Thanks for the info, finally got the command to turn it off should we decide to do so. We've heard both sides of the issue with PIX and can't find the definitive answer one-way or the other. What kinds of problems does having this enabled produce?
Last I checked, this was seriously broken -- specifically, enabling it [1] Breaks the RFCs, and [2] Is an insecure security feature.
For #1, it prevents other mailservers from knowing your hostname, which violates the RFCs. Yes, it means that a hacker that has just your IP can find your hostname. But the hacker could just as easily find the hostname from your domain name, by looking up the MX record. So the security feature offers little security in this regard, at the expense of violating the RFCs.
For #2, PIX's claim to fame is their ability to block the hostname (and any other information that could ID the server). However, they let some of that information slip through! Their poorly educated programmers (sorry, but it is true) decided to block all characters in the SMTP greeting except "2" and "0" (instead of allowing the first 3 characters through, which is the only place they need the "2" and "0" to appear). For example, it would be possible to identify an IMail server behind a PIX by making multiple connections (IMail includes the number of connections in the SMTP greeting, which will contain a "2" and/or "0" at least 2 out of every 10 connections).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
