On 07/06/06, Toralf Lund <[EMAIL PROTECTED]> wrote: > > > I'm having problems sending to a server that appears to be running Exim [ > > ... ] > > The following sequence of (slightly rewritten) > > log messages should make it clear how the failure occurs: > > > Just after posting this, it occurred to me that I really ought generate > a log with *all* options enabled - I just added SMTP connection messages > to the default earlier. When I did, I got the same messages, but also > > 2006-06-07 13:39:12 ident connection to 192.168.0.186 timed out > > I then disabled all "ident" connections via > > rfc1413_query_timeout = 0s > > and was actually able to deliver my message! So the synchronisation > problem appears to be a symptom rather than the real issue - maybe it's > just a result of waiting so long for the ident connection. Also, it > looks like I have a workaround now. I'll still appreciate it if someone > can give me more details on what is going on, though. Also, what exactly > are the consequences of disabling rfc1413 queries?
The real problem is that the system the other end got impatient waiting for your banner, which took a while because you were doing an ident query back to them, and they don't support it and don't reject the packet properly. It's their problem not yours, but you've found a workaround. 2 issues with disabling idents : 1. You won't be able to log whatever token a remote server might want to send you in its ident reply - which in the occasional case might be requested as part of an abuse investigation. So rare it's not worth bothering with (IMHO). 2. Sometimes the ident is a dead giveaway for a comprimised proxy. But to make use of this you need to code up ACLs to deal with it, and if you haven't then it's not useful for you. If either of these issues concerns you, Instead of disabling idents completely you could simply exclude the troublesome hosts using 'rfc1413_hosts' Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
