> Is it wise to run auth/identd on an email gateway?
If you do run it, then you don't have to worry about delays or time
penalties when doing mail transactions with other servers that do ident
lookups.
If you don't run it, that is one less service you have to worry
about the security of (read, the possibility of buffer overflows).
As Peter said, forcibly rejecting connections rather than dropping
packets is preferred if you don't run it. Different firewalls make this
easier or harder.
I personally consider it easier to run it than to spend time
worrying about the interactions with mail servers that prefer to use it.
But you may want to look for a "fake" identd that is stripped down for
security purposes; freshmeat lists a few different identd implementations.
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
