Autor: Renaud Allard Datum: To: Marc Haber CC: exim Betreff: Re: [exim] Delay when connecting to send mail
Marc Haber wrote: > On Tue, 05 Feb 2008 12:32:31 +0100, Yves Goergen
> <nospam.list@???> wrote:
>> On 05.02.2008 09:28 CE(S)T, Marc Haber wrote:
>>> The Debian docs say that it is a much better idea to configure the
>>> firewall "protecting" the client to reject the ident calls instead of
>>> dropping them. I still think that is a better idea.
>> Well, say that to all of the Windows or NAT users out there. ;)
>
> A lot of NAT devices can be configured that way.
>
In fact some software firewalls for windows and some SOHO routers do it
that way by default, but it is not the most common ones.
I have also already seen a firewall appliance at a medium company which
was detecting ident call, and then blocking further connection for some
minutes.
They were trying to send my client a mail, thus connecting to port 25
then exim sent the ident probe
then their firewall was cutting all existing port 25 connections because
exim accessed an "unauthorized port"
So they were not able to send my client a mail and told the exim server
was broken.