Re: What to return for AUTH tcp/113 requests?
> I belive it's not good to just drop the auth (ident) requests -- IIRC it
> makes mail clients delay.
> So the question is how should they be rejected?
> reject-with icmp-port-unreachable
> reject-with tcp-reset
tcp-reset - this is the behavior that a closed port normally gives.
> Of course, I don't have any good reasons not to just allow the auth
> requests. Most will be for mail that's generated from behind a NAT and
> sent to the NAT/Firewall machine which runs exim as a smarthost, so the
> connections will belong to whatever exim is running as.
> I never thought about this, but do auth requests to ports that are
> forwarded by a NAT machine get forwarded? I suspect not.
not normally, but some identd servers have a forwarding function, look at
midentd and oidentd.
> BTW -- is there a utility to manually send an auth request? That would
> help with testing the rules.
telnet or netcat ;) the requests are pretty simple, see
http://www.faqs.org/rfcs/rfc1413.html for details.
> Bill Moseley
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org