Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Qmail and TCPREMOTEINFO

Posted on 2006-05-17
9
Medium Priority
?
963 Views
Last Modified: 2007-12-19
My virtual dedicated server is slow to respond when Outlook connects to send new mail.  I think I've tracked it down to the following.   qmail-smptd runs under xinetd with these parameters:

service smtp
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        disable         = no
        user            = root
        instances       = UNLIMITED
        server          = /var/qmail/bin/tcp-env
        server_args     = /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

tcp-env has these options:
     -r    (Default.)  Attempt to obtain TCPREMOTEINFO  from  the
          remote host.

     -R    Do not attempt to obtain TCPREMOTEINFO from the remote
          host.

     -ttimeout
          Give up on the TCPREMOTEINFO connection  attempt  after
          timeout seconds.  Default: 30.

So, by default I'm getting a 30 second delay.  Is there any value in attempting to obtain TCPREMOTEINFO?  If so, what would be a sensible value to set the timeout to?

Thanks.
0
Comment
Question by:johnalphaone
  • 4
  • 4
9 Comments
 
LVL 5

Expert Comment

by:arvind
ID: 16701089
in the file
/var/qmail/supervise/qmail-smtpd/run

find the following line:
/usr/local/bin/tcpserver

then just add -H to one of the arguments

reboot the server, and everything is much faster now!

--hope it works :)
0
 
LVL 5

Expert Comment

by:arvind
ID: 16701147
or add following

server_args = -Rt0 and then service xinetd restart
0
 

Author Comment

by:johnalphaone
ID: 16701153
That file does not exist.  qmail-smtpd is being run under tcp-env, not tcpserver.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 

Author Comment

by:johnalphaone
ID: 16701171
>or add following

>server_args = -Rt0 and then service xinetd restart

Yes I know to do that.  But you haven't answered the question;-
"Is there any value in attempting to obtain TCPREMOTEINFO?  If so, what would be a sensible value to set the timeout to?"
0
 
LVL 5

Expert Comment

by:arvind
ID: 16701256
Try something like "host -d www.yahoo.com" and tell us how long the query takes. It should be in the last line that says something like "Received 193 bytes from 127.0.0.1#53 in 173 ms"

You may still have a problem on that machine that should likely be fixed.
0
 

Author Comment

by:johnalphaone
ID: 16701957
For the third time, THIS is the question:-
"Is there any value in attempting to obtain TCPREMOTEINFO?  If so, what would be a sensible value to set the timeout to?"
0
 
LVL 5

Expert Comment

by:arvind
ID: 16703953
not able to understand your question?

U mean to say in Qmail-smtp asking TCPREMOTEINFO?
0
 
LVL 23

Accepted Solution

by:
Mysidia earned 2000 total points
ID: 16704922
TCPREMOTEINFO comes from posting a request with Ident service; which involves connecting back to the user.
It only works if the user's machine responds to Ident requests on port 113.  Information about the username
of a user connecting, as well as their host Operating System  may be provided to you.

The sole value of enabling this capability on any service is for auditing and logging purposes -- to enable you
to track down e-mail abuse on your network for instance.

Windows machines will normally not respond to TCPREMOTEINFO; you just have to wait for it to timeout
before you can connect ---  since most users run windows machines, the information requested over
Ident to be stored as $TCPREMOTEINFO  is  useless the vast majority of the time.

The formal value of requesting TCPREMOTEINFO data is purely for logging and auditing purposes; it cannot
safely be used for access control, because it is possible for a user to provide a fake Ident reply.



To avoid creating loops, TCPREMOTEINFO  information should  not be requested by servers that run
on port 113  (Ident).

It may also cause problems to enable  TCPREMOTEINFO for servers running on  port 53 (SMTP) .


No timeout is really reasonable if speed is a concern --- the longer you set the timeout value, the more you
will slow down the service.

In general, I prefer to use 10 to 15 seconds for the timeout - Yes, Ident requests that would go through
if a longer wait were allowed sometimes timeout; however, the same can happen with 30 seconds or 90
seconds.

Something's definitely amiss or running very slowly, if it takes 15 seconds to get a simple TCPREMOTEINFO
response, and there's more than a passing chance  the problem lasts longer than 15 more seconds.

0
 

Author Comment

by:johnalphaone
ID: 16706184
Thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month21 days, 7 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question