Re: [Exim] Re: Strange connection time

Pàgina inicial
Delete this message
Reply to this message
Autor: Dave
Data:  
A: Phil Pennock
CC: exim-users
Assumpte: Re: [Exim] Re: Strange connection time
Thank you for your reply. I realize that the ipop3 stuff is not relevant to
the list. I just mentioned it because I was having the same issue with Exim
and the POP server.

I was able to resolve both issues. Exim response time was resolved by
inserting the command
rfc1413_query_timeout = 0s

I fixed my POP 3 issue my rem'ing out the following in the ipop3 file under
xinetd
#       log_on_success          += USERID
#       log_on_failure          += USERID


I found the following at
http://www.linuxfocus.org/English/November2000/article175.shtml
the use of pop3 throught xinetd could be painful, depending on the values
you use for logging. For instance the use of USERID send a request from
your xinetd to an identd server hosted at the pop's client. If no such
server is available, a timeout is waited for 30 seconds.
So, when somebody tries to get his mail, he have to wait at least for those
30 seconds if no identd server responds. You have to choose between :
install an identd server on all the clients so your logs are very sharp
(take care, one can change the informations provided by identd) ;
decrease the quality of your logging for that service so that your users
could get their mails quickly.

Since MS does not have an ident service it was causing the 30 second delay
when I was testing clients behind MS ISA firewall.

I hope that this helps others and again sorry for including in the
exim-users. Just happened to be the same issue.

Dave Doeppel


At 12:09 AM 2/4/2002 +0100, Phil Pennock wrote:
> > At 02:14 PM 2/3/2002 -0800, Dave wrote:
> > >I have checked from other connections not behind ISA and the server
> > >responds immediately.
> > >
> > >I am not running identd at this point.
>
>identd runs on the remote system. The rfc1413_query_timeout option
>determines whether or not Exim tries to connect to the Auth service on
>the remote system. Typically identd provides the Auth service.
>
>Exim _does_ behave correctly if it receives a ReSeT when trying to make
>the back connection, which it should always get. You're filtering out
>too many packets which are _needed_ for basic Internet interoperability.
>
>See if you can find an option to let the ISA server return a RST for
>connection-open attempts on TCP port 113.
>
>On 2002-02-03 at 14:43 -0800, Dave wrote:
> > So I am left with trying to get this to work with the POP server. If anyone
> > can tell me
> > how I can do the same with ipop3d I would appreciate it.
>
>exim-users is for users of Exim. ipop3d is not part of Exim.
>
>Ultimately, if you can't find a way to configure it as part of the POP3
>server, if you don't want _any_ auth stuff to work, then you could hack
>it by setting up packet-filtering on outbound TCP/113 connections, to
>return RST immediately. But that's disgusting.
>
>Uhm, being bored (despite this being the wrong place to ask), I just had
>a look. It looks as though ipop3d is designed to run out of inetd, not
>as a standalone daemon. I couldn't immediately see anything which
>suggests that ipop3d does _any_ auth lookups. I suggest looking at your
>inetd/xinetd/whatever configuration; if you're TCP-Wrapping the service,
>then see what's in hosts.allow (and hosts.deny if that exists). Because
>I don't _think_, from a four-minute inspection, that it's an ipop3d
>issue. But as I say, I haven't looked hard/long.
>--
>Of course I'm right, I'm the operator.
>I'm not only right, I'm wrong if I want to be as well. -- The Canonical BOFH
>
>--
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>details at http://www.exim.org/ ##