On Tue, Jan 23, 2001 at 04:05:38PM +0100, Henning Brauer wrote:
> On Tue, Jan 23, 2001 at 02:22:24PM +0000, Mark Delany wrote:
> > You do not need to run an ident server, and indeed many people
> > don't. The impact applies to Scenario 1. Remote systems will be trying
> > to contact your ident server when you send mail out. Because you are
> > not running an ident server, they will timeout on that connection
> > prior to proceeding with the SMTP transaction. This is no big deal,
> > but it does add delay to some of your outgoing emails.
>
> This could easily avoided in your firewall: for every incoming ident-lookup
> reset the connection immediately.
> In ipfilter this would be something like:
> block return-rst in quick on [interface] from any to any port=ident
Or more simply have a tcpserver process listen on the ident port and
run "/bin/true" for each connection.
tcpserver -HRl0 0 113 /bin/true
Regards.
