Re: smtp with ip filter .. become slow

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig76375B7532224009128B82E6
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

.. wrote:
>>>If I send a email it's look like very slow, I was read FAQ and I also
>
> add :
>
>>Just a track to look at, did you consider your smtp server could be
>>using ident/authentication before accepting email? If so, you may need
>>to allow tcp/113.
>
>
> I am not using authentification for smtp. And port 113 also off ( netstat -a
> | grep LIST ).
> If I remove ipf.conf to become zero ruleset or empty, smtp working quickly.

Yes I know, but SMTP servers always hit IDENT. If you are dropping
packets, it will wait until its timed out, but if you are answering with
a TCP RST (what your OS will do in the absence of a firewall), it just
goes on with life because it knows there is no IDENT server running. Try
adding this to your ruleset:

## Return RST for Ident
## This prevents long delays with SMTP and allows IRC to work
block return-rst in quick on elxl0 proto tcp from any to any port = 113

If you are in Solaris, also add:

pass out quick on elxl0 proto tcp from any port = 113 to any flags R/RSFUP

--
Phil Dibowitz phil@ipom.com
Freeware and Technical Pages Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759


--------------enig76375B7532224009128B82E6
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQE/ywMJN5XoxaHnMrsRAmi0AJ9yJlb5n2WOdUQGW1VBVkI7nWsg5A CfcOPq
uCEfdy/UF1IolfY/ylQn97U=
=nRhc
-----END PGP SIGNATURE-----

--------------enig76375B7532224009128B82E6--