nanog mailing list archives
Re: disabling SMTP
From: Richard Welty <rwelty () averillpark net>
Date: Mon, 29 Mar 2004 07:30:18 -0500 (EST)
On Mon, 29 Mar 2004 07:20:47 -0500 Rob Nelson <ronelson () vt edu> wrote:
Richard Welty wrote:when smtp fixup is on (default on many older pixes, i gather that there may be some improvements on newer pixes), the smtp banner is mostly obscured by * characters. the intent is a classic security by obscurity play, to hide the type and verison of the MTA behind the pix.
Okay, so this is a problem when an SMTP server is hosted behind the PIX?
yes.
I thought the fixup statements were for outbound connections, and with it on right now I get the full banner from SMTP servers. I don't host an SMTP server myself, so can't check that.
nope, they mangle inbound connections too. in addition to the banner obscuration, i (and others) have seen patterns of intermittant, arbitrary disconnections of SMTP sessions when fixup is turned on. this is harder to diagnose, though, because there is a TCP bug in some variants of Outlook that causes similar behavior. those of us running exim as an MTA a couple of revs back had to patch our installs to work around the Outlook TCP bug. i believe that patch is now permanently part of exim, as it is unlikely that the Outlook bug will ever entirely go away. richard -- Richard Welty rwelty () averillpark net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Current thread:
- Re: disabling SMTP, (continued)
- Re: disabling SMTP Richard Welty (Mar 27)
- Re: disabling SMTP Rob Nelson (Mar 28)
- Re: disabling SMTP Suresh Ramasubramanian (Mar 28)
- Re: disabling SMTP Richard Welty (Mar 28)
- Re: disabling SMTP Richard Welty (Mar 28)
- Re: disabling SMTP Eric A. Hall (Mar 28)
- Re: disabling SMTP Eric A. Hall (Mar 28)
- Re: disabling SMTP David A . Ulevitch (Mar 28)
- Re: disabling SMTP Rob Nelson (Mar 28)
- Re: disabling SMTP Richard Welty (Mar 27)
- Re: disabling SMTP Rob Nelson (Mar 29)
- Re: disabling SMTP Vinny Abello (Mar 29)
- Re: disabling SMTP Richard Welty (Mar 29)
- Re: disabling SMTP Suresh Ramasubramanian (Mar 29)