"Pascal C. Kocher" wrote:
>
> This is wrong. You are still able to get mail through port 25 and not
> allowing telnet (at least telnet clients) to connect to the mailserver
> over this port. Telnet sends options upon connection (link Terminal
> Type) which a regular SMTP Connection would not send. Based on this you
> could filter out telnet connections. Althoug I don't know of any
> firewall product which supports this.
Wrong.
Telnet clients don't send WILL/WON'T telnet codes to things that
aren't telnet servers. At least not any of the telnet clients
under unix that I use.
The vast majority of telnet clients won't send stuff char-by-char
(as some people claimed they do) either, unless _explicitly_ told
so. The windows NT/2K telnet clients from microsoft however,
are another story. But then again, those are far from the only
windows-based telnet clients; securecrt and its crypto-less
companion "crt", for example, use line mode.
The only way to distinguish a proper telnet client from a "real"
SMTP sender would be through line-by-line timings, but then we're
getting into very iffy stuff -- a mail server coming through
across a slow connection with high loads or packet loss will also
get delays.
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
