Todd Graham Lewis says:
>On Mon, 10 Mar 1997, m* wrote:
>> hey all,
>> i have implemented a firewall using a 486/DX2 running linux ver. 2.0.6.
>> with reat success with one exception:
>> smtp connections through the firewall to our mail server are
>> ridiculously slow, like 25 seconds before the connection and xfer
>> completes. needless to say, this is unacceptable.
>> all of the other protocols handled by the f-wall are not affected.
>I guess that the mail server is trying to resolve the name of the
>delivering agent, but name service is being impaired by your firewall
>setup. Do you have DNS working properly on your SMTP host?
Another possibility is that the mail server is running a version of
sendmail that tries to do an ident call prior to accepting the connection.
Check the firewall logs. If it's dropping connections from the mail server
to the firewall on port 113, then it's the ident problem.
Sendmail on the mailserver will receive a connection and try and figure
out who originated that connection. In some cases it does this by using
ident. It will open a TCP port back to the originator of the email
connection. If that originator is a firewall, that packet will normally
get dropped. The sendmail that initiated it will have to wait for the
connection to timeout before proceeding on with the connection.
Mark Horn <mhorn @
PGP Public Key available from: http://www.es.net/hypertext/pgp.html
PGP KeyID/fingerprt: 00CBA571/32 4E 4E 48 EA C6 74 2E 25 8A 76 E6 04 A1 7F C1
Description: PGP signature