[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ZMailer ports and firewall
(I am supposed to be on a vacation, which means that my reply rate goes
down a bit, and becomes more spodaric... Especially if I am not sure
of the answer right away. Like now.)
> Hi,
>
> I am installing a firewall which permits my ZMailer host initiate any tcp/udp
> connections to any IP:port on the internet while incoming connection requests
> from the net are filtered.
>
> I have opened ports 25 and 113 TCP (for smtp and ident) so foreign IP's
> can more easily connect to my host, but I have noticed that when i try to
> open SMTP connections to other remote ZMailer servers i get a bigger
> initial delay before the connection is opened/granted than when the firewall
> is down, the question is, what other ports beside those should i open?
Very educative would be to see what packets/connections that FW
is rejecting/dropping.
Many sites are doing ident lookups with varying timeout speeds.
I just tested telnet from a firewalled host to two different
ZMailers. One which doesn't ask ident replied immediately,
while other with ident lookup did spend a moment presumably
at it before giving the 220 "prompt".
The delay in ident case seems to be about 5-6 seconds.
If the delay you are experiencing is longer, say 30 seconds,
then you propably are meeting some DNS timeouts. Does your
server also run DNS for the zone/reverser ?
> Thanks in advance,
> Enrique-
/Matti Aarnio <mea@nic.funet.fi>