auth + sendmail ident

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Feb 5 13:34:54 GMT 2003


--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 05, 2003 at 11:59:38AM -0000, Mark Stewart wrote:
> does anyone know how to stop the auth service running on port 113 as send=
mail is hammering my firewall with auth requests.

Generally I use a rule like:

    add 1300 reset tcp from any to 81.2.69.218 113 setup in recv de0

to refuse external mailers to communicate with my mailer's ident
service.  You want to 'reset' rather than 'deny' the connection, or
mail transfer will stall for ages while the attempted connection times
out.

Similarly, to prevent the local sendmail from making ident (RFC1413)
requests, all you need do is set:

    Timeout.ident=3D0

in sendmail.cf. That is best done by:

    define(`confTO_IDENT', `0')dnl

in /etc/mail/`hostname`.mc

You may need to apply similar changes to /etc/mail/submit.mc and
/etc/mail/submit.cf --- I can't remember off hand if the sm-msp uses
ident lookups or not.

Applying these changes will prevent the '$_' macro being set, which is
usually only used in Received: headers. =20

	Cheers

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+QRL+dtESqEQa7a0RAhn2AJ4/mKsXBRGmU+pfsF0cQZMV6dqjPgCeL90B
ZGi2JMo+AIY65e29bPbDJrE=
=QP/Z
-----END PGP SIGNATURE-----

--RnlQjJ0d97Da+TV1--




More information about the Ukfreebsd mailing list