[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [Qube2] ipfwadm deny port 113

Subject: Re: [cobalt-users] [Qube2] ipfwadm deny port 113
From: flash22@xxxxxxx
Date: Mon Dec 4 19:23:03 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sun, 3 Dec 2000, Mike Vanecek wrote:

> If one uses a deny all policy via ipfwadm, should port tcp 113 (ident) be
> allowed? It would appear that some mailers send back an ident before accepting
> mail. If tcp 113 is blocked in the firewall, will this cause delay or problems
> with email delivery?

It depends how you do it, if you set it to route to nowhere it will hand
the mail server for a minute or two untill it times out...if you have it
refure the connection (ICMP) then the mail servers generally give up
immediatly..

This is one of the more worthless features for sendmail, as it doesn't
care what the response was, it just sticks it in the logs...

(if configuered , it can generate authentication warnings in the delivered
email headers, but half the time peope don't know what this means anyhow,
and denying ident access does make some sense on a firewall as it gives
out some info you might not want to (eg valid usernames)

References:
- [cobalt-users] [Qube2] ipfwadm deny port 113
  - From: Mike Vanecek

Prev by Date: RE: [cobalt-users] What cpu is in a cobalt raq4 - screaming lawsuits
Next by Date: Re: [cobalt-users] [Mips] Are these Passwords Shadowed?
Previous by thread: [cobalt-users] [Qube2] ipfwadm deny port 113
Next by thread: [cobalt-users] [Qube2] Perl 5.6 on mips

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index