sendmail ident
Gerald Combs
gerald at ethereal.com
Tue May 31 09:00:02 CDT 2005
Jonathan Hutchins wrote:
> Default is 5 seconds.
>
>
>>I really wish Sendmail had a
>>FEATURE(`stop_pretending_its_still_1983')
>>configuration option.
>
>
> How about
> define(`confTO_IDENT',`0')dnl
> for M4, or
> O Timeout.ident=0
> for the raw sendmail.cf?
>
> (That'll turn it off.)
How about disabling it by default (or not even implementing it) in the
first place? Section 6 of RFC 1413 (which specifies ident) says:
"The Identification Protocol is not intended as an authorization or
access control protocol. At best, it provides some additional
auditing information with respect to TCP connections. At worst, it
can provide misleading, incorrect, or maliciously incorrect
information."
Finding a box that serves ident to the public internet these days is
difficult. If you do find one, the information it serves will likely be
bogus.
More information about the Kclug
mailing list