From owner-freebsd-questions@FreeBSD.ORG Fri Apr 2 18:13:10 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8814106564A for ; Fri, 2 Apr 2010 18:13:10 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net [69.17.117.3]) by mx1.freebsd.org (Postfix) with ESMTP id 90DC68FC0A for ; Fri, 2 Apr 2010 18:13:10 +0000 (UTC) Received: (qmail 22196 invoked from network); 2 Apr 2010 18:13:09 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 2 Apr 2010 18:13:09 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id DD4505084B; Fri, 2 Apr 2010 14:13:08 -0400 (EDT) From: Lowell Gilbert To: Matthew Seaman References: <201004011751.27767.npapke@acm.org> <4BB58AC2.50009@infracaninophile.co.uk> <4BB62E5D.5030400@infracaninophile.co.uk> Date: Fri, 02 Apr 2010 14:13:08 -0400 In-Reply-To: <4BB62E5D.5030400@infracaninophile.co.uk> (Matthew Seaman's message of "Fri, 02 Apr 2010 18:50:21 +0100") Message-ID: <44iq89lo3v.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org, David Allen Subject: Re: Sendmail Five Second Greeting Delay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Apr 2010 18:13:10 -0000 Matthew Seaman writes: > Ident queries like this will cause a delay if the other side doesn't > respond respond to the ident query. That's typical behaviour for most > machines that run firewalls nowadays. Given that ident is broken as > designed (see rant in other post) turning it off is a good idea in my book. I consider it polite for firewalls to actively refuse to open the connection (TCP reset) rather than just dropping the request, though. There's really no downside to doing so. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/