On Thu, 19 Jan 2023, The Doctor wrote:
On Thu, Jan 19, 2023 at 08:44:30AM +0000, Andrew C Aitchison via Exim-users
wrote:
On Wed, 18 Jan 2023, The Doctor via Exim-users wrote:
On Thu, Jan 19, 2023, 00:33 The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
Still having problems with
/var/log/exim/in_rejectlog:2023-01-18 14:27:01.484 [97258] refused
connection from [46.148.40.108]:61402 I=[204.209.81.246]:465
(host_reject_connection)
THere are still coming and not being dropped in a timely manner.
can these packets be dropped in less than 0.01 ms?
Legit e-mail is not getting through and costumers are complaining.
On Thu, Jan 19, 2023 at 12:36:38AM +0300, Odhiambo Washington via Exim-users
wrote:
Block at the firewall before they reach the server.
Ateempted but not happening. I wonder if the IPs are being faked.
I don't think faked packets would get through the firewall if you are
blocking the faked IP address.
The logs indicate that the attacker is connecting to port 465.
Are you blocking that as well as port 25 ?
I cannot block port 25 if I want mail from the outside world to get it.
I assumed that you were blocking the pair
(src ip 46.148.40.108, target port 25)
and was checking that you are also blocking
(src ip 46.148.40.108, target port 465)
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
