On 02/10/2024 14:49, ronaldo--- via Exim-users wrote:
There are a way to accept emails from domains trusted and valid that I know
as real? Like a whitelist? Even with DKIM validation error?
Assuming the "know as real" portion (preferably in some fashion
that an attacker could not duplicate), ye
On Fri, 4 Oct 2024, Johnnie W Adams via Exim-users wrote:
Hi, folks,
I'm trying to interpret some results from an SIEM regarding our Exim
servers and am having difficulty. The SIEM claims that ports 587 and 465
are generating traffic on a high-numbered port. I think it's seeing
artifacts fr
Is the reason that you are blocked at SpamHaus due to PBL (Policy Block
List) - if so then it means that the server accepting your connection
doesn't trust that you are really an email relay/MX.
You can add your host to the Spamhaud PBL as a mail relay and the
problem will go away
ht
Hello,
I have a DSL connection that always has its IP address listed in some
blacklist, so direct deliveries from my exim server sometimes fails
with permanent errors like this one:
550 5.7.1 Service unavailable; client [95..78] blocked using
zen.spamhaus.org
I also have a smarthost, but I pr
Thank you for answering this rather impolite (I think--I hesitate to ask)
question. The SIEM doesn't get that deep into the connection--it just gives
source, destination, and port.
On Fri, Oct 4, 2024 at 1:34 PM Slavko via Exim-users <
exim-users@lists.exim.org> wrote:
> Dňa 4. októbra 2024 18:04
On Fri, Oct 4, 2024 at 2:58 PM Jeremy Harris via Exim-users <
exim-users@lists.exim.org> wrote:
> On 04/10/2024 19:04, Johnnie W Adams via Exim-users wrote:
> > The SIEM claims that ports 587 and 465
> > are generating traffic on a high-numbered port.
>
> Urghh. Ports don't generate traffic.
>
>
On 04/10/2024 19:04, Johnnie W Adams via Exim-users wrote:
The SIEM claims that ports 587 and 465
are generating traffic on a high-numbered port.
Urghh. Ports don't generate traffic.
Sockets are endpoints for traffic, TCP-using sockets
have connections which each have two ports, a local
and a
Dňa 4. októbra 2024 18:04:31 UTC používateľ Johnnie W Adams via Exim-users
napísal:
> I'm trying to interpret some results from an SIEM regarding our Exim
>servers and am having difficulty. The SIEM claims that ports 587 and 465
>are generating traffic on a high-numbered port. I think it's s
On 04/10/2024 10:14, Giuseppe Sacco via Exim-users wrote:
Or any other solution that I do not currently see.
How about a condition on your main-outbound router
using en expansion with a "first_delivery" test,
and a router after that one sending all outbounds
to your smarthost?
To be fair, you'
Hi, folks,
I'm trying to interpret some results from an SIEM regarding our Exim
servers and am having difficulty. The SIEM claims that ports 587 and 465
are generating traffic on a high-numbered port. I think it's seeing
artifacts from failed authentications and, in about two-thirds of the
ca
Dňa 4. októbra 2024 18:39:20 UTC používateľ Johnnie W Adams via Exim-users
napísal:
>The SIEM doesn't get that deep into the connection--it just gives
>source, destination, and port.
Thus IMO you have do it by self, eg. logging traffic in firewall or capturing
traffic to/from these ports. Captur
11 matches
Mail list logo
