On Wed, Dec 20, 2023 at 05:14:05PM +0100, Marco Moock wrote: > Am 20.12.2023 um 15:58:48 Uhr schrieb Joe: > > > For many years my SMTP server has requested an ident (TCP port 113) > > from outside sending servers. Since nobody now runs ident servers, > > there will be no reply, and my server waits for a timeout of thirty > > seconds before continuing. > > Good admins don't use DROP in firewalls, so either you get a TCP RST > (because no application listens on that port) or a ICMP administratively > prohibited, so your server knows that no identd runs there and can > continue.
Hm. For the wide internet I'd recommend drop (makes port scanning more difficult). For "internal" networks, reject is the way to go (unless you crave for fun debugging sessions, been there). Cheers -- t
signature.asc
Description: PGP signature
