Marc Haber wrote:
On Tue, 05 Feb 2008 12:32:31 +0100, Yves Goergen <[EMAIL PROTECTED]> wrote:On 05.02.2008 09:28 CE(S)T, Marc Haber wrote:The Debian docs say that it is a much better idea to configure the firewall "protecting" the client to reject the ident calls instead of dropping them. I still think that is a better idea.Well, say that to all of the Windows or NAT users out there. ;)A lot of NAT devices can be configured that way.
In fact some software firewalls for windows and some SOHO routers do it that way by default, but it is not the most common ones.
I have also already seen a firewall appliance at a medium company which was detecting ident call, and then blocking further connection for some minutes.
They were trying to send my client a mail, thus connecting to port 25 then exim sent the ident probethen their firewall was cutting all existing port 25 connections because exim accessed an "unauthorized port" So they were not able to send my client a mail and told the exim server was broken.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
