Re: my smtp server is very slow to accept connections today

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2006-04-05 at 08:44 -0500, Damon Lambooy wrote:
> Check iptables, if turned on then stop it  and test if problem fixed 
> then I would guess at "Ident port 113"  add it to iptables. then start
> iptables, check again.
> There normally is latency when port 113 is being blocked.

Ident is a dodgy thing to run, and opening a firewall for it has its
problems.  Firstly from abuse, if you run the service.  And secondly
opening a firewall for it ain't going to make any difference to timeouts
if you don't run the service.

If delays while waiting for an ident response are the problem, there's
two good solutions:  Stop the SMTP server from trying to do such a silly
thing.  Write a firewall rule that instantly rejects it, rather than
ignores it (causing a timeout), or allowing it through (causing a
timeout if there is no identd service, or leaking identification
information out where it shouldn't if there is an ident service).

Abuse example:  There are still websites out there that try to do ident
lookups on you when you browse them.  Do you really want some random
site you visit silently checking up your details?  Do you know what
they'll do with the information?  It's not something you'll get a
warning about, then get asked to allow or deny it based on need and/or
trustworthiness assessment.

-- 
(Currently running FC4, occasionally trying FC5.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux