Re: why does this sendmail connection take so long?
lists Now just if I could get Sendmail to not do those dang identd checks lists all the time... Add this to your .mc file: define(`confTO_IDENT', `0') To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
On Thu, Aug 29, 2002 at 11:27:07AM -0700, Gregory Neil Shapiro wrote: That explains it. You have a record pointing localhost.example.org at ::1 Unfortunately this is our default configuration: # $FreeBSD: src/etc/hosts,v 1.15 2001/12/11 22:36:10 rwatson Exp $ ..snip.. ::1 localhost localhost.my.domain 127.0.0.1 localhost localhost.my.domain This has caused me trouble before and I've been close to reversing the IPv6 and IPv4 lines... I swapped them since I have log_in_vain turned on, and I didn't like the extra alerts I was getting. Works great for me... Now just if I could get Sendmail to not do those dang identd checks all the time... The less false alarms that log_in_vain reports, the more safe and cozy I feel :) Eric To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
On 28 Aug 2002 at 16:43, Terry Lambert wrote: Dan Langille wrote: I've tested this from several boxes behind my firewall each time emailing to a box outside the firewall. The test was: echo 'hi there' | mail [EMAIL PROTECTED] echo 'hi there' | mail -v [EMAIL PROTECTED] ? After issuing the above command, there is a 75s delay (see below for delay location). All subsequent lines appear without delay. At the end of this message, I've issued the commands by hand. No delays occur. [dan@xeon:~] $ echo 'hi there' | mail -v [EMAIL PROTECTED] [EMAIL PROTECTED] Connecting to localhost.example.org. via relay... insert 75s delay here 220 xeon.example.org ESMTP Sendmail 8.12.5/8.12.5; Thu, 29 Aug 2002 08:32:14 -0400 (EDT) EHLO xeon.example.org 250-xeon.example.org Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP MAIL From:[EMAIL PROTECTED] SIZE=34 250 2.1.0 [EMAIL PROTECTED]... Sender ok RCPT To:[EMAIL PROTECTED] DATA 250 2.1.5 [EMAIL PROTECTED]... Recipient ok 354 Enter mail, end with . on a line by itself . 250 2.0.0 g7TCWERq037402 Message accepted for delivery [EMAIL PROTECTED] Sent (g7TCWERq037402 Message accepted for delivery) Closing connection to localhost.example.org. QUIT 221 2.0.0 xeon.example.org closing connection 220 xeon.example.org ESMTP Sendmail 8.12.5/8.12.5; Thu, 29 Aug 2002 08:32:30 -0400 (EDT) EHLO xeon.example.org 250-xeon.example.org Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP MAIL From:[EMAIL PROTECTED] SIZE=37 250 2.1.0 [EMAIL PROTECTED]... Sender ok RCPT To:[EMAIL PROTECTED] DATA 250 2.1.5 [EMAIL PROTECTED]... Recipient ok 354 Enter mail, end with . on a line by itself . 250 2.0.0 g7TCWURq037483 Message accepted for delivery [EMAIL PROTECTED] Sent (g7TCWURq037483 Message accepted for delivery) Closing connection to localhost.example.org. QUIT 221 2.0.0 xeon.example.org closing connection You have new mail in /var/mail/dan [dan@xeon:~] $ telnet m20.example.org 25 Trying 216.187.106.227... Connected to m20.example.org. Escape character is '^]'. 220 m20.example.org ESMTP Postfix MAIL From:[EMAIL PROTECTED] 503 Error: send HELO/EHLO first ^C^] telnet quit Connection closed. [dan@xeon:~] $ telnet m20.example.org 25 Trying 216.187.106.227... Connected to m20.example.org. Escape character is '^]'. 220 m20.example.org ESMTP Postfix EHLO xeon.example.org 250-m20.example.org 250-PIPELINING 250-SIZE 1024 250-ETRN 250-XVERP 250 8BITMIME MAIL From:[EMAIL PROTECTED] SIZE=37 250 Ok RCPT To:[EMAIL PROTECTED] 250 Ok DATA 354 End data with CRLF.CRLF . 250 Ok: queued as A62127A11 QUIT 221 Bye Connection closed by foreign host. [dan@xeon:~] $ -- Dan Langille I'm looking for a computer job: http://www.freebsddiary.org/dan_langille.php To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
dan [dan@xeon:~] $ echo 'hi there' | mail -v [EMAIL PROTECTED] dan [EMAIL PROTECTED] Connecting to localhost.example.org. via dan relay... dan insert 75s delay here dan 220 xeon.example.org ESMTP Sendmail 8.12.5/8.12.5; Thu, 29 Aug 2002 dan 08:32:14 -0400 (EDT) That's either IDENT or DNS. 1. Does the same delay happen if you do this: telnet localhost.example.org 25 2. Does the delay happen on every message? If the answers to question 1 is no and question 2 is yes, try: echo 'hi there' | /usr/sbin/sendmail -v -d8.8 [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
On 29 Aug 2002 at 10:32, Gregory Neil Shapiro wrote: dan [dan@xeon:~] $ echo 'hi there' | mail -v [EMAIL PROTECTED] dan [EMAIL PROTECTED] Connecting to localhost.example.org. via dan relay... dan insert 75s delay here dan 220 xeon.example.org ESMTP Sendmail 8.12.5/8.12.5; Thu, 29 Aug 2002 dan 08:32:14 -0400 (EDT) That's either IDENT or DNS. 1. Does the same delay happen if you do this: telnet localhost.example.org 25 No. 2. Does the delay happen on every message? Yes (qualifed by: every test I've run it's been like that). If the answers to question 1 is no and question 2 is yes, try: echo 'hi there' | /usr/sbin/sendmail -v -d8.8 [EMAIL PROTECTED] [The real domain is unixathome.org, not example.org; I've done a search+replace on the log below] See ***delay occurs here... below. [dan@xeon:~] $ echo 'hi there' | /usr/sbin/sendmail -v -d8.8 [EMAIL PROTECTED] dns_getcanonname(m20.example.org, trymx=1) dns_getcanonname: trying m20.example.org. () ;; res_querydomain(m20.example.org, , 1, 28) ;; res_query(m20.example.org., 1, 28) ;; res_mkquery(0, m20.example.org., 1, 28) ;; res_send() ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26786 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; m20.example.org, type = , class = IN ;; Querying server (# 1) address = 127.0.0.1 ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26786 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; m20.example.org, type = , class = IN example.org. 1D IN SOA ns1.example.org. soa.example.com. ( 2002082901 ; serial 3H ; refresh 30M ; retry 4w2d; expiry 1D ); minimum ;; rcode = 0, ancount=0 NO: errno=19, h_errno=4 dns_getcanonname: trying m20.example.org. (A) ;; res_querydomain(m20.example.org, , 1, 1) ;; res_query(m20.example.org., 1, 1) ;; res_mkquery(0, m20.example.org., 1, 1) ;; res_send() ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26787 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; m20.example.org, type = A, class = IN ;; Querying server (# 1) address = 127.0.0.1 ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26787 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; m20.example.org, type = A, class = IN m20.example.org. 1M IN A 216.187.106.227 example.org. 1M IN NSxeon.example.org.org. xeon.example.org.org. 5S IN A 127.0.0.1 YES dns_getcanonname: m20.example.org getmxrr([localhost], droplocalhost=1) dns_getcanonname(localhost, trymx=0) dns_getcanonname: trying localhost.example.org () ;; res_querydomain(localhost, example.org, 1, 28) ;; res_query(localhost.example.org, 1, 28) ;; res_mkquery(0, localhost.example.org, 1, 28) ;; res_send() ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26788 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; localhost.example.org, type = , class = IN ;; Querying server (# 1) address = 127.0.0.1 ;; got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 26788 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; localhost.example.org, type = , class = IN example.org. 1D IN SOA ns1.example.org. soa.example.com. ( 2002082901 ; serial 3H ; refresh 30M ; retry 4w2d; expiry 1D ); minimum ;; rcode = 3, ancount=0 NO: errno=19, h_errno=1 [EMAIL PROTECTED] Connecting to xeon.example.org. via relay... ;; res_querydomain(xeon.example.org., Nil, 1, 28) ;; res_query(xeon.example.org, 1, 28) ;; res_mkquery(0, xeon.example.org, 1, 28) ;; res_send() ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26789 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; xeon.example.org, type = , class = IN ;; Querying server (# 1) address = 127.0.0.1 ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26789 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; xeon.example.org, type = , class = IN example.org. 1D IN SOA ns1.example.org. soa.example.com. ( 2002082901 ; serial 3H ; refresh 30M ; retry 4w2d; expiry 1D ); minimum ;; rcode = 0, ancount=0 ;; res_querydomain(xeon,
Re: why does this sendmail connection take so long?
