1 minute pause on sendmail login

Les Mikesell lesmikesell at gmail.com
Thu Dec 22 18:54:06 UTC 2005

On Thu, 2005-12-22 at 03:29, Andy Pieters wrote:
> Hi
> > Sendmail will do a reverse DNS lookup for the IP address of the
> > connection to put the name in the logs.  Apparently this
> > doesn't work for the address you are testing from and you
> > wait for a timeout.  Perhaps the delegated DNS server is
> > blocked by a firewall that drops the packets.  Likewise there
> > is an IDENT query for the owner of the socket, but those
> > timeouts are usually faster.
> >
> It seems to happen with *everyone* who tries to connect outside of the LAN.  
> Reason enough for most MTA's to abandon the sending of the message and so I'm 
> forced to do a temporary mail forwarding.
> Interstingly enough, there is a caching dns server living on the same host as 
> the mail server, and the dns server is used troughout the LAN.  The 
> mailserver itself has "nameserver" in its resolv.conf file
> I went over the sendmail.mc file but couldn't find anything interesting 
> pertaining this issue.
> Looking at maillog I see the connection being logged but nothing which can 
> help me solve this problem.
> Anyone have any ideas?

How well does the nameserver work, and are there any firewalls
between the connecting machines and the mail server?  Note that
a firewall that rejects packets with an 'ICMP denied' message
will not cause a problem like one that silently discards packets
leaving both end in a retry/timeout state.  From the mailserver
try doing an nslookup on the IP address of a remote site
that exhibits the problem.  For example
time nslookup
should take a fraction of a second of real time.

You can fix the IDENT side with:
define(`confTO_IDENT', `0')dnl
in sendmail.mc. I think the default timeout for the ident
response is 30 seconds and the response is pretty useless.

  Les Mikesell
    lesmikesell at gmail.com

More information about the fedora-list mailing list