Speaking as a reformed Postmaster, when I was doing PM work for qualcomm, one of the network admins upgraded the firewalls, and 'nope, we didn't change anything, we just upgraded the code'. Well, they changed one rule. Instead of rejecting the ident queries, they dropped 'em. Mail pretty much stopped until they fessed up to what they changed. On Thu, 6 Dec 2001, Andrew Leonard wrote: > Quoting "Slighter, Tim" <tslighterat_private>: > > > you really should try and specify that the rule "drops" instead of > > reject so > > that the potential intruder is not provided with any information about > > their > > attempted connection. > > In this case (SMTP AUTH), if you drop instead of reject, you will have to wait > for the remote server to time out its auth connection before it lets you get on > with SMTP. This can slow mail delivery down substantially. > > cheers: > andy > -- > Andrew Leonard > Geospiza, Inc. > 3939 Leary Way NW > Seattle, WA 98107 > (206) 633-4403; (206) 633-4415 (fax) > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 13:38:12 PST