[c-nsp] PIX error using fixup smtp
Brian Feeny
signal at shreve.net
Sat Nov 13 10:41:26 EST 2004
I agree gert, its probably way overkill.
And who knows, maybe soon Cisco stops making fixup smtp the
default condition of the PIX.
Brian
On Nov 13, 2004, at 6:18 AM, Gert Doering wrote:
> But I still find it questionable - while it may be documented that it's
> "restricting things on port 25 to plain SMTP", I still want to ask
> "is that a useful thing to do, 9 years after the standardization of
> ESMTP"?
>
> Overly eager firewalls *hurt* - I field "fixup smtp" in the same bin
> as "deny icmp any any". It might cause a warm and fuzzy feeling, but
> takes away useful functionality.
>
> (Note that I'm not trying to attack anybody, just trying to explain my
> feelings about this)
>
> gert
>
>
> --
> USENET is *not* the non-clickable part of WWW!
>
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041113/5cca3134/PGP.bin
More information about the cisco-nsp
mailing list