John Ward [exim-users] <04/07/01 14:25 +0200>:
> hmm... if i had a beer for every asshole who thinks that they now how pix's
> work.. i'd be permanently pissed
Thanks - but you do realize that the problem with most pixes is that they
have incompetent people behind them :( Like the kiddie^H^H^H^H^H^H junior
admin at our upstream's NOC (where we have a few boxen colo'd), who sees a
lot of port 22 traffic, panics and firewalls port 22.
The pix in general is a good piece of software ... but mailguard sucks. As
for admins who disable a perfectly good and secure, ESMTP capable mailserver
by putting a pix in front of it (and from what I can see, a Pix only does
plain vanilla smtp ...) - grrr...
People don't seem to read what Cisco says ... this is from one of their
advisories about Mailguard
> The Mailguard feature is intended to help protect weakly secured mail
> servers. The workaround for this issue is to secure the mail servers
> themselves, or upgrade to fixed PIX firewall code.
--
Suresh Ramasubramanian <--> mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
