Author: Alan J. Flavell Date: To: Exim users list Subject: RE: [Exim] Re: Bug#261511: exim4: possible very long delay with
callout verification
On Mon, 9 Aug 2004, Chris Russell wrote:
> A touch off topic, but could you mail me a URL for this ? we employ pix's
Not as such, sorry; but google for the terms (I used e.g " cisco pix
smtp 220 ", without the quotes) brings plenty of fodder.
Apparently the official term is "mailguard firewall" (or maybe it's
mailwall chocolate fireguard, I dunno...)
I can't help thinking that a well-managed exim system is far better
than running some insecure internet-facing MTA and hoping to protect
it with what appears to be a very simple-minded defence mechanism.
But our problem wasn't at -our- end, but with the misguided souls at
the couple of sites with whom we randomly couldn't exchange mail.
Turned out to be some problem with their box destroying the MTU
discovery mechanism. Apparently "all" of their other correspondents
were using fixed MTU, and so we were the only ones experiencing the
problem (so they claimed).
N.B I've no reason to believe that these firewalls aren't capable of
being configured usefully. All that I'm saying is that this didn't
seem to be a useful configuration - and those responsible for it
didn't seem to be aware of what they'd done.