firewalls-digest-owner @
greatcircle .
com writes:
>A related question is, should your firewall send back anything at all or
>should you leave the sender wondering what happened to his nastygrams ?
Consider the case where sendmail does an RFC-931 query before presenting
it's 200 banner on port 25 connections. If a firewall on the sender just
eats the port 113 connect attempts, then the sender will probably
timeout waiting for the welcome mat. What makes this worse is that many
sendmails, having gotten a connection, then having it time out waiting
for a welcome, will NOT go back and try secondary MX hosts, so the mail
will be forever undeliverable.
If instead the firewall bounced a host unreachable back, then the IDENT
query fails much more quickly and the sendmail can then put out the
welcome mat in time and the SMTP transaction continues normally.
--
Nick Sayer <nsayer @
quack .
kfu .
com> | "Post and the world posts with you.
N6QQQ @ N0ARY.#NOCAL.CA.USA.NOAM | Browse the web and you browse alone."
+1 408 249 9630, log in as 'guest' |
URL: http://www.kfu.com/~nsayer/ | -- The Usenet Oracle
Follow-Ups:
|
|