I see two related problems with your DNS setup: dan dns_getcanonname: trying m20.example.org. (A) dan ;; res_querydomain(m20.example.org, , 1, 1) dan ;; res_query(m20.example.org., 1, 1) dan ;; res_mkquery(0, m20.example.org., 1, 1) dan ;; res_send() dan ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26787 dan ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 dan ;; m20.example.org, type = A, class = IN dan ;; Querying server (# 1) address = 127.0.0.1 dan ;; got answer: dan ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26787 dan ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: dan 1 dan ;; m20.example.org, type = A, class = IN dan m20.example.org. 1M IN A 216.187.106.227 dan example.org. 1M IN NSxeon.example.org.org. ^ dan xeon.example.org.org. 5S IN A 127.0.0.1 ^ example.org's DNS zone has a mistake if it has an NS record pointing to a bogus hostname like that (and what's worse the bogus hostname resolves). dan dns_getcanonname: trying localhost.example.org () dan ;; res_querydomain(localhost, example.org, 1, 28) ... dan [EMAIL PROTECTED] Connecting to xeon.example.org. via relay... localhost.example.org appears to map to xeon.example.org, perhaps via /etc/hosts? My first suggestion would be to fix your DNS zone as mentioned above. Then, try the test again with more debugging: echo 'hi there' | /usr/sbin/sendmail -v -d8.8,16.10,61.11 [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
On 29 Aug 2002 at 10:57, Gregory Neil Shapiro wrote: dan xeon.example.org.org. 5S IN A 127.0.0.1 ^ example.org's DNS zone has a mistake if it has an NS record pointing to a bogus hostname like that (and what's worse the bogus hostname resolves). Ugh. The NS entry was missing a trailing period. Thank you. dan dns_getcanonname: trying localhost.example.org () dan ;; res_querydomain(localhost, example.org, 1, 28) ... dan [EMAIL PROTECTED] Connecting to xeon.example.org. via relay... localhost.example.org appears to map to xeon.example.org, perhaps via /etc/hosts? It did. It no longer does. My first suggestion would be to fix your DNS zone as mentioned above. On a side note, I noticed that localhost-v6.rev was not being used. I fixed that as well. Then, try the test again with more debugging: echo 'hi there' | /usr/sbin/sendmail -v -d8.8,16.10,61.11 [EMAIL PROTECTED] See *** delay occurs here below. [dan@xeon:/etc/namedb] $ echo 'hi there' | /usr/sbin/sendmail -v - d8.8,16.10,61.11 [EMAIL PROTECTED] sm_gethostbyname(xeon.example.org, 28)... ;; res_querydomain(xeon.example.org, Nil, 1, 28) ;; res_query(xeon.example.org, 1, 28) ;; res_mkquery(0, xeon.example.org, 1, 28) ;; res_send() ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23051 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; xeon.example.org, type = , class = IN ;; Querying server (# 1) address = 127.0.0.1 ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23051 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; xeon.example.org, type = , class = IN example.org. 1D IN SOA ns1.example.org. soa.example.org. ( 2002082903 ; serial 3H ; refresh 30M ; retry 4w2d; expiry 1D ); minimum ;; rcode = 0, ancount=0 ;; res_querydomain(xeon.example.org, example.org, 1, 28) ;; res_query(xeon.example.org.example.org, 1, 28) ;; res_mkquery(0, xeon.example.org.example.org, 1, 28) ;; res_send() ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23052 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; xeon.example.org.example.org, type = , class = IN ;; Querying server (# 1) address = 127.0.0.1 ;; got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 23052 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; xeon.example.org.example.org, type = , class = IN example.org. 1D IN SOA ns1.example.org. soa.example.org. ( 2002082903 ; serial 3H ; refresh 30M ; retry 4w2d; expiry 1D ); minimum ;; rcode = 3, ancount=0 failure failure sm_gethostbyname(xeon.example.org, 2)... xeon.example.org addr: IPv6:c0a8:12:: dns_getcanonname(m20.example.org, trymx=1) dns_getcanonname: trying m20.example.org. () ;; res_querydomain(m20.example.org, , 1, 28) ;; res_query(m20.example.org., 1, 28) ;; res_mkquery(0, m20.example.org., 1, 28) ;; res_send() ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23053 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; m20.example.org, type = , class = IN ;; Querying server (# 1) address = 127.0.0.1 ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23053 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; m20.example.org, type = , class = IN example.org. 1D IN SOA ns1.example.org. soa.example.org. ( 2002082903 ; serial 3H ; refresh 30M ; retry 4w2d; expiry 1D ); minimum ;; rcode = 0, ancount=0 NO: errno=19, h_errno=4 dns_getcanonname: trying m20.example.org. (A) ;; res_querydomain(m20.example.org, , 1, 1) ;; res_query(m20.example.org., 1, 1) ;; res_mkquery(0, m20.example.org., 1, 1) ;; res_send() ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23054 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; m20.example.org, type = A, class = IN ;; Querying server (# 1) address = 127.0.0.1 ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23054 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; m20.example.org, type = A, class = IN m20.example.org. 1M IN A 216.187.106.227 example.org. 1M IN NS
Re: why does this sendmail connection take so long?
dan sm_gethostbyname(localhost, 28)... localhost dan alias: localhost.example.org dan addr: IPv6:::1 dan makeconnection (localhost.example.org. [IPv6:::1].25 (28)) dan makeconnection: fd=6 dan *** delay occurs here. dan Connect failed (Operation timed out with localhost.example.org.); dan retrying with AF_INET That explains it. You have a record pointing localhost.example.org at ::1 but your sendmail daemon isn't listening for IPv6 connections and worse yet your host appears to drop instead of reject connection attempts. My guess is you have IP firewalling enabled (either IPFW or IPF) and default to drop or have ip6fw or ipf rulesets that effectively to do the same. Assuming for the moment you have this in your kernel config: options IPV6FIREWALL And don't have (which you shouldn't): options IPV6FIREWALL_DEFAULT_TO_ACCEPT Then you can add this to /etc/rc.conf: ipv6_enable=YES ipv6_firewall_enable=YES ipv6_firewall_type=closed To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
On 29 Aug 2002 at 11:27, Gregory Neil Shapiro wrote: That explains it. You have a record pointing localhost.example.org at ::1 but your sendmail daemon isn't listening for IPv6 connections and worse yet your host appears to drop instead of reject connection attempts. My guess is you have IP firewalling enabled (either IPFW or IPF) and default to drop or have ip6fw or ipf rulesets that effectively to do the same. I am using ipf with pass out from any to any/pass out from any to any. FWIW: in this case localhost.example.org is the DNS server for my private LAN. -- Dan Langille I'm looking for a computer job: http://www.freebsddiary.org/dan_langille.php To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
dan I am using ipf with pass out from any to any/pass out from any to dan any. Unfortunately, I use ipfw/ip6fw so I don't know if my guesses are correct. That rule only appears to handle outbound connections (therefore allowing the sendmail client to open an outbound connection to the localhost sendmail server). It does not allow for inbound connections (thereby allowing the incoming connection). Perhaps what you need is also: echo 'pass in quick on lo0' /etc/ipf6.rules echo 'pass out quick on lo0' /etc/ipf6.rules ipf -6 -f /etc/ipf6.rules Note the -6 for the IPv6 rules (which appear to be kept separate from the IPv4 rules). Again, I'm just guessing at ipf usage but you get the idea (I hope). To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
On 29 Aug 2002 at 11:50, Gregory Neil Shapiro wrote: dan I am using ipf with pass out from any to any/pass out from any to dan any. Unfortunately, I use ipfw/ip6fw so I don't know if my guesses are correct. That rule only appears to handle outbound connections (therefore allowing the sendmail client to open an outbound connection to the localhost sendmail server). It does not allow for inbound connections (thereby allowing the incoming connection). Perhaps what you need is also: echo 'pass in quick on lo0' /etc/ipf6.rules echo 'pass out quick on lo0' /etc/ipf6.rules ipf -6 -f /etc/ipf6.rules Note the -6 for the IPv6 rules (which appear to be kept separate from the IPv4 rules). Again, I'm just guessing at ipf usage but you get the idea (I hope). You guessed very well. Making the above changes fixed the problem. And I didn't know about the -6 switch on ipf. Applying the same solution to another box (also running ipf and having similar problems). Thank you for your time and efforts. -- Dan Langille I'm looking for a computer job: http://www.freebsddiary.org/dan_langille.php To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
Dan Langille wrote: On 28 Aug 2002 at 16:43, Terry Lambert wrote: echo 'hi there' | mail -v [EMAIL PROTECTED] ? After issuing the above command, there is a 75s delay (see below for delay location). All subsequent lines appear without delay. At the end of this message, I've issued the commands by hand. No delays occur. [dan@xeon:~] $ echo 'hi there' | mail -v [EMAIL PROTECTED] [EMAIL PROTECTED] Connecting to localhost.example.org. via relay... insert 75s delay here This is either ident or the reverse DNS. Since the delay is ~75s, and that's on the order of 3 tries of 25s each, I would say it was a resolver issue, not an ident issue. Most likely, it's the reverse lookup of the 127.0.0.1. You need to make your local DNS server claim authority for the 127.in-addr.arpa. domain, and put the reverse mapping for the name localhost in there. The most common cause of a problem like this for a net connected system is a firewall that blocks DNS UDP packets; otherwise, it would just find that same value in the global DNS. I have patches for Sendmail 8.9.3 that fix this sort of thing up (I didn't want to bring up the link in a dial-on-demand device when processing local email), for all the good that will do you, since it's an ancient version tese days. ;^). -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
On 22 Aug 2002 at 18:28, Michael Scheidell wrote: - Original Message - From: Dan Langille [EMAIL PROTECTED] Newsgroups: local.freebsd.hackers Sent: Thursday, August 22, 2002 1:41 PM Subject: why does this sendmail connection take so long? I'd normally attribute this problem to DNS, but I can't track down what DNS problem is occuring. Note the lag between the first event and the next. Any suggestions? might be identd (port 113) After some testing, I'm inclined to think it's not ident. The network in question is behind a firewall which is doing NAT. Two boxes do not exibit the problem. Two do. All are FreeBSD 4.6-stable created from same source snapshot. I've tested this from several boxes behind my firewall each time emailing to a box outside the firewall. The test was: echo 'hi there' | mail [EMAIL PROTECTED] The two boxes which exibit the probem are the DNS server and the firewall. Mail sent from those boxes exhibit identical delays, namely a 75 second lag between the first and second event (see below for an example; note that I've changed the real domain to example.org). I'm not sure whether this indicates a problem on the sending or receiving end. I suspect sending. But what the problem is I'm not sure yet. I've been running tcpdump -i lo0 port 53 to see if I could find anything suspect in there, but I didn't. BTW, what would I be looking for if the above delay is caused by DNS? Thanks. Aug 28 12:07:24 xeon sendmail[66323]: g7SG7O7G066323: from=dan, size=37, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], relay=dan@localhost Aug 28 12:08:39 xeon sm-mta[66507]: g7SG8dvj066507: from=[EMAIL PROTECTED], size=351, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] Aug 28 12:08:40 xeon sendmail[66323]: g7SG7O7G066323: [EMAIL PROTECTED], ctladdr=dan (1000/1000), delay=00:01:16, xdelay=00:01:16, mailer=relay, pri=30028, relay=localhost.example.org. [127.0.0.1], dsn=2.0.0, stat=Sent (g7SG8dvj066507 Message accepted for delivery) Aug 28 12:08:42 xeon sm-mta[66509]: g7SG8dvj066507: to=[EMAIL PROTECTED], ctladdr=[EMAIL PROTECTED] (1000/1000), delay=00:00:03, xdelay=00:00:02, mailer=esmtp, pri=30342, relay=m20.example.org. [216.187.106.227], dsn=2.0.0, stat=Sent (Ok: queued as 169F57A11) -- Dan Langille I'm looking for a computer job: http://www.freebsddiary.org/dan_langille.php To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
