[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

What to return for AUTH tcp/113 requests?

I belive it's not good to just drop the auth (ident) requests -- IIRC it
makes mail clients delay.

So the question is how should they be rejected?

   reject-with icmp-port-unreachable
   reject-with tcp-reset

Of course, I don't have any good reasons not to just allow the auth
requests.  Most will be for mail that's generated from behind a NAT and
sent to the NAT/Firewall machine which runs exim as a smarthost, so the
connections will belong to whatever exim is running as.  

I never thought about this, but do auth requests to ports that are 
forwarded by a NAT machine get forwarded?  I suspect not.

BTW -- is there a utility to manually send an auth request?  That would
help with testing the rules.


Bill Moseley

Reply to: