we lease a RAQ3 and have loved it. Ever since day one however, when you send mail on any of the mailservers, there is a 30+ second delay before the mailserver accepts it and it leaves your outbox.

Possibly related is when you log into a site through ftp, there is a 10+ second delay right after "waiting for server response" in ws_ftp.

Any thoughts? I'm not positive I've set up all the dns entries properly, here's a sample of what's in my dns for most sites:

DNS Settings for sitename.com

Start of Authority (SOA) Configuration
sitename.com 1.2.3.4
mail.sitename.com 1.2.3.4
wwwsitename.com 1.2.3.4
sitename.com mail is sent to the High priority mail server mail.sitename.com



any ideas? I didn't do the "reverse ptr record" when I set up most sites...although for the ones that I have it doesn't seem to make a difference. Is it a DNS issue? Name server? I've checked pop before smtp and everyone's mail is setup to log in before sending. If that's not the case, there is a timeout or refusal to deliver the mail.
Thanks!
Sean

Hi,

No matter how many sites exist on your RaQ, you only need to set up 1 PTR for each IP.

That being said, most hosts (colo providers) do not delegate reverse authority for their IP's.

Insist that your colo provider put a PTR for your machine in their DNS, ie

x.x.x.x --> hostname.domainname.tld

You should do this for each IP you use as appropriate.

This should clear up your problem.

Brandon

they actually have a reverse ptr system set up, I'll forward your note to the tech looking into it and see what they say.

Do you run a raq 3? I'm trying to find someone to tell me "the raq3's send mail instantly" or very quickly so I know this is an issue.


Sean

I have RaQ3i's and 4i's, and experienced identical problems as you describe with both until the reverse pointers were properly configured.

Before PTR's: 30 second FTP, 30 second mail, 15 second logins, etc

After PTR's: all instantaneous

There can be other factors involved, but those are all within your control (RaQ setup & config). Reverse pointers are probably the only thing someone else has to do for you.

Brandon

We had a similar problem, this was on a redhat 7.1

Not sure if the RAq is similar but here goes

If you are running pop and ftp via xinetd then this may be why.

within the etc/xinetd.d directory there is a list of the services running, look for the wu-ftp and ipop3 or whatever is similar

within this file there should be the following

log_on_success += DURATION USERID

comment this line out and then restart the service

The delay is caused because inetd is trying to authenticate everything and is timing out.

..

This may not be the answer you are looking for but it should help someone

Thanks

Yes, this is a workaround for the reverse lookups not completing successfully. (The process described in my first post above.)

I saw a RaQ specific workaround on the Sun Cobalt forum last week, here it is:

------

Hi,
I recently had a similar problem on one of our customer's Raq4's. After digging into some newsgroups I found the solution. Obviously it had to do with DNS lookups. To solve the problem, add the following lines to /etc/proftpd.conf:

UseReverseDNS off IdentLookups off

Then restart inetd:

/etc/rc.d/init.d/inet restart

------

This is obviously for FTP, but perhaps you could apply the same or similar options to mail and/or SSH? Search the cobalt-users archive, or the Sun Cobalt forum.

HTH,

Brandon

thanks. I actually saw the same note at the SUN knowledge base and decided to try it. It fixed FTP!

Digging further, it appears the issue is when the user is behind a firewall (I'm behind a linksys cable router). It continues to try to resolve your internal ip and eventually fails. The changes above with UseReverseDNS off fixed that.

Mail is still an issue. I'll keep sifting through the SUN pages to find a solutions. Anyone else get their mail to work instantly through a firewall?

Thanks!
Sean

I am going to go ahead and admit, I don't know a lot about this reverse lookup thing. Particularly, why does fixing the PTR for the HOST (RaQ) affect the login times for a remote mail/FTP/SSH client??

I'm not real clear on that. But I also use a Linksys BEFSR4 router/firewall from my primary PC, and once the colo properly configured the PTR's for ALL my RaQ IP's on their end, problems disappeared. For the record, my personal ISP has had me behind proxies, on internal IP DHCP, external IP DHCP, and now static IP, and in all cases I've been using the Linksys with no problems.

Maybe you could vary your nameserver entries in GUI? I now use my RaQ nameserver IP's with no issues. Could be totally unrelated, but worth a shot.

Good luck,

Brandon

this is what I posed at the sun site, no good replies as of today. Anyone with ideas? My colo insists ptr's are all config properly. How would I check?


I have a raq 3 with many users complaining of timeouts when sending mail. after much searching, I found some details on qpopper's site saying:
>How do I disable DNS lookups at run-time? Normally, Qpopper attempts a reverse-lookup on the client IP address when a connection is made. You can prevent this by using the -R command-line or the reverse-lookups configuration file option. When this is done, the log file repeats the client IP address twice, instead of the canonical name following the IP address.

