On Tue, Jan 23, 2001 at 09:05:10AM -0500, Steve Woolley wrote:
> I added both the -R and -H options and the initial connection
> lag does not seem to have reoccurred. I will be trying the
> -R and the -H individually to isolate the problem.
> However, later in your note, you mentioned identd. I have
> removed this service from my exposed email and web servers
> because I heard they were security holes. I also thought identd
> was only for other hosts trying to id processes on my box and
> thus figured it was not needed. Could this be the problem?
No. This is how it works:
Scenario 1: When your system establishes an SMTP session with a remote
system, the remote system may try and contact an ident server on your
system.
Scenario 2: When a remote system establishes an SMTP session with your
system, your tcpserver will try and contact the ident server on the
remote system. If the remote system is not running an ident server,
tcpserver has to wait for the timeout before proceeding. This is what
was happening to you.
By using the -R option on your tcpserver, you stop it trying to
contact the remote ident server.
You do not need to run an ident server, and indeed many people
don't. The impact applies to Scenario 1. Remote systems will be trying
to contact your ident server when you send mail out. Because you are
not running an ident server, they will timeout on that connection
prior to proceeding with the SMTP transaction. This is no big deal,
but it does add delay to some of your outgoing emails.
Regards.
>
> Steve
>
> ----- Original Message -----
> From: "Andrew Richards" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; "'Steve Woolley'" <[EMAIL PROTECTED]>
> Sent: Monday, January 22, 2001 2:35 PM
> Subject: RE: slow connection init
>
>
> > >flys (very fast). After aprox one day, any
> > >connection into this server (sshd, telnet , pop,
> > >smtp, etc) takes a while to initiate. Sometimes
> > >more than 60 seconds -- which of course times out
> > >most POP connections. Once connected, everything seems to
> > >act normal (connections initiated quickly).
> >
> > Steve,
> >
> > Also take a look at the -R, -H and -l options to tcpserver - these
> > relate to DNS and identd lookups - try using all three (see the
> > man page) and see if the behaviour of the box changes. If so,
> > investigate why - then either leave these options in, or address
> > the issues these options work around.
> >
> > cheers,
> >
> > Andrew.
> >
> >
>
