nanog mailing list archives
Re: disabling SMTP
From: Vinny Abello <vinny () tellurian com>
Date: Mon, 29 Mar 2004 07:52:55 -0500
At 07:20 AM 3/29/2004, Rob Nelson wrote:
when smtp fixup is on (default on many older pixes, i gather that there may be some improvements on newer pixes), the smtp banner is mostly obscured by * characters. the intent is a classic security by obscurity play, to hide the type and verison of the MTA behind the pix.Okay, so this is a problem when an SMTP server is hosted behind the PIX? I thought the fixup statements were for outbound connections, and with it on right now I get the full banner from SMTP servers. I don't host an SMTP server myself, so can't check that.
SMTP fixup is for hosts behind the firewall. That is after all what it's trying to protect (in theory) by mangling the SMTP protocol. :)
Vinny Abello Network Engineer Server Management vinny () tellurian com (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIANThere are 10 kinds of people in the world. Those who understand binary and those that don't.
Current thread:
- disabling SMTP Eric A. Hall (Mar 27)
- Re: disabling SMTP Richard Welty (Mar 27)
- Re: disabling SMTP Rob Nelson (Mar 28)
- Re: disabling SMTP Suresh Ramasubramanian (Mar 28)
- Re: disabling SMTP Richard Welty (Mar 28)
- Re: disabling SMTP Richard Welty (Mar 28)
- Re: disabling SMTP Eric A. Hall (Mar 28)
- Re: disabling SMTP Eric A. Hall (Mar 28)
- Re: disabling SMTP David A . Ulevitch (Mar 28)
- Re: disabling SMTP Rob Nelson (Mar 28)
- Re: disabling SMTP Richard Welty (Mar 27)
- Re: disabling SMTP Rob Nelson (Mar 29)
- Re: disabling SMTP Vinny Abello (Mar 29)
- Re: disabling SMTP Richard Welty (Mar 29)
- Re: disabling SMTP Suresh Ramasubramanian (Mar 29)