RE: [Exim] Should there be any reason for this?

Top Page
Delete this message
Reply to this message
Author: Hochstrasser Benedikt
Date:  
To: exim-users
Subject: RE: [Exim] Should there be any reason for this?
Leonardo Boselli wrote:

> Odhiambo G Washingto wrote:
>> rfc1413_hosts                 = *
>> rfc1413_query_timeout         = 10s
>> Those are the values in my file, but there is actually no harm in
>> commenting them out and giving Exim daemon a HUP.
>> That is where my suspicion is.


> Me too. it is likely the complaining person has on hist machine an
> ill-configured firewall !
> Exim by default tries an auth call to the client, if it repliues then

uses
> it, if don't just ignore. If the firewall intercept and drops the

packet,
> the exim server has no way to know if the packet is delayed or refused

so
> it has to wait for timeout.


IMHO the firewall /is/ properly configured when it silently drops the
auth packet. (They are evil, you know. <g>) Apart from that, a Windows
system doesn't know about ident anyway.

As we cannot reach each and every client out there we must make sure
exim doesn't use ident calls at all. May I suggest that rfc1413 queries
are disabled by default? They usually don't carry useful information
anyway. If an admin feels the urge to use ident calls, he/she should
enable them explicitly.

(FWIW I have a dummy identd running here just to appease other nosey
servers, but I'd prefer not having to use that at all)

--
Ben