Q0020

Nigel Metheringham edited this page Nov 29, 2012 · 2 revisions
Clone this wiki locally

Q0020

Question

Why do connections to my machine's SMTP port take a long time to respond with the banner, when connections to other ports respond instantly? The delay is sometimes as long as 30 seconds.

Answer

These kinds of delay are usually caused by some kind of network problem that affects outgoing calls made by Exim at the start of an incoming connection. Configuration options that cause outgoing calls are:

  1. rfc1413_hosts and rfc1413_query_timeout (for ident calls). Firewalls sometimes block ident connections so that they time out, instead of refusing them immediately. This can cause this problem. See `FAQ/Miscellaneous/Q5023`_ for a discussion of the usefulness of ident.

  2. The host_lookup option, the host_reject_connection option, or a condition in the ACL that runs at connection time requires the remote host's name to be looked up from its IP address. Sometimes these DNS lookups time out. You can get this effect with ACL statements like this:

deny  hosts = *.x.example

If at all possible, you should use IP addresses instead of host names in blocking lists in order to to avoid this problem. You can use the -bh option to get more information about what is happening at the start of a connection. However, note that the -bh option does not provide a complete simulation. In particular, no ident checks are done, so it won't show up a delay problem that is related to (1) above.