[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] slow reverse lookups in sendmail

Subject: Re: [cobalt-developers] slow reverse lookups in sendmail
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Mon Apr 9 16:45:17 2001
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

On Mon, 9 Apr 2001, Dan Keller wrote:

> Hello Cobalt gurus --
> 
> Any sendmail experts out there?
> 
> I'm running a RaQ2 with all the updates.
> I believe that the current RaQ2 sendmail is
> version 8.9.3 (true?)
> 
> My sendmail is having trouble receiving messages
> from some of its mail server counterparts because
> it responds slowly and sometimes they timeout.
> 
> I suspect that the slow response is due to the
> spam-suppressing reverse server name lookup --
> my server accepts no connections from servers
> whose names it can't resolve.
> 
> This is the correct behavior.  The trouble is that
> it takes too long to do the lookup even of remote
> hosts whose names do resolve.
> 
> Acording to the doc at sendmail.org, the default
> timeout.ident was dropped from 30 seconds to 5
> seconds starting with version 8.5.
> 
> My sendmail.cf contains this line:
> 
> #O Timeout.ident=30s
> 
> which, as you can see, is commented-out so I presume 
> that it's defaulting to 5 seconds.
> 

when it comes to configuration, don't presume :)
as a rule, I always force configuraition.
seems like best practice.

but.

this is ident timeout, not DNS timeout.

if you don't know what ident (also known as "auth") is:
The AUTH protocol is out there to have a machine report a machine it
connects which user on the connecting machine is connecting.

What do I mean?

Say you have a unix system with 1000 users.

Someone hacked to another machine from your machine.
Without the existance of AUTH, all the remote machine could know, is that
you are the one who got into there (your machine).

You can't track the offender - that sucks!

That's why AUTH was invented.

AUTH listens on port 113 on your machine (if you run it), answering other
machines about the owner of the connnection between your IP:port to
remoteIP:port (note, you can't abuse that service - AUTH will only reply
to the machine on the otherside+port)

So this is basically what ident is - and ident timeout corresponds to it.

This has probably nothing to do for resolves timeouts... :)

I would hunt for dns lookups timeouts in the config...

or, you can do some other thing...

add his IP+host to /etc/hosts

that way your machine won't resolve his IP - but if his IP changes - tough
luck...

> Can you suggest what else I might check or tweak?
> 
> Many thanks for sharing your wisdom!
> 
> Dan Keller
> dan@xxxxxxxxxx
> http://www.keller.com/
> +1 415 861-4500 (voice)
> +1 415 861-4593 (fax)
> 
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

References:
- [cobalt-developers] slow reverse lookups in sendmail
  - From: Dan Keller

Prev by Date: [cobalt-developers] How many DNS entry for each raq3/raq4?
Next by Date: Re: [cobalt-developers] screwed up file ownership and permissions
Previous by thread: [cobalt-developers] slow reverse lookups in sendmail
Next by thread: [cobalt-developers] re-install to original Raq4R

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index