Date: Mon, 17 Mar 1997 09:03:47 -0800 (PST) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: scott@statsci.com Cc: Neil <neil@corpex.com>, Questions Freebsd <freebsd-questions@FreeBSD.ORG> Subject: Re: SMTP and Firewalls Message-ID: <Pine.BSF.3.95.970317090103.27451A-100000@harlie.bfd.com> In-Reply-To: <m0w6RhC-000QdNC@bloke.statsci.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 16 Mar 1997, Scott Blachowicz wrote: > neil@corpex.com (Neil) wrote: > > > We are using FBSD 2.1.5 with IPFW configured for a mail server. Other than > > the obvious port 25 connections, what else must be opened in the firewall to > > allow SMTP 'sending'. At present we get a 'operation timed out' error as the > > server cannot connect ot an external server. > > Maybe port 113 (the "auth"/"ident") port? I've worked in a setup where the > systems inside the firewall were NOT setup to provide that service, so the > firewall was set to block them. We would get timeouts trying to get to SOME > systems' SMTP daemons. When we opened up the firewall to allow them through, > the connections went through. Our theory was that the remote system was > getting an immediate connection refused after it was opened up, so everything > proceeded just fine. With the firewall blocking them, it appeared as if the > remote systems' SMTP daemons weren't spitting out their '220' welcome message > banners, and our systems (running smail) were hanging waiting for it. Correct. sendmail tries to use ident to ID the person it is receiving mail from. I don't know what the default timeout is. And yes, I can find no time that you want to block port 113, because there are websites that exhibit the same behavior. If you don't want ident info given out, don't run identd, so that there is an immediate failure rather than a timeout.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970317090103.27451A-100000>