Pkg exim4 users - Jan 2006 - Guidance request Inbound connection timeouts

Hello,

I am running Exim4-heavy (4.60) on a Debian etch machine. From my point of 
view everything looks great. However, I am having an issue where a critical 
client group is not able to send mail to my server to relay to the internal 
mail server. 

While I believe it is a problem with their ISP provider''s MTA software
and
configuration; there appears to be a problem with my EXIM4''s behavior.
I
state this because of the number of lost connections in the log_file. 

To resolve the issue, I have updated to exim4-4.60-3 heavy daemon, went the 
original exim4.config.template supplied in the deb.

OS: Debian/Etch 

Platform: Dell PowerEdge Server 2300 with 2-400Mhz PII CPUS 512MB RAM

Platform Usage: web server (apache2), EMail gateway and filtering, DNS 
provider, DHCP-server.  

Typical Load: 
Tasks:  72 total,   1 running,  71 sleeping,   0 stopped,   0 zombie
Cpu0  :  0.3% us,  0.7% sy,  0.0% ni, 99.0% id,  0.0% wa,  0.0% hi,  0.0% si
Cpu1  :  0.0% us,  0.0% sy,  0.0% ni, 100.0% id,  0.0% wa,  0.0% hi,  0.0% si
Mem:    515920k total,   497232k used,    18688k free,   102840k buffers
Swap:  2000084k total,        0k used,  2000084k free,   253820k cached

Issue: Some outside MTAs tring to connect my EXIM daemon experience excessive 
delays between intiating the connection and receiving the 220 message from my 
machine. 

I have explored the follwoing possible reasons and them ruled out. 
1) Network congestion and 2) Domain name services. 

I have attempted to true on minimal DNS in exim and have tried setting 
host_lookups to nothing, an emtpy list, and specific nets. The
"problem"
still exists.   

With SMTP_connection logging, I can see the connection coming immediately 
when I telnet to port 25 on my machine from a hosts outside my local domain, 
but the 220 response is not returned, for some hosts, immediately (35-60 
seconds). A dig -x on my machine returns dns information quickly, less than 
one second. 

I have googled without success. Any pointers, advice would be greatly 
appreciated. 

TIA
Clarence

--
Clarence W. Robison, P.E.
robison@kimberly.uidaho.edu
208-423-6610

On Sun, Jan 29, 2006 at 01:04:06PM -0700, Clarence W. Robison
wrote:
> Issue: Some outside MTAs tring to connect my EXIM daemon experience
excessive
> delays between intiating the connection and receiving the 220 message from
my
> machine. 
If that delay is almost exactly 30 seconds, and the client is running
a misconfigured firewall which doesn''t reject connection requests, you
are suffering from auth timeouts. Try disabling rfc1413 requests.
> I have googled without success. Any pointers, advice would be greatly 
> appreciated. 
If rfc1413 is not the issue, try running a daemon (on a different
port?) with -d and see where the delays occur.

If TLS is in the game, you might have an entropy issue.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835