* Dan Langille [EMAIL PROTECTED] [2002-08-28 13:01]: On 22 Aug 2002 at 18:28, Michael Scheidell wrote: - Original Message - From: Dan Langille [EMAIL PROTECTED] Newsgroups: local.freebsd.hackers Sent: Thursday, August 22, 2002 1:41 PM Subject: why does this sendmail connection take so long? I'd normally attribute this problem to DNS, but I can't track down what DNS problem is occuring. Note the lag between the first event and the next. Any suggestions? might be identd (port 113) After some testing, I'm inclined to think it's not ident. The network in question is behind a firewall which is doing NAT. Two boxes do not exibit the problem. Two do. All are FreeBSD 4.6-stable created from same source snapshot. I've tested this from several boxes behind my firewall each time emailing to a box outside the firewall. The test was: echo 'hi there' | mail [EMAIL PROTECTED] The two boxes which exibit the probem are the DNS server and the firewall. Mail sent from those boxes exhibit identical delays, namely a 75 second lag between the first and second event (see below for an example; note that I've changed the real domain to example.org). I'm not sure whether this indicates a problem on the sending or receiving end. I suspect sending. But what the problem is I'm not sure yet. I've been running tcpdump -i lo0 port 53 to see if I could find anything suspect in there, but I didn't. BTW, what would I be looking for if the above delay is caused by DNS? I don't think you can see 127.0.0.0 traffic this way, BICBW. In general you should see less than a 2 second reply to any DNS query if everything is configured correctly. Most replys are less than .5 seconds even on a fairly busy network. Thanks. Aug 28 12:07:24 xeon sendmail[66323]: g7SG7O7G066323: from=dan, size=37, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], relay=dan@localhost Aug 28 12:08:39 xeon sm-mta[66507]: g7SG8dvj066507: from=[EMAIL PROTECTED], size=351, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] Aug 28 12:08:40 xeon sendmail[66323]: g7SG7O7G066323: [EMAIL PROTECTED], ctladdr=dan (1000/1000), delay=00:01:16, xdelay=00:01:16, mailer=relay, pri=30028, relay=localhost.example.org. [127.0.0.1], dsn=2.0.0, stat=Sent (g7SG8dvj066507 Message accepted for delivery) Aug 28 12:08:42 xeon sm-mta[66509]: g7SG8dvj066507: to=[EMAIL PROTECTED], ctladdr=[EMAIL PROTECTED] (1000/1000), delay=00:00:03, xdelay=00:00:02, mailer=esmtp, pri=30342, relay=m20.example.org. [216.187.106.227], dsn=2.0.0, stat=Sent (Ok: queued as 169F57A11) OK, I'm going to try to analyze this *without* my Sendmail tome handy (it's on another continent)... Looks like you've got sendmail on the local machine to first relay to host localhost.example.org probably in /etc/mail/sendmail.cf. I'd suggest just setting your relayhost to the firewall machine. (And set the firewall relayhost to nothing- let him do final transfer.) No- I don't remember quirky sendmail variable- web over to sendmail.org or read the config file notes. Another test you should try is to just simulate the mail exchange via telnet. Run through the protocol (helo, mail from:, rcpt to:, data) and see performance. Also check how long it takes to close the tcp connection. I think that is also tunable via sendmail.cf Getting the split mail setup working correctly is tricky, but there are some examples in the big Sendmail book. Probably should move this to -questions... Hope this helps, jpb === [snip] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: why does this sendmail connection take so long?
Dan Langille wrote: I've tested this from several boxes behind my firewall each time emailing to a box outside the firewall. The test was: echo 'hi there' | mail [EMAIL PROTECTED] echo 'hi there' | mail -v [EMAIL PROTECTED] ? -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message