On Sat, Sep 25, 1999 at 07:00:57PM +0000, [EMAIL PROTECTED] wrote:
>
> It is my understanding that is it neither necessary nor desireable to do a
> remote host lookup on each incoming mail item. However, I have tried to
> start qmail-smtpd under tcpserver with both the -H and -R options, as well
> as a combination of both. Still, identd is trying to do a remote lookup on
> each item. My os is Redhat 5.2 Linux.
>
> 29270 ? S 0:00 supervise /var/lock/qmail-smtpd tcpserver -v -HR -c40
> -x /etc/tcprules.d/qmail-smtpd.cdb -u81 -g80 0 smtp rblsmtpd -b -r
> relays.radparker.com rblsmtpd -b qmail-smtpd
OK. By this configuration you shouldn't be initiating remote name lookups,
nor ident queries. That's good since this information from a remote site
is rarely useful.
> A typical syslog entry:
>
> Sep 19 05:30:43 mail identd[8469]: from: 208.14.212.3 ( isot.com ) for:
> 3173, 25
> Sep 19 05:30:43 mail identd[8469]: Successful lookup: 3173 , 25 :
> qmailr.qmail
This is different. This is syslog telling you that 208.14.212.3 ( isot.com )
is trying to find out who on your machine is connecting to them. I.e.
they haven't disabled the ident lookup.
> My question: How do I disable this remote lookup, or is it
> necessary/recommended to do the lookup?
If this stuff worries you (and it is a time and resource drain on your
server) you can use something like tcp_wrappers' /etc/hosts.deny to prevent
ident requests from being served to hosts outside of your network, or just
comment out the identd entry from your /etc/inetd.conf.
--
The 5 year plan:
In five years we'll make up another plan.
Or just re-use this one.
