Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Claimed slow connection and delivery time?

2016-02-08 by Johann Klasek

On Mon, Feb 08, 2016 at 08:30:06AM -0600, Bob Friesenhahn bfriesen@... [milter-greylist] wrote:
> On Mon, 8 Feb 2016, Johann Klasek johann@... [milter-greylist] wrote:
> 
> > On Sun, Feb 07, 2016 at 10:23:51PM -0600, Bob Friesenhahn bfriesen@... [milter-greylist] wrote:
> >> The site http://mxtoolbox.com/ claims that my inbound mail is
> >> particularly slow.  The specific test page is at
> >> http://mxtoolbox.com/domain/www.simplesystems.org/.  The claim is that
> >> it takes 8.5 seconds to deliver a mail to my domain and results are
> >> consistent.
> > [..]
> >>
> >> Is this test page faulty or is there something in my mail delivery
> >> chain (e.g. milter-greylist) which is adding time?
> >
> > Maybe this is the cause:
> > Sendmail has usually IDENT queries enabled which timeouts in 10 or 15 secs
> > (if the TCP connection back to clients port 113 does not lead to an
> > immediate connection refused).
> >
> > I have following line included in my .mc config:
> >
> > define(`confTO_IDENT',`0s')dnl
> >
> > which prevents your server to do any IDENT queries.
> 
> Thanks for the heads-up.  Hardly anyone runs IDENT servers any more.

That's not the point, even if no one runs this service, if your sendmail
does a lookup normaly a firewall on client-side (!) drops incoming
113/TCP and your sendmail has to wait the timeout interval ...

> However, local telnet produces a quick response.

This would ask local port 113 which is likly refusing connection
quick ...

I did a test from my site to yours, tracing the traffic via port 113 and
what we can see is this:

16:33:19.087663 IP (tos 0x0, ttl  54, id 2478, offset 0, flags [DF],
length: 60) smtp.simplesystems.org.62068 > x.x.x.x.ident: S [tcp sum ok] 1786079858:1786079858(0) win 64240 <mss 1460,sackOK,timestamp 420629205 0,nop,wscale 1>

So, your server explicitly *does* IDENT queries. Simply turn them off. ;)


> I have a local caching DNS BIND server here which should make 
> short-work of any repeated queries.

These are IDENT (RFC1413) queries, which are not related to DNS ...
(maybe I did't get the point of your statement ;) )



Johann

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.