Re: [Exim] smtp-ident

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Philip Hazel
Datum:  
To: robert rotman, Tobias Galitzien, Jim Tittsler
CC: exim-users
Betreff: Re: [Exim] smtp-ident
On Thu, 16 Mar 2000, robert rotman wrote:

> a short question:
> why do MTA's make a tcp connetion to the auth-port (113) to the host
> starting an smtp connection?
> is this necessary?


Depends on your viewpoint (see below).

On Thu, 16 Mar 2000, Tobias Galitzien wrote:

> As I´ve been told this is an ancient way of authentication.


NO! It is *not* authentication, it is identification. There's a difference.

> I think it is somewhat obsolete, you can cut it off by adding
> "rfc1413_query_timeout = 0s" to exim.conf.


It is not obsolete (see below) but you can turn it off.

On Fri, 17 Mar 2000, Jim Tittsler wrote:

> It adds an additional bit of accountability to a mail transaction. In
> particular it allows the receiving system to find out who owned the process
> that connected to his system, which can be useful in a multi-user system.


Not always strictly true. The information given out can be anything the
originating system wants. I know of one ISP that sends out a
64-character string which is an encryption of the information about the
caller (where dialled in from, what time connected, etc, etc), so the
receiver of this cannot get any knowledge from it (but the sender can).

> It
> might not have been the normal MTA on the other end. A mail administrator
> might want to contact a remote administrator about some mail and knowing the
> owner of the process (or some token that the remote administrator can use to
> identify the owner) that sent the mail might be useful.


Indeed. Let me give the scenario I use to explain why ident is useful:

We run multi-users systems here, with thousands of registered users
(staff, students, whoever). Suppose one of them telnets to port 25 on
your host and abuses your mail system (sends offensive mail or whatever).
You contact me and say "We got abusive mail from your host." I say "What
was the ident information you obtained from my host and logged?"

If you say "We turned RFC 1413 off." or "We didn't log the RFC1413
information.", I say "Sorry, that could have been any one of 5,000
users. Maybe I can narrow it down to a few hundred who were logged in at
the time, but that will be a lot of work."

On the other hand, if you say "The RFC 1413 information was xxxxx.", I
can interpret xxxxx and know exactly which user to haul in and
interrogate.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.