Hi,
no, the receiving sendmail sends back an auth/ident request
after being contacted by any sender. This is after the SMTP
communication already started. Ident is to find the owner
of a connection (pair of sockets) at the remote machine. If
there's no ident server process listening on port 113/tcp the
host responds with a RST to the initiator. This is what your FW-1
can do for your internal hosts when you 'reject' ident queries
instead of silently dropping them. If you drop those packets
sendmail waits for the timeout (currently 5sec default) to occur
before communication goes on.
For the the use and purpose of the ident protocol simply read
RFC 1413. Words of wisdom from the author:
"At best, it provides some additional auditing information with
respect to TCP connections. At worst, it can provide misleading,
incorrect, or maliciously incorrect information."
Hans
P.S.: Some IRC server deny access when they find no ident server
running at the client's site. This is why mIRC, a famous IRC client
for Windows systems, comes with its own ident server.
At 07:48 21.06.00 -0500, John Stevenson wrote:
>[...]
>Sendmail uses Ident to see if the host on the other end is
>alive before it starts to communicate with it.
>
>John.
>
>-----Original Message-----
>From: James Edwards [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, June 21, 2000 7:32 AM
>To: 'James Toshack'; [EMAIL PROTECTED]
>Subject: RE: [FW1] IDENT Question
>
>
>
>I went thru this same issue when I put my firewall in. I finally decided to
>block it and see who screams. That was about a year ago and I see a lot of
>blocked ident traffic, almost all going to my mail server.
>
>Guess what, not one single complaint.
>
>Jim Edwards
>
>-----Original Message-----
>From: James Toshack [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, June 20, 2000 3:44 PM
>To: [EMAIL PROTECTED]
>Subject: [FW1] IDENT Question
>
>
>
>
>
>Can someone please tell me the importance of the TCP IDENT service port?
>The
>firewall I'm now managing has IDENT traffic blocked....I don't know if this
>is
>by design, or a mistake...our extrenal DNS's are producing hundreds and
>thousands of dropped IDENT packets...and I don't know what allowing our
>DNS's to
>process this IDENT traffic might produce in terms of a security risk. Is
>allowing this type of traffic considered pretty standard for a DMZ DNS
>Server?
>
>
>
>
>============================================================================
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
>
>
>============================================================================
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
