From owner-freebsd-questions@FreeBSD.ORG Fri Apr 2 15:48:47 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7DB05106564A for ; Fri, 2 Apr 2010 15:48:47 +0000 (UTC) (envelope-from npapke@acm.org) Received: from idcmail-mo2no.shaw.ca (idcmail-mo2no.shaw.ca [64.59.134.9]) by mx1.freebsd.org (Postfix) with ESMTP id 4B8FB8FC08 for ; Fri, 2 Apr 2010 15:48:47 +0000 (UTC) Received: from pd6ml2no-ssvc.prod.shaw.ca ([10.0.153.163]) by pd5mo1no-svcs.prod.shaw.ca with ESMTP; 02 Apr 2010 09:48:46 -0600 X-Cloudmark-SP-Filtered: true X-Cloudmark-SP-Result: v=1.0 c=1 a=9H10VVW1t6cA:10 a=VphdPIyG4kEA:10 a=kj9zAlcOel0A:10 a=VF9RaR9bft6c8SsOr3WyFg==:17 a=N54-gffFAAAA:8 a=9B1Bifsx_pCjWmcVow8A:9 a=2rZ9LHDYkUBUXzbD4XgA:7 a=V-HQI_T3prWGBJT4a1DaHmubuEUA:4 a=CjuIK1q_8ugA:10 a=nAPXUAfsBmEA:10 Received: from unknown (HELO proven.lan.provenpath.ca) ([24.85.241.34]) by pd6ml2no-dmz.prod.shaw.ca with ESMTP; 02 Apr 2010 09:48:46 -0600 Received: from proven.lan.provenpath.ca (localhost [127.0.0.1]) by proven.lan.provenpath.ca (8.14.4/8.14.4) with ESMTP id o32FmjU2023074 for ; Fri, 2 Apr 2010 08:48:45 -0700 (PDT) (envelope-from npapke@acm.org) Received: (from npapke@localhost) by proven.lan.provenpath.ca (8.14.4/8.14.4/Submit) id o32FmjEm023073 for freebsd-questions@freebsd.org; Fri, 2 Apr 2010 08:48:45 -0700 (PDT) (envelope-from npapke@acm.org) X-Authentication-Warning: proven.lan.provenpath.ca: npapke set sender to npapke@acm.org using -f From: Norbert Papke To: freebsd-questions@freebsd.org Date: Fri, 2 Apr 2010 08:48:45 -0700 User-Agent: KMail/1.12.4 (FreeBSD/8.0-STABLE; KDE/4.3.5; amd64; ; ) References: <201004011751.27767.npapke@acm.org> <4BB5FB51.60207@radel.com> In-Reply-To: <4BB5FB51.60207@radel.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201004020848.45574.npapke@acm.org> Subject: Re: Sendmail Five Second Greeting Delay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Apr 2010 15:48:47 -0000 On April 2, 2010, Jon Radel wrote: > On 4/2/10 8:33 AM, David Allen wrote: > > Secondly, it seems the cause of the OP's problem was a delay associated > > with an IDENT query. Specificially > > > > confTO_IDENT Timeout.ident [5s] The timeout waiting for a > > response to an IDENT query. > > > > If he had local DNS configured, there would be no query, and therefore no > > issue, but setting the timeout to 0 seconds using > > > > define(`confTO_IDENT', 0s) > > > > does remove the delay, but not the underlying problem. > > You sure? IDENT has nothing to do with DNS, and I don't know of any > program that does an IDENT query solely if DNS data is not available. I > can't see why that would make any sense. > > What is most likely the OP's root problem is that he's sending e-mail > from a machine that's on the other side of a firewall that blocks IDENT > traffic but doesn't actively reject it. So sendmail has to sit around > and wait for the query to time out. Allow me to clarify the scenario. The intent is for a local Windows box to relay outgoing SMTP through the FreeBSD box. Both machines are on the same LAN segment. No intervening Firewalls (except software firewalls on the boxes). Without the IDENT timeout, this is the traffic. FreeBSD box on 172.16.0.3, Windows box on 172.16.0.11. No. Time Source Destination Protocol Info 10844 18.153005 172.16.0.11 172.16.0.3 TCP 55100 > smtp [SYN] Seq=0 Win=8192 Len=0 MSS=1460 10845 18.153031 172.16.0.3 172.16.0.11 TCP smtp > 55100 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 10846 18.153306 172.16.0.11 172.16.0.3 TCP 55100 > smtp [ACK] Seq=1 Ack=1 Win=64240 Len=0 10847 18.153944 172.16.0.3 172.16.0.254 DNS Standard query PTR 11.0.16.172.in-addr.arpa 10849 18.163505 172.16.0.254 172.16.0.3 DNS Standard query response PTR tiggr.lan.provenpath.ca 10850 18.163690 172.16.0.3 172.16.0.254 DNS Standard query PTR 3.0.16.172.in-addr.arpa 10856 18.173804 172.16.0.254 172.16.0.3 DNS Standard query response PTR proven.lan.provenpath.ca 10857 18.173943 172.16.0.3 172.16.0.254 DNS Standard query A tiggr.lan.provenpath.ca 10860 18.176306 172.16.0.254 172.16.0.3 DNS Standard query response A 172.16.0.11 10861 18.176532 172.16.0.3 172.16.0.11 TCP 57889 > ident [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=3 TSV=142487140 TSER=0 12402 21.156922 172.16.0.3 172.16.0.11 TCP 57889 > ident [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=3 TSV=142490140 TSER=0 13637 23.145692 172.16.0.3 172.16.0.11 SMTP S: 220 proven.lan.provenpath.ca ESMTP Sendmail 8.14.4/8.14.4; Fri, 2 Apr 2010 08:26:47 -0700 (PDT) 13741 23.337234 172.16.0.11 172.16.0.3 TCP 55100 > smtp [ACK] Seq=1 Ack=98 Win=64143 Len=0 Basically, sendmail performs and IDENT even though the DNS lookup seems to have succeeded. The Windows box does not reject the IDENT. Cheers, -- Norbert Papke. npapke@acm.org