Antje Koschel <[EMAIL PROTECTED]> writes:
> we are testing a firewall setup at the moment and see the strange behaviour that
> connections from inside to an outside mailserver take about 30 seconds to
time delays with connecting to port 25 always say to me 'ident' - ie,
is the remote system attempting to make an ident (port tcp/113)
connection back to you and suffering a delay because it gets no
response and no TCP reset?
(clues here would include looking at what your firewall is rejecting
during this time.)
it's fairly common practice, if you're not wanting to provide an ident
response to remote systems for later tracking purposes, to configure
filters to send TCP resets for port 113 (whereas most defaults are
just to 'drop' the packet, ie ignore it and act as if it was never
received.)
James.
