Re: POP3 and SMTP slow on Linux since we installed a PIX

[Matt Dunn <matt () electrocentric com>]

I had a similar problem with Checkpoint on the SMTP side, and it was
because sendmail was trying to do a reverse lookup on the connection, and
since the hosts are NAT'd, it never found them, and timed out. The quick
fix for me was in sendmail.cf, change the default setting for the
Timout.ident option from 30s or whatever it is to 1s. I'm not positive what
the fix for the POP server would be (depends on the server, etc.), but I
imagine it's probably something similar, especially if you're using NAT
(which is probably true).

Dave, I hope this helps.

This brings me to _my_ question....

Given a Private Network doing many->1 NAT, and DMZ doing 1->1 NAT, where
the private network uses DHCP/WINS for IP assignment and name resolution
(making it difficult to keep accurate records on the DMZ side), what's the
best way to allow sendmail to successfully run its ident without having to
timeout? It just doesn't sit right with me to neuter part of the
authentication process for anyone connecting to port 25, simply because the
connections take unnecessarily long internally.

Thanks in advance, 

-Matt

At 04:11 PM 8/13/99 -0400, you wrote:
> We installed a PIX firewall and ever since POP and SMTP have been slow to
> establish a connection to the mail server on the DMZ from the inside. Has
> anyone here seen the same symptom?
>
> TIA Dave