IDENTD and SMTP

[wildbill442]

I've tried searching for this on the forums and got inconsistant results hence this post..

Users on my network are complaining that it takes 30-45seconds to establish a SMTP connection with our plesk mail server. This is being caused by the IDENT Auth built into SMTP.. If I reject with-tcp-reset, packets that match the following conditions:

src-address=mailserver protocol=tcp dst-port=25

in the forward chain of my edge router users on remote networks don't see the delay, as expected. Users on the same subnet however still see the delay.

I've tried inputing this rule in the input/output/forward chains of the plesk server, but it doesn't seem to be rejecting the packets. It's almost like the plesk software is ignoring the IPTABLES rules, because I don't see them appear in the GUI. Nor do I have an option to use REJECT in the GUI... You can't just silently drop the IDENT packets otherwise the connection has to timeout still causing the delay...

SO, anyone have a solution for this? Why aren't my IPTABLES filter rules working? here's the exact syntax

iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset

 

[wildbill442]

I was using the wrong reject message.. tcp-reset wasn't working, so I tried icmp-host-prohibited, and it works like a charm!

Here's the syntax for you IPTABLES users:

iptables -I OUTPUT 1 -p tcp --dport 113 -j REJECT --reject-with icmp-host-prohibited