I'm talking about speeding outbound mail through my firewall. Do you mean
that the remote mail server holds open the port 25 connection while it waits
on the outcome of its ident query? That doesn't sound right to me, but
maybe I'm missing something here.
Basically, as long as the remote server accepts the mail, I don't care about
whether it (the remote server) then ends up waiting on an ident connection
timeout. That won't make any difference to the speed of my firewall or my
(outbound-sending) MTA.
The idea that rejecting ident connections "speeds up mail" seems to be a
pretty popular idea; I'm just trying to get at how the mechanics of this
speedup are supposed to work.
-----Original Message-----
From: Jonah Kowall [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 23, 2000 6:15 PM
To: [EMAIL PROTECTED]
Subject: RE: Speeding up mail (was RE: [FW1] drop vs reject...)
The mailserver expects a reponse, if the response is "go away" then thats
fine, as long as the ident connection is closed, and not dropped. If its
dropped, the mailserver will take it as a poor connection, and until the
timeout is reached it will not process the mail.
-----Original Message-----
From: Swann, Stephen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 23, 2000 5:45 PM
To: [EMAIL PROTECTED]
Subject: Speeding up mail (was RE: [FW1] drop vs reject...)
A lot of people seem to be implying that rejecting inbound ident (instead of
dropping it) will speed up the processing of mail transactions through the
firewall. How is that? So what if the remote mail server pauses waiting
for an ident connection that it never manages to make? How does closing the
ident session with a reject speed things up for the firewall or for the
outbound mail client?
I'd appreciate any insight into this.
Thanks,
Steve
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 3:58 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] drop vs reject...
There is at least one occasion when Reject is better - for the Ident
service.
In simple terms:-
It appears to speed up some email systems because they 'expect' to see back
some sort of response to an Ident query and a quick Reject will do just
fine.
(Previous posts detail more)
Tim Higgins
"Barry W. Kokotailo"
<[EMAIL PROTECTED]> To:
Slava Shubinsky <[EMAIL PROTECTED]>
Sent by: cc:
"'[EMAIL PROTECTED]'"
[EMAIL PROTECTED]
<[EMAIL PROTECTED]>
kpoint.com Subject:
Re: [FW1] drop vs reject...
10/08/00 21:16
Please respond to merlin
Drop says drop the packet and say nothing to the the hacker.
Reject says to drop the packet but tell something to the hacker.
Preferred method is drop the packet.
merlin
Slava Shubinsky wrote: Could someone please explain the difference between
drop and reject and when
should each be used?
Thanks!
============================================================================
====
���� To unsubscribe from this mailing list, please see the instructions at
������������� http://www.checkpoint.com/services/mailing.html
============================================================================
====
--
Barry W. Kokotailo
Senior Unix Systems Administrator
1-780-675-6399
PGP =� 71 71 96 A3 C0 C2 23 7A� 23 4E D4 04 8C E0 42 6B� B0 2D D1 A5
#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
