On Sun, 19 Nov 2000, Jesper Skriver wrote:
> A coworker of mine got into "rfc mode" and found the below, as we both
> read it, it says that we MUST treat a ICMP unreachable like a TCP RST.
>
> ##########
> ... A transport protocol
> that has its own mechanism for notifying the sender that a
> port is unreachable (e.g., TCP, which sends RST segments)
> MUST nevertheless accept an ICMP Port Unreachable for the
> same purpose.
> ##########
>
> 9 = communication with destination network
> administratively prohibited
>
> 10 = communication with destination host
> administratively prohibited
Ok, you've got me convinced, it should be implemented. <grumble>
There's a problem, though. Later RFCs say to use 13 instead of 10, as 10
was supposed to be for darpa use only. Perhaps you should retest the
other OSes and see if they're only responding to one of the two messages.
Ok, back to MXes. I've thought about it, and I can't think of any good
ways to do your configuration automatically. Perhaps you could have some
cgi that would allow you to remove yourself from the firewall ruleset,
assuming you were coming from the IP in question. Or, coming from the
other direction, the cgi could let you add yourself to the static mail
routing table if you were coming from the IP in question.
I assume you're using sendmail's "relay if I'm listed as a MX" feature
right now?
Mike "Silby" Silbersack
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
