[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
remote mail servers not answering with a 220 line greeting
On Thu, 25 Feb 1999, Peter L. Peres wrote:
>
> Verify that you did not use any -k and -t options anywhere in the firewall
> setup, imho. man ipfwadm.
it's the firewall rules alright! I'm checking...
ok, apperently very few sites had this problem, I can check, but I think
they all use sendmail 8.9.x
what happend was that when I began setting up these packet filtering
rules I had denyed auth (tcp/113, aka identd) but realized it will slow
things down. I then proceded to set a rule ro reject sessions to tcp/113
instead of denying, and that worked quite well in the sendmail 8.8.x
era.
apperently now reject won't cut it. I had to set tcp/113 to "accept",
even though nothing listens on port 113 (usually inetd), only then
sendmail is happy and gives me the 220 greeting line.
seems to me like a potential security hole (again, nothing is listening
on port 113, so it's "half" safe). anyone knows of another solution at
the packet-filter level instead?
--
Ira Abramov ; whois:IA58 ; www.scso.com ; all around Linux enthusiast
-- "Of course Unix is a user friendly OS,
it is just very picky about its friends..."