What to return for AUTH tcp/113 requests?
I belive it's not good to just drop the auth (ident) requests -- IIRC it
makes mail clients delay.
So the question is how should they be rejected?
reject-with icmp-port-unreachable
or
reject-with tcp-reset
Of course, I don't have any good reasons not to just allow the auth
requests. Most will be for mail that's generated from behind a NAT and
sent to the NAT/Firewall machine which runs exim as a smarthost, so the
connections will belong to whatever exim is running as.
I never thought about this, but do auth requests to ports that are
forwarded by a NAT machine get forwarded? I suspect not.
BTW -- is there a utility to manually send an auth request? That would
help with testing the rules.
Thanks,
--
Bill Moseley
moseley@hank.org
Reply to: