[69168] in North American Network Operators' Group
Re: disabling SMTP
daemon@ATHENA.MIT.EDU (Vinny Abello)
Mon Mar 29 07:48:38 2004
Date: Mon, 29 Mar 2004 07:52:55 -0500
To: Rob Nelson <ronelson@vt.edu>
From: Vinny Abello <vinny@tellurian.com>
Cc: Richard Welty <rwelty@averillpark.net>, nanog@merit.edu
In-Reply-To: <6.0.3.0.1.20040329071901.024cd818@pop.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
At 07:20 AM 3/29/2004, Rob Nelson wrote:
>>when smtp fixup is on (default on many older pixes, i gather that there
>>may be some improvements on newer pixes), the smtp banner
>>is mostly obscured by * characters. the intent is a classic security
>>by obscurity play, to hide the type and verison of the MTA behind
>>the pix.
>
>Okay, so this is a problem when an SMTP server is hosted behind the PIX? I
>thought the fixup statements were for outbound connections, and with it on
>right now I get the full banner from SMTP servers. I don't host an SMTP
>server myself, so can't check that.
SMTP fixup is for hosts behind the firewall. That is after all what it's
trying to protect (in theory) by mangling the SMTP protocol. :)
Vinny Abello
Network Engineer
Server Management
vinny@tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN
There are 10 kinds of people in the world. Those who understand binary and
those that don't.