[c-nsp] PIX error using fixup smtp

Brian Feeny signal at shreve.net
Sat Nov 13 10:41:26 EST 2004


I agree gert, its probably way overkill.

And who knows, maybe soon Cisco stops making fixup smtp the
default condition of the PIX.

Brian



On Nov 13, 2004, at 6:18 AM, Gert Doering wrote:
> But I still find it questionable - while it may be documented that it's
> "restricting things on port 25 to plain SMTP", I still want to ask
> "is that a useful thing to do, 9 years after the standardization of
> ESMTP"?
>
> Overly eager firewalls *hurt* - I field "fixup smtp" in the same bin
> as "deny icmp any any".  It might cause a warm and fuzzy feeling, but
> takes away useful functionality.
>
> (Note that I'm not trying to attack anybody, just trying to explain my
> feelings about this)
>
> gert
>
>
> -- 
> USENET is *not* the non-clickable part of WWW!
>                                                            
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany                             
> gert at greenie.muc.de
> fax: +49-89-35655025                        
> gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041113/5cca3134/PGP.bin


More information about the cisco-nsp mailing list