On Tue, 13 Jan 2015 14:27:42 -0500 David Parker <[email protected]> wrote:
> Thanks for the replies. > > The system is not using tcpwrappers, and it's also not a DNS issue. > The client PC does have a reverse DNS entry. A tcpdump packet > capture on the server shows the initial connection from the client > followed by a bunch of DNS traffic, all within the same second. Then > nothing happens for exactly 5 seconds, then the server sends data > back to the client. > > Just to be extra sure, I added an entry for it in /etc/hosts so DNS > wouldn't even be needed. Still made no difference. > Is it asking for an ident from the connecting server (TCP port 7)? This is an old-fashioned custom, when computers with MTAs also ran ident servers, which provided some fairly harmless information. Exim4 can certainly ask for an ident, and does nothing for a configurable timeout unless one is received, or the sender address is whitelisted. It is a simple anti-spam measure, as practically nothing runs ident servers today, and most malware will give up before a thirty-second timeout expires, whereas a legitimate MTA will wait for that long. -- Joe -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
