[ On Tuesday, March 18, 2003 at 23:33:44 (+0000), Bob Franklin wrote: ]
> Subject: Re: [Exim] Reaction to rude 554 greeting
>
> We use the 554 code on our internal, backend, servers (via the host_reject
> global option) - mail can only reach those machines from certain other
> machines to force it to pass through virus scanners, etc. - anything else
> gets a 554.
Why not firewall them with a host-based firewall so that only the
authorised SMTP-client hosts can successfully connect to them and
everyone else gets a TCP RST?
alternately (in case your servers are not sophisticated enough to run a
host-based firewall):
Since your hosts are in fact speaking SMTP anyway then why not wait
until the unwanted clients say HELO to tell them their connection and
transaction(s) is not wanted?
> As for above, how do you know that the thing connecting is not going to
> talk something other than SMTP before you return the error, if it's done
> at connect time [or are you basing it on IP address]?
I think the point is that one assumes a client connecting to a server's
port#25 will be speaking SMTP and thus if one doesn't want to actually
speak SMTP on one's port#25 then at least one can offer such a client a
meaningful error -- i.e. one pretends to speak just enough SMTP to avoid
the most obvious problems, and then one can get away with abusing
port#25 for non-SMTP purposes on some hosts.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>
