Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Mail server, client firewall tips' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Mail server, client firewall tips
Authored by: thrig on Apr 03, '03 12:40:03PM

If you run mail services, you can disable or lower ident lookup timeouts; older versions of mail servers set a 30 second timeout, while more recent ones set much lower values.

$ grep Timeout.ident /etc/mail/sendmail.cf
#O Timeout.ident=5s

The above sets a default five second ident lookup timeout in sendmail; a custom value would not be commented out. To set a custom value, use something like the following in your sendmail.mc, then rebuild sendmail.cf.

define(`confTO_IDENT', `1s')

For more information on sendmail, see my sendmail configurations and documentation.

On the client side of things, one can effect an immediate timeout while still firewalling the ident port by sending back a "that port is closed" response from the firewall.

/sbin/ipfw add reset tcp from any to any 113 in

For more firewall rule examples, see how I run ipfw on my Mac.



[ Reply to This | # ]