>Ever since I've implemented a strong firewall / masquerade ruleset
>fetching mail using POP3 has become much slower. When I pull my mail up
>from the server it takes about 5 minutes to retrieve 30 or so messages
>..... I think this could be faster.
It might not be your firewall's ruleset per se.
When a remote computer connects to your strong firewalled machine for
say POP3 mail, it has to:
- Confirm that your IP is allowed via the packet firewall
- Do the normal TCP setup
- check TCP wrappers
- Do a reverse lookup on the remote IP address
- possibly do an IDENT of the remote machine
- Spawn the in.pop3d program
- lock the /var/spool/mail/user file and copy the WHOLE thing
into a temp directory
- Serve out pop3 mail
- copy the updated /var/spool/mail/user file back
- close the TCP connection
Usually.. people complain about performance when the real issue is:
- they are filtering ICMP when they shouldn't be
(ident isn't running but ICMP destination unreachable isn't
getting back to the remote computer)
- they are using a default policy of DENY on their firewall and
not REJECT
- Either the local or remote forward and reverse DNS lookups are
messed up
- IDENT is improperly setup (I personally DON'T run it. Ie. it
is #ed out in my /etc/inetd.conf file)
- the user's /var/spool/mail file is HUGE and the disks
are too fragmented or slow
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
