1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice


Discussion in 'Plesk for Linux - 8.x and Older' started by wildbill442, Jun 8, 2006.

  1. wildbill442

    wildbill442 Guest

    I've tried searching for this on the forums and got inconsistant results hence this post..

    Users on my network are complaining that it takes 30-45seconds to establish a SMTP connection with our plesk mail server. This is being caused by the IDENT Auth built into SMTP.. If I reject with-tcp-reset, packets that match the following conditions:

    src-address=mailserver protocol=tcp dst-port=25

    in the forward chain of my edge router users on remote networks don't see the delay, as expected. Users on the same subnet however still see the delay.

    I've tried inputing this rule in the input/output/forward chains of the plesk server, but it doesn't seem to be rejecting the packets. It's almost like the plesk software is ignoring the IPTABLES rules, because I don't see them appear in the GUI. Nor do I have an option to use REJECT in the GUI... You can't just silently drop the IDENT packets otherwise the connection has to timeout still causing the delay...

    SO, anyone have a solution for this? Why aren't my IPTABLES filter rules working? here's the exact syntax

    iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset
  2. wildbill442

    wildbill442 Guest

    I was using the wrong reject message.. tcp-reset wasn't working, so I tried icmp-host-prohibited, and it works like a charm!

    Here's the syntax for you IPTABLES users:

    iptables -I OUTPUT 1 -p tcp --dport 113 -j REJECT --reject-with icmp-host-prohibited