[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ZMailer ports and firewall

(I am supposed to be on a vacation, which means that my reply rate goes
 down a bit, and becomes more spodaric...  Especially if I am not sure
 of the answer right away.  Like now.)

> Hi,
> I am installing a firewall which permits my ZMailer host initiate any tcp/udp
> connections to any IP:port on the internet while incoming connection requests
> from the net are filtered.
> I have opened ports 25 and 113 TCP (for smtp and ident) so foreign IP's
> can more easily connect to my host, but I have noticed that when i try to 
> open SMTP connections to other remote ZMailer servers i get a bigger 
> initial delay before the connection is opened/granted than when the firewall
> is down, the question is, what other ports beside those should i open?

	Very educative would be to see what packets/connections that FW
	is rejecting/dropping.

	Many sites are doing ident lookups with varying timeout speeds.

	I just tested telnet from a firewalled host to two different
	ZMailers.  One which doesn't ask ident replied immediately,
	while other with ident lookup did spend a moment presumably
	at it before giving the 220 "prompt".

	The delay in ident case seems to be about 5-6 seconds.

	If the delay you are experiencing is longer, say 30 seconds,
	then you propably are meeting some DNS timeouts.  Does your
	server also run DNS for the zone/reverser ?

> Thanks in advance,
> Enrique-

/Matti Aarnio <mea@nic.funet.fi>