On Thu, 2005-12-22 at 03:29, Andy Pieters wrote:
> Hi
> > Sendmail will do a reverse DNS lookup for the IP address of the
> > connection to put the name in the logs. Apparently this
> > doesn't work for the address you are testing from and you
> > wait for a timeout. Perhaps the delegated DNS server is
> > blocked by a firewall that drops the packets. Likewise there
> > is an IDENT query for the owner of the socket, but those
> > timeouts are usually faster.
> >
>
> It seems to happen with *everyone* who tries to connect outside of the LAN.
> Reason enough for most MTA's to abandon the sending of the message and so I'm
> forced to do a temporary mail forwarding.
>
> Interstingly enough, there is a caching dns server living on the same host as
> the mail server, and the dns server is used troughout the LAN. The
> mailserver itself has "nameserver 127.0.0.1" in its resolv.conf file
>
> I went over the sendmail.mc file but couldn't find anything interesting
> pertaining this issue.
>
> Looking at maillog I see the connection being logged but nothing which can
> help me solve this problem.
>
> Anyone have any ideas?
How well does the nameserver work, and are there any firewalls
between the connecting machines and the mail server? Note that
a firewall that rejects packets with an 'ICMP denied' message
will not cause a problem like one that silently discards packets
leaving both end in a retry/timeout state. From the mailserver
try doing an nslookup on the IP address of a remote site
that exhibits the problem. For example
time nslookup 129.42.18.99
should take a fraction of a second of real time.
You can fix the IDENT side with:
define(`confTO_IDENT', `0')dnl
in sendmail.mc. I think the default timeout for the ident
response is 30 seconds and the response is pretty useless.
--
Les Mikesell
lesmikesell@xxxxxxxxx
