Authenicating users

Mike michael at NOMENNESCIO.NET
Tue May 24 19:52:26 IST 2005 

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>Behalf Of Kevin Miller
>
>That's what I love about this group - everybody's so willing to help!

Altruism rules! ;-)

>Yes.  We can thank Cisco for that.  That's what a PIX does to obfuscate the
>mail server.  I guess the assumption is that it's harder to exploit a
>particular version of software if you don't know what version/brand it is.
>On the inside I get normal headers.  It's never cause a problem (that I'm
>aware of anyway) before.

Well, if the PIX only obscures the hostname and/or the "Server ready" (or whatever) prompt, there wouldn't be a problem I think. At the moment it seems that it's not RFC compliant. There is NO hostname prompt whatsoever after the 220, which conflicts with RFC 821. If the reply was:

"220
<space>
<mailserver prompt>
<space>
************************************************************0*********2******200***0****2***0*00",

It would be compliant with RFC 821 at least. However, I think that RFC is partly obsolete, because I believe the string has to be as follows:

220
<space>
<hostname>
<space>
<(E)SMTP>
<space>
<prompt>

(no idea which RFC this is defined in)

Maybe you can experiment with "no fixup smtp" on the PIX. Current SMTP implementations have plenty of checks themselves, so I don't think there's a need for the PIX to mess with the SMTP protocol.

>Do the failures turn up in the logs at your side?  Can you tell if a
>failure is a false positive?  I'm interested in looking into milter-sender,
>but don't want to increase my FP rate in the process of getting rid of a >bit more spam...

This is what syslog show:

May 24 19:57:43 mx1 sendmail-in[19944]: j4OHvR8q019944: Milter (milter-sender): timeout before data read
May 24 19:57:43 mx1 sendmail-in[19944]: j4OHvR8q019944: Milter (milter-sender): to error state
May 24 19:57:43 mx1 sendmail-in[19944]: j4OHvR8q019944: Milter: from=<Kevin_Miller at ci.juneau.ak.us>, reject=451 4.3.2 Please try aga
in later
May 24 19:57:44 mx1 sendmail-in[19944]: j4OHvR8q019944: from=<Kevin_Miller at ci.juneau.ak.us>, size=3177, class=0, nrcpts=0, proto=ESM
TP, daemon=MTA-Inet, relay=mxg.ci.juneau.ak.us [199.58.52.9]

In other words, it doesn't show WHY (besides timeout) it fails, just THAT it fails.

As for the getting rid of a bit more spam, the CallBack drops spam significantly, only a fraction makes it to MS/SA. CallAhead is of course also a must.

>...Kevin

Regards,
Mike.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list