Well you learn something new every day. Today I learned inetd does ident checks on it's clients. This is annoying, is there a way you can turn this off inside inetd?
So I added a rule to return the port-unreachable error and everything now works hunky dory. Thanks everyone for your help. iptables -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset -----Original Message----- From: Evan Cofsky [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 8:46 AM To: Nathan Cassano Cc: [EMAIL PROTECTED] Subject: Re: TCP delay It really sounds like ident lookups. Telnet is typically started by tcpwrappers (tcpd), and Sendmail (I don't know about other MTAs) typically does ident lookups. If you're not running the identd, or having it start through inetd, but are still DROPping inbound packets to the SMTP client machine, the SMTP server will never receive the normal "connection refused" messages from the kernel, but will have to wait for it to time out.
