Thanks Sam. But if I'm connecting to localhost, how does that play into reverse DNS?
The server is behind a firewall so the actual connecting address would be an internal IP anyway. But in the case of localhost I don't understand the role of reverse DNS and ident lookup. Ricardo On Thu, 2008-11-27 at 15:23 -0500, Sam Varshavchik wrote: > Ricardo Kleemann writes: > > > Hi, > > > > I'm trying to debug why sometimes it takes quite a while to get the 220 > > greeting on port 25. > > > > I thought maybe it's the filter (I use pureperlfilter) but I only have > > that enabled on esmtp and the delay I get is on localhost (telnet > > locahost 25) > > > > The server is not very busy. Sometimes it will take many seconds to get > > the 220 response even when the server is not busy, sometimes it's > > immediate. > > Two possible causes: > > 1) Reverse and forward DNS lookup on the connecting IP address > > 2) identd (auth) query to the source IP > > Possible cause for delays: > > 1) DNS misconfiguration. Merely not defining reverse IP does not cause a > delay. The DNS SOA for the zone replies with NXDOMAIN immediately, and life > goes on. But if reverse DNS for the zone points to a nonexistent NS, there > will be a delay waiting for the DNS query to time out > > 2) A broken firewall, or a broken TCP stack. Normally if identd is not > running on the connecting IP address, the connection attempt fails > immediately, and life goes on. If a broken TCP stack or a broken firewall > just drops all packets, there will be a delay waiting for the identd query > to timeout. > > Your options are to turn off reverse DNS and identd. If you choose to turn > off reverse DNS, your logs will not show connecting hostnames, and you > cannot use SPF. Turning off identd makes little difference, and is mostly > risk free. Both options are set in the esmtpd configuration file, the > TCPDOPTS setting. > > If you have a delayed prompt, a non-functioning identd manifests as a 30 > second delay, precisely. In your case, where the delays are sporadic, that > suggests flaky reverse DNS, with the exact behavior controlled by the > connecting IP address. > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ courier-users mailing list > [email protected] Unsubscribe: > https://lists.sourceforge.net/lists/listinfo/courier-users ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
