Re: [Exim] Strange connection time

Top Pagina
Delete this message
Reply to this message
Auteur: Dave C.
Datum:  
Aan: Dave Doeppel
CC: Phil Pennock, exim-users
Onderwerp: Re: [Exim] Strange connection time
On Mon, 4 Feb 2002, Dave Doeppel wrote:

> I think that we understand that. Thus SMTP connections from MS servers, or
> any other who do not run identd, will cause Exim to keep attempting for 30
> seconds.


The point was, is that this does not occur if "a site does not run
identd"

It occurs, if a site has a particular (broken) firewall setup in place
that does not return a "connection refused" indication (RST packet), if
the identd service is blocked.

Exim will not wait for servers that do not run the identd service and
properly refuse connections to it.


> So since we do not have control of every network out there, we change our
> Exim config to wait less time if it cannot connect to an identd server.
>
> I happen to administer a linux/exim machine as well as several MS networks.
>
> Thanks to your advice I have found that Microsoft's ISA server does include
> an identd simulator and I now have it running on all of my MS netoworks.
>
> None of us said it was Exim's fault. In fact in my case it is MS's fault for
> not running the identd simulator by default.
>
> I think it is great that Exim includes a config line to control the timeout
> period.
>
> Thank you again for your help.
>
> Dave Doeppel
>
> ----- Original Message -----
> From: "Phil Pennock" <Phil.Pennock@???>
> To: "Dave Doeppel" <dave@???>
> Cc: "Paulo Henrique Baptista de Oliveira" <baptista@???>;
> <exim-users@???>
> Sent: Monday, February 04, 2002 3:24 PM
> Subject: Re: [Exim] Strange connection time
>
>
> > On 2002-02-04 at 15:10 -0800, Dave Doeppel wrote:
> > > The problem is some servers, especially MS servers, are not running an
> > > identd server and thus the 30 second timeout.
> >
> > NO!
> >
> > Exim does _NOT_ time out if the remote side behaves correctly, and
> > returns a RST packet when exim tries to open a connection to the auth
> > port (TCP/113, aka 'ident').
> >
> > In TCP, a RST packet means "ReSeT -- this port is not open". In normal
> > operation, that leads to a "Connection refused". Exim notes that
> > there's no ident value and continues on.
> >
> > The _problem_ here is that someone is playing stupid games with their
> > network and filtering packets required for operation.
> >
> > If you filter operational packets then expect operational problems.
> >
> > So there's no RST, so Exim keeps trying, and then gives up after 30
> > seconds.
> >
> > So the server might have a broken network stack, or might be filtering
> > RST packets (so effectively has a broken network stack), or someone
> > inbetween might be filtering the packets.
> >
> > Don't blame Exim for requiring a working network when operating on the
> > network. Exim does not _require_ ident. But if you set Exim up to
> > _use_ ident, then you require a working network.
> >
> > How much clearer can this be made?
> > --
> > Three things are certain:
> > Death, taxes, and lost data.
> > Guess which has occurred.
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
> >
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>


--