Sendmail Five Second Greeting Delay

Norbert Papke npapke at acm.org
Fri Apr 2 15:48:47 UTC 2010 

On April 2, 2010, Jon Radel wrote:
> On 4/2/10 8:33 AM, David Allen wrote:
> > Secondly, it seems the cause of the OP's problem was a delay associated
> > with an IDENT query.  Specificially
> >
> >    confTO_IDENT     Timeout.ident   [5s] The timeout waiting for a
> >         response to an IDENT query.
> >
> > If he had local DNS configured, there would be no query, and therefore no
> > issue, but setting the timeout to 0 seconds using
> >
> >    define(`confTO_IDENT', 0s)
> >
> > does remove the delay, but not the underlying problem.
> 
> You sure?  IDENT has nothing to do with DNS, and I don't know of any
> program that does an IDENT query solely if DNS data is not available.  I
> can't see why that would make any sense.
> 
> What is most likely the OP's root problem is that he's sending e-mail
> from a machine that's on the other side of a firewall that blocks IDENT
> traffic but doesn't actively reject it.  So sendmail has to sit around
> and wait for the query to time out.

Allow me to clarify the scenario.  The intent is for a local Windows box to 
relay outgoing SMTP through the FreeBSD box.  Both machines are on the same 
LAN segment.  No intervening Firewalls (except software firewalls on the boxes).

Without the IDENT timeout, this is the traffic.  
FreeBSD box on 172.16.0.3, Windows box on 172.16.0.11.

No.     Time        Source                Destination           Protocol Info
  10844 18.153005   172.16.0.11           172.16.0.3            TCP      55100 > smtp [SYN] Seq=0 Win=8192 Len=0 
MSS=1460
  10845 18.153031   172.16.0.3            172.16.0.11           TCP      smtp > 55100 [SYN, ACK] Seq=0 Ack=1 Win=65535 
Len=0 MSS=1460
  10846 18.153306   172.16.0.11           172.16.0.3            TCP      55100 > smtp [ACK] Seq=1 Ack=1 Win=64240 Len=0
  10847 18.153944   172.16.0.3            172.16.0.254          DNS      Standard query PTR 11.0.16.172.in-addr.arpa
  10849 18.163505   172.16.0.254          172.16.0.3            DNS      Standard query response PTR 
tiggr.lan.provenpath.ca
  10850 18.163690   172.16.0.3            172.16.0.254          DNS      Standard query PTR 3.0.16.172.in-addr.arpa
  10856 18.173804   172.16.0.254          172.16.0.3            DNS      Standard query response PTR 
proven.lan.provenpath.ca
  10857 18.173943   172.16.0.3            172.16.0.254          DNS      Standard query A tiggr.lan.provenpath.ca
  10860 18.176306   172.16.0.254          172.16.0.3            DNS      Standard query response A 172.16.0.11
  10861 18.176532   172.16.0.3            172.16.0.11           TCP      57889 > ident [SYN] Seq=0 Win=65535 Len=0 
MSS=1460 WS=3 TSV=142487140 TSER=0
  12402 21.156922   172.16.0.3            172.16.0.11           TCP      57889 > ident [SYN] Seq=0 Win=65535 Len=0 
MSS=1460 WS=3 TSV=142490140 TSER=0
  13637 23.145692   172.16.0.3            172.16.0.11           SMTP     S: 220 proven.lan.provenpath.ca ESMTP Sendmail 
8.14.4/8.14.4; Fri, 2 Apr 2010 08:26:47 -0700 (PDT)
  13741 23.337234   172.16.0.11           172.16.0.3            TCP      55100 > smtp [ACK] Seq=1 Ack=98 Win=64143 
Len=0


Basically, sendmail performs and IDENT even though the DNS lookup seems to have 
succeeded.  The Windows box does not reject the IDENT.

Cheers,

-- Norbert Papke.
   npapke at acm.org

More information about the freebsd-questions mailing list