Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: danielrm26 on May 28, 2002, 10:04:17 PM

Title: Without IDENT it takes forever to get mail...!
Post by: danielrm26 on May 28, 2002, 10:04:17 PM

I am trying to figure out how to get rid of the IDENT (tcp113) backprobe from the mail server so that I can stop forwarding IDENT into my home network.

If I don't forward it checking my IMAP mail can take like 30 seconds, but when it IS forwarded it takes like 5 seconds.

How can I make e-smith not ask for the IDENT identification?

Title: Re: Without IDENT it takes forever to get mail...!
Post by: Bill Talcott on May 29, 2002, 12:15:32 AM

I'm not sure of how things *should* be, but this is fairly standard among mail and IRC servers. Some may not even allow you to connect without IDENT enabled. See http://www.dslreports.com/faq/225 for more info.

I "discovered" that IDENT was causing problems in http://forums.contribs.org/index.php?topic=13868.msg52747#msg52747 recently. If the server receives a response, even if it's just that the port is closed, it will carry on. It's only when the port is "stealthed" and just silently drops the incoming IDENT requests that there's a problem. The server doesn't get any response, so it keeps trying until it times out...

How are your networks set up? Is there any way you could just deny the request instead of silently dropping it? That would fix any IDENT-related issues like this, instead of just on the one server...

Title: Re: Without IDENT it takes forever to get mail...!
Post by: danielrm26 on May 29, 2002, 01:18:07 AM

I am using an IDENT proxy that is available on a certain firewall.  I am not sure how to make the port closed though...rather than open using the proxy.

GRC is telling me this...

113
IDENT
OPEN!
Identification/Authorization Service — Internet servers such as POP, IMAP, SMTP, and IRC query this port in response to client connections. It should NEVER be open since this is a source of tremendous information escape. Unsophisticated firewalls will show it closed — thus this provides a means for intruders to detect an otherwise stealthed computer. Only the latest, highest technology, adaptive firewalls are smart enough to stealth this port against random probes while showing it closed to queries from valid servers.

_____________

I am very interested in finding out what sort of technology it is that stealthes probes but allows my mail server to touch the daemon.  I imagine this is just an access control list on a stateful firewall, but I don't want to set up actual passing rules, I want to use this proxy feature of my firewall.

Hmm.  I guess I just have to research and see if I can configure it to be closed rather than open.