Quoth Dave C. on Tue, Jul 02, 2002 at 09:23:21 -0400
> > > 220 ***************2**********************2*0*0 ***
> >
> > Any MTA sitting behind a Cisco PIX with "Fix broken SMTP" (or some
> > such) turned on.
>
> Which actually does exactly the opposite of its name, eg 'break
> perfectly good SMTP and block ESMTP completely'
>
> Pix admins: learn this, and learn it well:
>
> 'no fixup protocol smtp'
>
> No Pix should be without it.
Sadly this is typical of `security via obscurity' that is so popular
nowadays. Of course it doens't work, but it is so much easier to sell
something to masks things that something that is actually usefull.
Exim is incredibly secure (unless badly installed -- what do you mean
chmod -R 777 / ????) and a few good firewalls rules on your mailserver
make sure that no one can access any other port than 25. But then again,
it requires competance and actual clue. *grumbles*
--
yann@??? -=*=- www.kierun.org
PGP: www.kierun.org/pgp/key-kierun
PGP: 009D 7287 C4A7 FD4F 1680 06E4 F751 7006 9DE2 6318
IRC: nick kierun, server spod.uk.amiganet.org, channel #sanctus
