On Mon, 29 Mar 2004 07:20:47 -0500 Rob Nelson <ronelson@vt.edu> wrote:
Richard Welty wrote:
when smtp fixup is on (default on many older pixes, i gather that there may be some improvements on newer pixes), the smtp banner is mostly obscured by * characters. the intent is a classic security by obscurity play, to hide the type and verison of the MTA behind the pix.
Okay, so this is a problem when an SMTP server is hosted behind the PIX?
yes.
I thought the fixup statements were for outbound connections, and with it on right now I get the full banner from SMTP servers. I don't host an SMTP server myself, so can't check that.
nope, they mangle inbound connections too. in addition to the banner obscuration, i (and others) have seen patterns of intermittant, arbitrary disconnections of SMTP sessions when fixup is turned on. this is harder to diagnose, though, because there is a TCP bug in some variants of Outlook that causes similar behavior. those of us running exim as an MTA a couple of revs back had to patch our installs to work around the Outlook TCP bug. i believe that patch is now permanently part of exim, as it is unlikely that the Outlook bug will ever entirely go away. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security