You might want to do this on systems that have a high load, to avoid the overhead of the DNS lookups. You might also want to do this if the information is simply not useful or desired.


I found elsewhere the suggestion to add the "-R" and the end of the line pop-e stream tcp nowait.200 root /usr/sbin/tcpd in.qpopper -R I also tried to put "reverse-lookup = false" with spaces and without. I think I'm close, but not there yet.

after rebooting the system, it still doesn't work. It's definately a DNS authentication issue. If I turn off my firewall, my mail is sent out immediately. With firewall on my users end, the raq3 waits to timeout before sending the mail.

Any help would be greatly appreciated. I couldn't quite tell from the qpopper / eudora text where or how to make that change.

for what it's worth, we had the same issue with slow ftp connections, and after adding UseReverseDNS off IdentLookups off to the proftpd.conf file it works flawlessly.

Sean

I may be way off base here, but if you turn off reverse lookups on qpopper, won't that disable POP-before-SMTP protection? It was my understanding that it works by logging the IP you check your mail from, then allows SMTP connections from that same IP within a specified period of time.

It may be worth it for you to hire an expert for an hour or two ($100-150) to clear this up and either let you know definitively what the issue is, or disable reverse lookups for you. Especially if your customers are affected, go ahead and take care of it.

PM me for a couple of impartial referrals.

Brandon

PS - You are making your changes in inetd.conf, right?

from what I read, it sounds like it will only stop doing the reverse lookup on the ip address you're coming from. So if you're behind a firewall that won't let someone through, it will still record the ip address, but will not do the name lookup. ?

I've tried adding in the reverse ptr, my colo says it's all fine. if I turn off my firewall, the mail shoots right through. With a firewall or nat router, there is a 30 second + delay on sending mail.

As a side note, I can see the lights of the router blinking whenever I send mail, but it won't pass it along to any computer connected to the network. So I'm certain it's the raq trying to authenticate who's sending the mail. Eventually it times out. I'd love to get rid of the reverse lookup, so far I've not found exactly how to do it.

affirmative on the changes with inetd.conf. I know others have had this issue based on previous posts and searching the sun forums, but I can't find much more than "add the -R" to inetd.conf

Sean

summary: when sending mail, there is a long (30+ second delay) before it will leave your outbox with a raq 3 when the mail sender is behind a firewall or nat router.

for those experiencing the same issue, here's the fix we found.

edit sendmail.cf in the /etc directory
look for
o timeout.ident=XX and make it timeout.ident=1s

fixed it immediately.
the raq was trying to ident the mail sender, and their router / firewall was blocking certain ports. eventually it would time out and send, but this speeds things up considerably.

many thanks to Spence at Dialtone.


Sean

Here's a fix that will speed up ftp. Edit the /etc/proftpd.conf file to have this:

<Global>
IdentLookups off
</Global>
UseReverseDNS off

Hi again Sean,

Glad to hear you were able to get it fixed!

Brandon

Originally posted by SeanC
summary: when sending mail, there is a long (30+ second delay) before it will leave your outbox with a raq 3 when the mail sender is behind a firewall or nat router.

for those experiencing the same issue, here's the fix we found.

edit sendmail.cf in the /etc directory
look for
o timeout.ident=XX and make it timeout.ident=1s

fixed it immediately.
the raq was trying to ident the mail sender, and their router / firewall was blocking certain ports. eventually it would time out and send, but this speeds things up considerably.

Sean

I have been experiencing the same problem since installing a new router on my network. I changed o timeout.ident=30s to o timeout.ident=1s (and then 0s) but it still takes 30 seconds or so to authenticate.

I then rebooted.

Reverse DNS is set up.

Any ideas what might help?

Really the only change was to make that 30 become a 1, not sure if the "o" was to be there or not without taking a look at my raq.

Is it only on mail? Does ftp log right in quickly?

it's a new router that's not attached to the web server, right? It's a router on your work or home machines on the net?

hope someone can help...
Sean

Hi Sean,

In answer to your questions :


I only changed the =Xs at the end of the line, so if the o was already there, it was left there.

ftp servers are slow-ish when logging in - about 8 seconds wait. Again, this seems to be the introduction of my new router.

Yes, the router is at home. Sorry, I wasn't very clear in my original post.

somewhere on here I detailed how to fix the ftp login problems. I'm not sure, but that may be a necessary fix first, then this one will work.

I searched for months on the email delay problem. This was the only change that made it work, but maybe there's something else different.

Hope you find it!

Sean

Ah, that's a good point. the ftp wasn't bothering me too much because I don't use it that often. I know the fix you mentioned... I'll try it and see what happens.

Tried the ftp thing, rebooted, still the same delay.