On Tue, 12 Jul 2005, Ian FREISLICH wrote: > Out of interest what proportion of your logs have useful ident data?
Depends what you mean by "useful". I give you these, for example: 2005-07-06 22:51:54 H=(corporation.net) [168.187.205.3] U=CacheFlow Server F=<[EMAIL PROTECTED]> rejected RCPT Rejected - appears to be an unsecured proxy: CacheFlow Server 2005-07-07 18:03:25 H=(mailhub.vianetworks.nl) [194.250.136.80] U=squid F=<[EMAIL PROTECTED]> rejected RCPT Rejected - appears to be an unsecured proxy: squid There's still (years after this problem was first exposed) a moderate number of such rejections in our log. In due course the IPs in question turn up in blacklists (and indeed both of those IPs are well and truly blacklisted now), and could be rejected on that or on other grounds, but these characteristic idents seem to be a sure-fire rejection, on the assumption that no-one is seriously going to run their MTA with a user name of "squid", let alone "CacheFlow Server". Sure, the original motive was multi-user systems, where individual users might be attempting direct-to-MX SMTP, and I'd admit that this scenario is far less usual than it used to be, for many different reasons. But when reporting abuse to some remote site, it can still be a useful handle. Whether you choose to activate ident or not is entirely a matter for your local policy, and I wouldn't for a moment try to tell you what to do. But if you do activate it, then definitely set the timeout to just a few seconds (we've used 7s for a considerable time, but I suspect it could well be less and still serve its purpose). Ideally, if a remote network is not going to respond to ident then it should reject, rather than dropping the traffic on the floor and leaving us to time out, but that isn't something we have any control over, obviously. best regards -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
