Turn off Ident request on Sendmail Sessions

Can anyone provide a link or other instructions on how to configure Sendmail
so that it doesn't attempt an Ident (port 113) when responding to a
connection attempt?

Currently, anytime a machine attempts to connect to port 25, Sendmail hangs
up until it attempts to do an Ident by connecting back to the originating
host on pore 113. With more and more organizations using firewalls with
port 113 stealthed (just drops the packets, not refusing a connection), I've
noticed an increase in the number of connection attempts that take a minute
or more to start-up, and sometimes the connection attempt is rejected.

It seems somewhat silly, as when the port is not stealthed, and the
connection is refused from a machine not running the identd daemon, Sendmail
ignores it anyhow, and responds to the incoming connection immediately.

Unfortunately this appears to create problems, and I am getting more and
more complaints about mail that doesn't get through to my users.

Any Ideas?

Dave.

Re: Turn off Ident request on Sendmail Sessions

In "Dave M" writes:

>Can anyone provide a link or other instructions on how to configure Sendmail
>so that it doesn't attempt an Ident (port 113) when responding to a
>connection attempt?

>Currently, anytime a machine attempts to connect to port 25, Sendmail hangs
>up until it attempts to do an Ident by connecting back to the originating
>host on pore 113. With more and more organizations using firewalls with
>port 113 stealthed (just drops the packets, not refusing a connection), I've
>noticed an increase in the number of connection attempts that take a minute
>or more to start-up, and sometimes the connection attempt is rejected.

>It seems somewhat silly, as when the port is not stealthed, and the
>connection is refused from a machine not running the identd daemon, Sendmail
>ignores it anyhow, and responds to the incoming connection immediately.

>Unfortunately this appears to create problems, and I am getting more and
>more complaints about mail that doesn't get through to my users.

We turned off the ident checking two years ago and it really helped reduce the
number of sendmail processes running on our server.
Add the following line to the mc macro file.
define(`confTO_IDENT', `0s')dnl

If you are just editing a cf file directly instead of generating it from an
mc macro file you need to add the following line.

O Timeout.ident=0s

Setting the ident timeout to 0 results in no ident check being performed.
--
John Stewart -- Computing and Communications Services, Carleton University
Internet: jstewart@connect.carleton.ca 613-520-2600x3707
"Take time to stop and pick the blueberries."

Re: Turn off Ident request on Sendmail Sessions

Thanks!!

"John A. Stewart" wrote in message
news:dmq0fq$dba$1@driftwood.ccs.carleton.ca...
> In "Dave M"
writes:
>
> >Can anyone provide a link or other instructions on how to configure
Sendmail
> >so that it doesn't attempt an Ident (port 113) when responding to a
> >connection attempt?
>
> >Currently, anytime a machine attempts to connect to port 25, Sendmail
hangs
> >up until it attempts to do an Ident by connecting back to the originating
> >host on pore 113. With more and more organizations using firewalls with
> >port 113 stealthed (just drops the packets, not refusing a connection),
I've
> >noticed an increase in the number of connection attempts that take a
minute
> >or more to start-up, and sometimes the connection attempt is rejected.
>
> >It seems somewhat silly, as when the port is not stealthed, and the
> >connection is refused from a machine not running the identd daemon,
Sendmail
> >ignores it anyhow, and responds to the incoming connection immediately.
>
> >Unfortunately this appears to create problems, and I am getting more and
> >more complaints about mail that doesn't get through to my users.
>
> We turned off the ident checking two years ago and it really helped reduce
the
> number of sendmail processes running on our server.
> Add the following line to the mc macro file.
> define(`confTO_IDENT', `0s')dnl
>
> If you are just editing a cf file directly instead of generating it from
an
> mc macro file you need to add the following line.
>
> O Timeout.ident=0s
>
> Setting the ident timeout to 0 results in no ident check being performed.
> --
> John Stewart -- Computing and Communications Services, Carleton University
> Internet: jstewart@connect.carleton.ca
613-520-2600x3707
> "Take time to stop and pick the blueberries."