From owner-freebsd-security Thu May 3 11:44:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from whiskey.klatsch.org (whiskey.klatsch.org [209.6.82.6]) by hub.freebsd.org (Postfix) with SMTP id 59ECF37B43C for ; Thu, 3 May 2001 11:44:54 -0700 (PDT) (envelope-from bene@klatsch.org) Received: (qmail 56586 invoked by uid 1001); 3 May 2001 18:44:41 -0000 Date: Thu, 3 May 2001 14:44:41 -0400 From: Ben Eisenbraun To: "Timothy S. Bowers" Cc: freebsd-security@freebsd.org Subject: Re: reverse or not Message-ID: <20010503144441.B52246@klatsch.org> References: <5.0.2.1.2.20010503145244.00a12e50@nol.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.0.2.1.2.20010503145244.00a12e50@nol.co.za>; from security@nol.co.za on Thu, May 03, 2001 at 02:53:10PM +0200 X-Disclaimer: I'm the only one foolish enough to claim these opinions. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, May 03, 2001 at 02:53:10PM +0200, Timothy S. Bowers wrote: > When I do this: # telnet 127.0.0.1 25 > It takes around 30 seconds to connect to the local exim mail server. > Actualy.. it takes long from anywhere. It might be waiting for an ident to timeout. Most of the major MTA's do an ident/auth check (TCP:113) when you connect to them, and if your machine is just dropping those requests, then the MTA waits for the request to timeout before displaying the banner. I can't think of a good reason it would do this for localhost connections though. Is the machine running a firewall? Maybe net.inet.tcp.restrict_rst: 1 would do it? To verify if this is actually the problem, you could fire up tcpdump and listen to see if Exim is initiating an ident request. You could also set the sysctl value net.inet.tcp.log_in_vain to 1, and connection attempts to closed ports will be logged. Good luck! -ben To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message