> > Quite some time ago, I had strange problems with some (broken?) mail > > servers refusing to accept mail when I simply REJECTed ident connects - > > apparently they didn't like the default ICMP error message > > (icmp-port-unreachable, I think)... > > Maybe because RFC says that a SYN on a closed port must be replied with > RST, and not ICMP port unreachable... It is true but by sending ICMP port unreach. you inform the second party's tcp stack that the port is unreachable, which should cause the stack to inform the application that there is a problem. Maybe the application (the mail daemon) was not handling this type of error. Properly written code should react for TCP RSTs and all other ICMP error messages, and other error conditions. Maciej
