smtp hanging

Discussion in 'Cisco' started by Anon, Jun 4, 2004.

  1. Anon

    Anon Guest

    I'm having a problem with outgoing SMTP hanging. I can see the
    initial handshake occuring but after I get an ACK from the remote
    server, there's a pause of about 1 to 2 minutes before I get the SMTP
    server banner and can issue commands (using 'telnet <servername> 25').
    I have an access list configured inbound on the external interface.
    It allows any any smtp established.

    access-list 101 permit tcp any any gt 1023 established
    access-list 101 permit tcp any any eq smtp

    I'm running two cisco 3660s with BGP peering with 2 ISPs. They're
    also running HSRP. They are running IOS 12.3(6). I have web servers
    behind these routers and they seem to be behaving just fine. I'm at a
    loss as to what could be causing this delay. I've put known good host
    on the same network and had the same issue with it as well. When I
    move the known good host back to it's native network, it works fine,
    no delay after the initial handshake. Any ideas as to what could be
    causing this or what I should look at?

    Thanks
     
    Anon, Jun 4, 2004
    #1
    1. Advertisements

  2. DNS timeouts on reverse lookups can cause this type of delay.

    HTH,


    JR
    --
    Johnny Routin

    ©¿©
    -




    =---
     
    Johnny Routin, Jun 4, 2004
    #2
    1. Advertisements

  3. This sounds like one of two possible problems:

    1) Bad reverse DNS delegation for your address block (if you're using
    NAT, I'm talking about the public address).

    2) The SMTP server is trying to send an IDENT query to the client, and
    your packet filter is blocking this.

    Does it happen with many different remote SMTP servers? If so, it's
    more likely #1 than #2, as IDENT is a feature than most SMTP server
    admins don't enable.
     
    Barry Margolin, Jun 4, 2004
    #3
  4. Anon

    Anon Guest

    I don't have reverse lookup configured yet but the servers on the
    other network that are able to do this without delay do not have a
    reverse lookup record either... :-(
     
    Anon, Jun 4, 2004
    #4
  5. Anon

    Anon Guest

    It does happen with any smtp server i try to make a connection with.
    Someone in the previous reply also mentioned it might be caused by
    reverse lookup but there is something odd about that:

    On the network that servers are able to run the SMTP connection
    without delay, there is no reverse lookup configured. So, basically,
    neither the network with delay nor the network without the delay have
    reverse lookups enabled. I will have a reverse lookup record set for
    a server and give it a test run anyway.

    Thanks
     
    Anon, Jun 4, 2004
    #5
  6. Is the other network in the same address block? The issue isn't whether
    there's a PTR record for the specific addres, but whether the reverse
    domain is delegated properly.

    Give us the addresses of a working and failing client and I can tell you
    if there's a reverse DNS issue.
     
    Barry Margolin, Jun 4, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.