Daniel wrote: > > If you're referring to firewall rules, I don't think he was. I'm pretty sure he was referring to the drop and deny verbs in exim ACLs, which control whether or not exim terminates the SMTP connection after sending a 5xx reply.
> you typically want to DROP > incomming connections, and REJECT outgoing connections. DROP will send > the packet to nowhere making you somewhat invisible and make the > initiating connection wait and wait (this is good) However, you should > probably REJECT connections from places you trust (like your lan) so > your users aren't waiting like the bad guys. That's not universally considered to be good advice. The issues are similar to those with drop vs. deny at the SMTP layer that I mentioned in my other message -- a zombie might just go away if the connection isn't answered in a certain timeout, but a legitimate sender, assuming your server to be a legitimate RFC-compliant internet server, would probably assume a problem in the connection path caused the packets to drop and could retry a few times before stopping. Rejecting the connection, on the other hand, sends a clear RFC-compliant message to legitimate (but unwanted) senders that this port is closed to them. > -- > The world needs more Canada > - Bono Sadly, your .sig file is quite out of date. A more accurate current quote from Bono would be, "I am personally not just disappointed [in Canada], I'm crushed actually." http://www.cbc.ca/story/arts/national/2005/11/25/Arts/bono-martin-051125.html - Marc -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
