@exim.org> wrote:
> On Thu, Dec 08, 2022 at 08:42:46PM +, Slavko via Exim-users wrote:
> > D??a 8. decembra 2022 14:33:01 UTC pouvate?? Jeremy Harris via
> Exim-users nap??sal:
> >
> > >For those, use the main-config opt
On Thu, Dec 08, 2022 at 08:42:46PM +, Slavko via Exim-users wrote:
> D??a 8. decembra 2022 14:33:01 UTC pouvate?? Jeremy Harris via Exim-users
> nap??sal:
>
> >For those, use the main-config option "host_reject_connection" rather than
> >the
> >connect ACL - it operates before the TLS s
On 08/12/2022 20:42, Slavko via Exim-users wrote:
Dňa 8. decembra 2022 14:33:01 UTC používateľ Jeremy Harris via Exim-users
napísal:
For those, use the main-config option "host_reject_connection" rather than the
connect ACL - it operates before the TLS startup for TLS-on-connect ports,
while
On Thu, Dec 08, 2022 at 11:44:44PM +0300, Odhiambo Washington via Exim-users
wrote:
> On Thu, Dec 8, 2022 at 11:38 PM The Doctor via Exim-users <
> exim-users@exim.org> wrote:
>
> > On Thu, Dec 08, 2022 at 10:47:18PM +0300, Evgeniy Berdnikov via Exim-users
> > wrote:
> > > On Thu, Dec 08, 2022 at
Please learn how to write your responses. Either top-post, or post below,
by snipping.
Even without doing anything, my server has been rejecting these IPs because
they are listed on spamhaus.
On Thu, Dec 8, 2022 at 11:58 PM The Doctor wrote:
> On Thu, Dec 08, 2022 at 11:44:44PM +0300, Odhiambo
On Thu, Dec 8, 2022 at 11:38 PM The Doctor via Exim-users <
exim-users@exim.org> wrote:
> On Thu, Dec 08, 2022 at 10:47:18PM +0300, Evgeniy Berdnikov via Exim-users
> wrote:
> > On Thu, Dec 08, 2022 at 12:22:13PM -0700, The Doctor via Exim-users
> wrote:
> > > On Thu, Dec 08, 2022 at 09:24:19PM +0
Dňa 8. decembra 2022 14:33:01 UTC používateľ Jeremy Harris via Exim-users
napísal:
>For those, use the main-config option "host_reject_connection" rather than the
>connect ACL - it operates before the TLS startup for TLS-on-connect ports,
>while the ACL is run after.
>
>I'm considering changing
On Thu, Dec 08, 2022 at 10:47:18PM +0300, Evgeniy Berdnikov via Exim-users
wrote:
> On Thu, Dec 08, 2022 at 12:22:13PM -0700, The Doctor via Exim-users wrote:
> > On Thu, Dec 08, 2022 at 09:24:19PM +0300, Odhiambo Washington via
> > Exim-users wrote:
> [...]
> > > >>> host in "5.34.207.0/24"? yes
On Thu, Dec 08, 2022 at 12:22:13PM -0700, The Doctor via Exim-users wrote:
> On Thu, Dec 08, 2022 at 09:24:19PM +0300, Odhiambo Washington via Exim-users
> wrote:
[...]
> > >>> host in "5.34.207.0/24"? yes (matched "5.34.207.0/24")
> > >>> host in host_reject_connection? yes (matched "+host_reject
On Thu, Dec 08, 2022 at 09:24:19PM +0300, Odhiambo Washington via Exim-users
wrote:
> On Thu, Dec 8, 2022 at 8:47 PM The Doctor via Exim-users <
> exim-users@exim.org> wrote:
>
> > On Thu, Dec 08, 2022 at 02:33:01PM +, Jeremy Harris via Exim-users
> > wrote:
> > > On 08/12/2022 13:26, The Doc
On Thu, Dec 8, 2022 at 8:47 PM The Doctor via Exim-users <
exim-users@exim.org> wrote:
> On Thu, Dec 08, 2022 at 02:33:01PM +, Jeremy Harris via Exim-users
> wrote:
> > On 08/12/2022 13:26, The Doctor via Exim-users wrote:
> > > tcp4 0 0 midwest.ab.ca.smtps5.34.207.58.62078
> SY
Jeremy Harris via Exim-users schreef op 2022-12-08 15:33:
On 08/12/2022 13:26, The Doctor via Exim-users wrote:
tcp4 0 0 midwest.ab.ca.smtps5.34.207.58.62078
SYN_RCVD
(...)
tcp4 0 64 fortchipewyanlod.smtps 5.34.207.198.21030
ESTABLISHED
I am using exim-4.95
On Thu, Dec 08, 2022 at 10:30:05AM -0700, The Doctor via Exim-users wrote:
> Tried
>
> host_reject_connection = 5.34.207.*
>
> Still not doing the rejection job.
Use CIDR instead of pattern.
