[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smtpserver aborts

To: jmack@phys.ualberta.ca
Subject: Re: smtpserver aborts
From: Matti Aarnio <mea@utu.fi>
Date: Tue, 31 Jan 1995 01:25:13 +0200 (EET)
Cc: zmailer@nic.funet.fi
In-Reply-To: <Pine.3.87.9501301322.C3079-0100000@tshimshan> from "James S MacKinnon" at Jan 30, 95 01:35:48 pm

(In Finland we have the time of the year to fill in IRS forms,
 my mind is not very well on programming right now..)

> On Mon, 30 Jan 1995, Matti Aarnio wrote:
> 
> > 	One case is with BROKEN UCX (?) which considered a case
> > 	of not having IDENT service on a VMS as a valid reason to
> > 	tear down ALL connections in between the remote server,
> > 	and the VMS machine...  One choice o that is not to use "-a"
> > 	option on the SMTPOPTIONS -line of the /etc/zmailer.conf ..
> Yes indeed, this at least seems to be true in all the problem cases
> I have encountered so far:
	[Some re-arrangements ahead]
...
> I'd hate to have to turn off authentication...
> 
> Is there a way that smtpserver can use a separate stream for IDENT
> which will not tear down the existing smtp connection, and if the
> remote host or firewall does not support IDENT, just proceed as
> usual? 
> Or is the IDENT query fatal enough that the whole connection
> gets ripped out by the #alls?

	The lookup happens BEFORE the logging of the first line
	("connect from UNKNOWN@....") into the logfile.  That is
	how it becomes "UNKNOWN@.."..

	On SOME machines receiving a connection to a TCP-port, which
	does not have a bound service, does cause (instead of
	"connection refused") tear-down of all connections in between
	that host, and host trying to connect to it.
	(But apparently that is not the case in here.)

	I have also heard of IP-firewalls which did cut the line,
	when they got probed by the IDENT.  When their managers
	learned about IDENT, they changed the policy..
	(They wanted to use  ftp.funet.fi  :-)  )

> # telnet inti.pci.on.ca ident
> telnet: Unable to connect to remote host: Host is unreachable
> # telnet dxmint.cern.ch ident
> telnet: Unable to connect to remote host: Host is unreachable
> # telnet fsm-1.pica.army.mil ident
> telnet: Unable to connect to remote host: Host is unreachable
> # telnet MORSE.NORCEN.COM ident
> telnet: Unable to connect to remote host: Host is unreachable

	These look like the routers in there are configured to
	respond "host unreachable", when they filter something,
	and choose to drop it to the "floor"..


> --
> James S. MacKinnon             Office: P-139 Avahd-Bhatia Physics Lab
> Computing/Networking           Voice : (403) 492-8226
> Department of Physics
> University of Alberta          email : Jim.MacKinnon@Phys.UAlberta.CA
> Edmonton, Canada T6G 2N5             : jmack@Phys.UAlberta.CA

Follow-Ups:
- Re: smtpserver aborts - partial solutions at least!
  - From: James S MacKinnon <jmack@phys.ualberta.ca> (Tue, 31 Jan 1995 02:22:34 +0200)

References:
- Re: smtpserver aborts
  - From: James S MacKinnon <jmack@phys.ualberta.ca>

Prev by Date: Scheduler zombies
Next by Date: Re: Scheduler zombies
Prev by thread: Re: smtpserver aborts
Next by thread: Re: smtpserver aborts - partial solutions at least!
Index(es):
- Date
- Thread