Re: Ipchains and smtp rule

From: Brian Hatch (focus-linux@ifokr.org)
Date: 11/22/01


Date: Thu, 22 Nov 2001 14:48:29 -0800
From: Brian Hatch <focus-linux@ifokr.org>
To: Kutulu <kutulu@kutulu.org>
Subject: Re: Ipchains and smtp rule
Message-ID: <20011122144829.N28470@ifokr.org>



> > If I do a telnet mailserver 25, i get a roughly 30 sec delay.
> > I've seen remarks about exactly that kind of delay on various lists
> > before, and it's usually a dns problem, so I'm going to check the
> > caching nameserver setup for errors.

It's probably due to the mail server attempting an IDENT (port 113)
request to the client. If the client's IDENT port is silently
ignoring this connection (ipchains DENY vs REJECT) then it takes
a while before the mail server gives up. This timeout is usually
configurable.

--
Brian Hatch                  Turning off setuid bits
   Systems and                of important unix tools
   Security Engineer          is like poking out an
http://www.ifokr.org/bri/     eye to prevent misuse.
                              -- Nick Esborn.
Every message PGP signed




Relevant Pages

  • RE: ipchains vs.
    ... Subject: ipchains vs. ... I would say wrappers would be your best bet. ... Remember to keep on top of the bugs in your mail daemon... ... I am setting up a simple mail server and have turned off all daemons but pop ...
    (Security-Basics)
  • Re: ipchains vs.
    ... On Saturday 01 September 2001 10:29 pm, James Richter wrote: ... > I am setting up a simple mail server and have turned off all daemons but ... Is there still a need to configure ipchains? ... use ipchains to block access to this so only they can access it ...
    (Security-Basics)