31 May
2005
31 May
'05
1:45 p.m.
Quoting Gerald Combs [email protected]:
It's also a major performance hit. Most mail servers (and clients) these days are behind firewalls. The ident request will get dropped nearly 100% of the time, resulting in a long pause while the attempt times out.
If you're running IP Tables, you can take this rule from one of my Red Hat servers and adapt it to your needs, doing so will drastically reduce the long pause:
# reject identd requests -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 113 -j REJECT --reject-with tcp-reset
Good luck.
--
Dave Hull
http://insipid.com