On Sun, 2005-02-06 at 15:44, R. DuFresne wrote:
> It's very likely the other systems sending in e-mail are hanging waiting
> on ident, port 113, try either allowing ident to pass or setting a REJECT
> on attempts to that port and see if that helps, and you might well get
> hung with DNS lookups with newer sendmails. Make sure the sendmail server
> can reach out and touch the DNS tree.
Ron has an excellent point here about IDENT. a "good Internet citizen"
thing to do when running a mail server is to reject ident instead of
dropping it:
iptables -A INPUT -p tcp --syn --dport 113 \
-j REJECT --reject-with tcp-reset
-j
--
"Getting out of jury duty is easy. The trick is to say you're
prejudiced against all races."
--The Simpsons