--
Eugene Berdnikov
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim
On Thu, Dec 08, 2022 at 02:33:01PM +, Jeremy Harris via Exim-users wrote:
> On 08/12/2022 13:26, The Doctor via Exim-users wrote:
> > tcp4 0 0 midwest.ab.ca.smtps5.34.207.58.62078 SYN_RCVD
> > tcp4 0 0 204.209.81.122.smtps 5.34.207.77.62962 SYN_RCVD
> > tcp
On 08/12/2022 13:26, The Doctor via Exim-users wrote:
tcp4 0 0 midwest.ab.ca.smtps5.34.207.58.62078 SYN_RCVD
tcp4 0 0 204.209.81.122.smtps 5.34.207.77.62962 SYN_RCVD
tcp4 0 0 204.209.81.102.smtps 5.34.207.195.9246 ESTABLISHED
tcp4 0
On Thu, Dec 08, 2022 at 11:35:15AM +0300, Odhiambo Washington wrote:
> Define this in the global section:
>
> hostlist blocked_hosts = 5.34.207.0/24
>
> Then in acl_smtp_connect:
> drop
> message = You are banned here
> log_message = Blocked
On Wed, Dec 07, 2022 at 04:02:55PM -0700, The Doctor via Exim-users wrote:
> On Wed, Dec 07, 2022 at 04:08:34PM +, Jeremy Harris via Exim-users wrote:
> > On 07/12/2022 15:34, The Doctor via Exim-users wrote:
> > > How do you block a whole Class C like
> > > 5.34.207.0/24 using the configuratio
On Wed, Dec 07, 2022 at 04:08:34PM +, Jeremy Harris via Exim-users wrote:
> On 07/12/2022 15:34, The Doctor via Exim-users wrote:
> > How do you block a whole Class C like
> > 5.34.207.0/24 using the configuration file?
>
> Make a start by reading the manual, about ACLs
> and hostlists.
Alrea
On 07/12/2022 15:34, The Doctor via Exim-users wrote:
How do you block a whole Class C like
5.34.207.0/24 using the configuration file?
Make a start by reading the manual, about ACLs
and hostlists.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
##
How do you block a whole Class C like
5.34.207.0/24 using the configuration file?
--
Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROO
On 2022-06-06, The Doctor via Exim-users wrote:
> On Mon, Jun 06, 2022 at 11:33:17PM +0100, Jeremy Harris via Exim-users wrote:
>> On 06/06/2022 23:18, The Doctor via Exim-users wrote:
>> > Just going over my spam and I find this IP 195.133.39.99
>> >
>> > sending a lot of junk. How can you bloc
of course, my mistake.
On 07/06/2022 10:39, R M Crorie via Exim-users wrote:
They only have NS records, because they're name servers(!)... specify
that you want NS records, like this:
dig dnsbl-1.uceprotect.net ns
On 07/06/2022 07:37, Laura Williamson via Exim-users wrote:
are those 3 not sup
On 6/7/22 14:37, Laura Williamson via Exim-users wrote:
> are those 3 not supposed to resolve in DNS? None of them does in my end..
You prefix the IP address in reverse order to the domain. The query is e.g.
99.39.133.195.dnsbl-1.uceprotect.net. IN A
to look up 195.133.39.99
If listed. the A re
They only have NS records, because they're name servers(!)... specify
that you want NS records, like this:
dig dnsbl-1.uceprotect.net ns
On 07/06/2022 07:37, Laura Williamson via Exim-users wrote:
are those 3 not supposed to resolve in DNS? None of them does in my end..
--
footer
--
## List d
are those 3 not supposed to resolve in DNS? None of them does in my end..
deny message = GOODBYE!!! $sender_host_address is in a black
list at $dnslist_domain\n$dnslist_text
dnslists = dnsbl-1.uceprotect.net :
dnsbl-2.uceprotect.net : dnsbl-3.uceprotect.net
--
## List deta
On Mon, Jun 06, 2022 at 11:33:17PM +0100, Jeremy Harris via Exim-users wrote:
> On 06/06/2022 23:18, The Doctor via Exim-users wrote:
> > Just going over my spam and I find this IP 195.133.39.99
> >
> > sending a lot of junk. How can you block such a class C?
> >
>
> Multiple possible ways.
>
Me: *"These work in the same way as a DNS reverse look-up but instead of
returning a domain name, the result is a value depending on whether or
not that particular DNSBL is listing the originating IP address as a
suspected source of spam."*
Time I was in bed, asleep... it's not like an rDNS lo
It's best to use DNSBL /(DNS Block Lists)/ for this, because then you
don't need to update these yourself: e.g. that particular IP address is
already listed on all three block lists at uceprotect.net. These work
in the same way as a DNS reverse look-up but instead of returning a
domain name, t
On 06/06/2022 23:18, The Doctor via Exim-users wrote:
Just going over my spam and I find this IP 195.133.39.99
sending a lot of junk. How can you block such a class C?
Multiple possible ways.
One would be a
deny hosts= 195.133.39.0/24
acl verb (assuming you really want the class-C).
You
Just going over my spam and I find this IP 195.133.39.99
sending a lot of junk. How can you block such a class C?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 1
49 matches
Mail list logo
