/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Scott Dunn <[EMAIL PROTECTED]> wrote: > > Everything is working great except for the checking of email. To > check a mailbox it takes 30 secs. If I use the simple rc.firewall > rules I can check the email fine. It sounds like your POP server is trying to make a connection back to you, for some sort of verification purposes. I have seen this from other servers, like IRC servers, as well. For instance, the POP server might want to connect back to your IDENT port (113) to ask your system to verify the username used to make your connection. The simple firewall rules might allow this connection to come in (and either be serviced or refused), allowing things to proceed normally. But the strong rules probably use the "DROP" target on the connection, so the remote server simply gets no response, and has to go through a 30-second timeout before it decides that it's not going to work. I've also seen IRC servers that try to test your connection for things like open proxies, by connecting to port 1080, 3128, or 8080, and if your firewall DROPs these packets, then the server will take a long time to figure out that they aren't responding. If you still want to run a strong firewall (and you should), then it might help to change those ports to use REJECT instead of DROP, so that the remote server at least gets a response right away. If you are paranoid (and you should be), you can configure it so only your specific mail/IRC server gets the REJECT response, while everyone else gets a DROP. -- [EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience. sometimes known as David DeSimone || Experience comes from bad judgment." _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
