What to return for AUTH tcp/113 requests?
>>>>> "M" == moseley <email@example.com> writes:
M> I belive it's not good to just drop the auth (ident) requests
M> -- IIRC it makes mail clients delay.
M> So the question is how should they be rejected?
M> reject-with icmp-port-unreachable or reject-with tcp-reset
Tcp reset. For two reasons: (1) some idiots ban ICMP outright at
firewalls. (2) common practice (icmp port unreachable for UDP, TCP
reset for tcp)
M> BTW -- is there a utility to manually send an auth request?
M> That would help with testing the rules.
Telnet or netcat + tcpdump if you wish.