Firewall Wizards mailing list archives

Re: Firewalls breaking stuff: [Was re: fwtk]

From: Dominik Miklaszewski <dmikey () mac com>
Date: Thu, 18 Jul 2002 18:00:35 -0700



"Marcus J. Ranum" wrote:

Charles W. Swiger wrote:

To focus more on topics more relevant for this list, one of the biggest problems certain firewalls and mail proxies 
have is that they break the SMTP protocol.  For example, Cisco's PIX (with MailGuard?) attempts to proxy SMTP and 
breaks the state machine defined in RFC-821 or -822, as well as preventing ESMTP and violating the SMTP banner 
requirements.


[..]

I had few hot discussions with DNS admins out-there when my sendmail was doing strict DNS checks on MX, A and other 
ResolverOptions..
I eventually tunned it down to +DEFNAMES +RECURSE only as it turned out that DNS related RFCs are somewhat 
contradictory to SMTP related RFC when it comes to what's acceptable and what's not ....I had too many false positives 
from those uhmm.. "broken"(?) MTAs...
I actually can't imagine how for example, a load balanced SMTP installation can be RFC compliant...

Dominik

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: FWTK and smap/smapd, (continued)
- - - Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
    - Re: FWTK and smap/smapd Marcus J. Ranum (Jul 18)
    - Re: FWTK and smap/smapd Darren Reed (Jul 18)
    - Re: FWTK and smap/smapd Charles W. Swiger (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 16)
  - Re: FWTK and smap/smapd Rick Murphy (Jul 17)
    - Re: FWTK and smap/smapd Devdas Bhagat (Jul 17)
    - Re: FWTK and smap/smapd Rick Murphy (Jul 17)
    - Re: FWTK and smap/smapd Charles W. Swiger (Jul 17)
    - Firewalls breaking stuff: [Was re: fwtk] Marcus J. Ranum (Jul 18)
    - Re: Firewalls breaking stuff: [Was re: fwtk] Dominik Miklaszewski (Jul 18)
    - Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 19)
    - Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 19)
    - Re: Re: Firewalls breaking stuff: [Was re: fwtk] Marcus J. Ranum (Jul 19)
    - Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles Swiger (Jul 20)
    - Re: Re: Firewalls breaking stuff: [Was re: fwtk] Marcus J. Ranum (Jul 20)
    - Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 22)
    - Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
    - Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 22)
    - Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 16)

(Thread continues...)