From: JOHN HAMBLETON (jhamblet@NMU.EDU)
Date: Wed Dec 10 2003 - 14:51:44 EST
Looks like you're a good candidate for the granularity
of IPSec. I used IPSec to solve the very same problem.
John H
Thierry ITTY wrote:
>A 12:10 10/12/2003 -0500, vous avez écrit :
>>Can someone point me in the write direction as to how I would easily
>>disallow telnet to port 25, but still allow telnet to port 23?
>>I.e. I don't want to be able to telnet to port 25 and send mail, but I
>>still want to run sendmail, and allow telnet... or am I looking at this
>>wrong? Thanks.
>
>if you open the port 25 (usually dedicated to SMTP) you just can't
decide
>whether the client that will connect there will be a true smtp client
or a
>telnet one
>as you can simulate an smtp session using telnet (btw very useful to
>diagnose mail server problems) the smtp server won't be able to
distinguish
>between a telnet client and an smtp one
>the one clue i see right now would be that the smtp server be able to
>request a very short timeout on smtp dialog, which would make it
impossible
>to a human user to simulate an smtp connection
>
>hth
>
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:24 EDT