[lug] open port

Riggs, Rob RRiggs at doubleclick.net
Thu Mar 28 08:42:39 MST 2002 

FYI, AOL is now ignoring AUTH connections. Soon this won't be a problem,
because everyone that needs to communicate via email to AOL acccounts will
begin to turn off IDENT checking on their MTAs.

Personally, I think AUTH stinks. It is only valid in a trusted environment.
It made sense when everyone logged in to a central server to read and send
mail. When 99% of all mail is composed on individual workstations and
relayed through a central server, it is a waste of bandwidth.

So, help speed the demise of IDENT and continue to *ignore* those packets.
You won't here me say this often, but I applaud AOL for their decision. It
was ultimately a wise one. (I was not so happy when I first found out about
it, but I've come around.)

-Rob

-----Original Message-----
From: Chip Atkinson [mailto:chip at rmpg.org]
Sent: Thursday, March 28, 2002 7:52 AM
To: lug at lug.boulder.co.us
Subject: Re: [lug] open port


Jeff,

Don't ignore connections with your firewall.  You need to reject it with
a port unavailable message.  What happens is that the remote machine
attempts to make a connection on that port before mail transmission can
proceed.  If the connection is ignored, it has to time out and that takes
a while.  If the port is unavailable according to the firewall, the
connection attempt will be abandoned as soon as the machine receives the
ICMP message and mail will flow smoothly.
Chip
 On Thu, 28 Mar 2002, Jeff wrote:

> HI folks,
> Quick questions here.  I run a (very) small mail server out of my
> house.  When I send mail to most every body, within seconds, I get hits
> on port 113 on my machine; port 113, according to /etc/services, is
> Authentication Service.  Right now, my firewall rules, say just to deny
> (ignore) any hits on that port.  My questions are this:
> 1.  Should I leave the rules as they are?
> 2.  Are there any security holes in it, if I open the port?
> 3.  Is there a good reason for keeping the port closed or opening it?
>
> Thanks in advance.
> Jeff
>

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list