Re: exim problem
Vineet Kumar wrote:
I bounced your message back to the list, to continue the discussion in
the public forum. This way, others may be able to provide input into
the discussion, and still others may benefit from reading the discussion
now and in the public list archives.
* Ivan Wills (firstname.lastname@example.org) [040302 10:59]:
Vineet Kumar wrote:
The 30 seconds wait happens for all clients, and all the clients are
behind a NAT firewall. So they are seen as one IP address ( which has an
entry in the /etc/hosts file )
* Ivan Wills (email@example.com) [040229 20:49]:
Recently the server has started to take about 30s before sending a email
message. (It never did this before)
It does not matter what the size of the message is. It seems like the
server is waiting for the 30s before listening to the client.
I'd guess exim is trying to do an ident lookup with the client, but the
client is silently dropping the ident requests. (Bad packet filter!)
"30 seconds" smells like a timeout; either ident or reverse DNS.
This happens with every client? Is there a packet filter on the server
side? Or a DNS misconfiguration?
Okay, well, that's not really a good test for "all clients" -- by asking
that, I was trying to narrow down the problem to either the server or
the client. If they're all going through the same connection, it
doesn't help narrow it down.
The firewalls name appears in the log files so it appears that exim is
able to do a reverse look up.
Right, it sounds like your DNS lookup is probably fine in this instance.
I'd check that the NAT box isn't dropping inbound ident requests. It
should instead be responding with TCP RST, as for all closed ports. I'd
bet that's where your problem is.
P.S. Your sig is very large. This can be considered bad netiquette.
Consider reducing its size; a good guideline is that it shouldn't exceed
4 lines (though I'm often guilty of exceeding this myself). In any
case, aim for something that can be measured on the order of lines
rather than a half-page.
Any suggestions on how to check if the firewall is sending a TCP RST?
/ _ _
/ \ / | | | |
/ \/ \_| | |