[EMAIL PROTECTED] said: > I belive it's not good to just drop the auth (ident) requests -- IIRC it > makes mail clients delay. > > So the question is how should they be rejected? > > reject-with icmp-port-unreachable > or > reject-with tcp-reset
tcp-reset - this is the behavior that a closed port normally gives. > Of course, I don't have any good reasons not to just allow the auth > requests. Most will be for mail that's generated from behind a NAT and > sent to the NAT/Firewall machine which runs exim as a smarthost, so the > connections will belong to whatever exim is running as. > > I never thought about this, but do auth requests to ports that are > forwarded by a NAT machine get forwarded? I suspect not. not normally, but some identd servers have a forwarding function, look at midentd and oidentd. > BTW -- is there a utility to manually send an auth request? That would > help with testing the rules. telnet or netcat ;) the requests are pretty simple, see http://www.faqs.org/rfcs/rfc1413.html for details. > -- > Bill Moseley > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- -- Josh Rollyson [EMAIL PROTECTED]
