On Thu, Dec 8, 2022 at 11:38 PM The Doctor via Exim-users < [email protected]> wrote:
> On Thu, Dec 08, 2022 at 10:47:18PM +0300, Evgeniy Berdnikov via Exim-users > wrote: > > On Thu, Dec 08, 2022 at 12:22:13PM -0700, The Doctor via Exim-users > wrote: > > > On Thu, Dec 08, 2022 at 09:24:19PM +0300, Odhiambo Washington via > Exim-users wrote: > > [...] > > > > >>> host in "5.34.207.0/24"? yes (matched "5.34.207.0/24") > > > > >>> host in host_reject_connection? yes (matched "+host_rejects") > > > > LOG: refused connection from [5.34.207.3] (host_reject_connection) > > > > 554 SMTP service not available > > > > root@gw:/usr/home/wash # > > > > > > Still seeing > > > > > > netstat -a | egrep smtp > > > tcp4 0 0 exploreedmonton..smtps 5.34.207.189.26526 > SYN_RCVD > > > tcp4 0 0 comparealbertapo.smtps 5.34.207.190.30872 > FIN_WAIT_2 > > > tcp4 0 0 204.209.81.148.smtps 5.34.207.114.57546 > FIN_WAIT_2 > > > > Rejection with status code 554 requires established TCP connection. > > Study mainlog to check whether connections are rejected. > > > > However, absense of numerous connections in ESTABLISHED state is a hint > > that rejection works. > > > > If you don't want TCP connections, use packet filtering on kernel level > > instead of Exim's configuration options. > > I am surprised that my firewall ACL is not getting this > in a switch! I shared config snippets that work. If you wanted to deal with this at the firewall level, you did not need Exim to do it! -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
