Re: [Exim] Re: stmp protocol violation, synchronization erro…

Góra strony
Delete this message
Reply to this message
Autor: Alan J. Flavell
Data:  
Dla: Exim users list
Temat: Re: [Exim] Re: stmp protocol violation, synchronization error, input sent
On Wed, 17 Mar 2004, Mick Swisher wrote:

> You guys are good.


No surprises there, then :-)) SCNR.

> We are now receiving mail from swbell.net (mtaw?.prodigy.net). For
> the first time since we installed Exim the 'sync' errors have
> dropped below 15k.


I really found those numbers amazing. We don't usually get more than a
handful a day, and that mostly at some other phase of the protocol.

> Of course all the other errors
> increased by 10-70% and our spam increased as well.


"I couldn't possibly comment", after the previous resentful private
mail I got when I had suggested that swbell might have some bona fide
customers. :-{

> I have since set set the ident timeout back up to 20s for further
> testing. I would prefer to get it as close to 30s as possible without
> risking intermittent issues with legitimate, although misconfigured,
> mta's.


I'm not sure what your exact motive is there. There will be three
possible responses from an ident query:

- an immediate rejection
- a slient timeout
- a usable response

In the first case, the timeout is irrelevant.

In the last case, it's been our experience that 7s is quite long
enough to wait for a usable response. There's little or no point in
waiting longer than about 10s, it seems to me.

So, I'd say "decide what you want".

If you find the ident response useful (and we have indeed found it
useful from time to time, e.g to reject shoals of proxying attempts
from misconfigured squids or cacheflow servers), then by all means
have it enabled. It seems to have done us no harm, set at 7s.

If, on the other hand, you want to subject the offering MTAs to a
delay at HELO time, then do so - don't try to rely on lame identd
timeouts to achieve it as a byproduct.

good luck