[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

remote mail servers not answering with a 220 line greeting



On Thu, 25 Feb 1999, Peter L. Peres wrote:

> 
> Verify that you did not use any -k and -t options anywhere in the firewall
> setup, imho. man ipfwadm.

it's the firewall rules alright! I'm checking...

ok, apperently very few sites had this problem, I can check, but I think
they all use sendmail 8.9.x

what happend was that when I began setting up these packet filtering
rules I had denyed auth (tcp/113, aka identd) but realized it will slow
things down. I then proceded to set a rule ro reject sessions to tcp/113
instead of denying, and that worked quite well in the sendmail 8.8.x
era.

apperently now reject won't cut it. I had to set tcp/113 to "accept",
even though nothing listens on port 113 (usually inetd), only then
sendmail is happy and gives me the 220 greeting line.

seems to me like a potential security hole (again, nothing is listening
on port 113, so it's "half" safe). anyone knows of another solution at
the packet-filter level instead?

-- 
Ira Abramov ;  whois:IA58  ;  www.scso.com ;  all around Linux enthusiast 
                              --  "Of course Unix is a user friendly OS, 
                              it is just very picky about its friends..."