[lug] sendmail startup

Harris, James James_Harris at maxtor.com
Fri Nov 2 13:28:18 MST 2001 

Well, I don't know how to fix the exim problem, but I've used the following
sloth-like firewall bandages when I've gotten impatient... (you might have
to tweak them a bit for your specific situation.)

ipchains -A input -p tcp -s 0/0 -d 0/0 auth -j REJECT

Which will cause a remote machine that's trying to ident you to immediately
receive a REJECT instead of having to timeout if a DENY is occurring
anywhere.


ipchains -A output -p tcp -s 0/0 -d 0/0 auth -j REJECT

Which will cause your machine to REJECT it's own attempt at identing
somebody else that may be DENYing you.

Ehh, call me a freak, but it works for me.  It obviously causes you to be
less "stealth" if someone port scans you, but that may be an acceptable
loss... Ehh, anyway, just sharin' the twisted wealth.

Jim


-----Original Message-----
From: Nate Duehr [mailto:nate at natetech.com] 
Sent: Wednesday, October 31, 2001 18:58
To: lug at lug.boulder.co.us
Subject: Re: [lug] sendmail startup


Actually been wondering how to turn this feature off in exim also, if anyone
knows how... doesn't hurt anything, it's just annoying sometimes.

On Wed, Oct 31, 2001 at 10:10:50AM -0500, Hugh Brown wrote:
> I asked before looking.  Maybe this will be of some use to everyone.
> 
> It turns out that sendmail in RH defaults to do ident lookups.  If you 
> are hitting a mail server from behind a firewall that just drops the 
> packets, you have to wait for it to timeout.  So you can reconfigure 
> your firewall to reject identd packets or you can be lazy and put
> 
> 
> define(`confTO_IDENT', 0s)
> 
> in your sendmail.mc file pass it through m4 and it stops doing ident 
> lookups.
> 
> Chagrined at answering his own post,
> 
> Hugh
> 
> "rm at fabula.de"
> > 
> > On Wed, Oct 31, 2001 at 09:43:02AM -0500, Hugh Brown wrote:
> > > I have a mail server that starts up rather slowly (on the order of 
> > > 20-30 seconds).  Any ideas on why it would take so long?  It is on 
> > > a high speed connection on both ends.
> > > 
> > Hmmm, that sounds like it _could_ be a name resolution problem. You 
> > could try to do a packed dump with tcpdump or ethereal and observe 
> > the DNS traffic. Just a quick guess.
> > 
> >  Ralf Mattes
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.
_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list