Telnet

Yes, possibly, though my server asks for an ident from connecting SMTP servers. Nobody runs an ident server nowadays, so a timeout of thirty seconds is imposed before the transaction continues.

Only spammers drop out in the timeout. As far as I'm aware, I've never lost an email because a legitimate SMTP server will not wait for thirty seconds.

--
Joe

Not to telnetd servers probably, but it has other uses. And the post you replied to did mention not needing a telnet daemon.

And nntp, and web, and redis, and dictd, and ...

Can't say I've noticed that, but I don't do much raw SMTP. I've seen that with NNTP.

What do you do if the ident server replies?

$ grep ^ident /etc/services ident 113/tcp identify 2987/tcp # identify identify 2987/udp # identify $ telnet localhost 113 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.

jddj

0 , 0 : ERROR : X-INVALID-REQUEST Connection closed by foreign host. $

I don't know how to speak the ident protocol, but it is running on this machine. My recollection is you feed it an IP address and port and it tells you the identity of the user who has opened the connection. I know that the default Apache log entry has a field for identd value, to be compatible with NCSA httpd, but I don't think anyone enables the ident module these days.

"tar-piting" SMTP servers are not unknown, specifically to slow down spammers by exercising their slow talker acceptance.

Elijah

------ fingerd is also running here

--
https://www.greenend.org.uk/rjk/

I have no serious interest in learning how to do ident lookups. They are meaningless unless you can trust the site operator to enforce them to be accurate. The last time I needed to use a site that checked ident was probably in the 1990s.

Here's the Apache module that I don't think anyone uses:

There are "zarro" bugs reported for mod_ident, and it isn't mentioned once in the 300k CHANGES_2.4 file, going back to Apache 2.3.0-dev. There's one mention in the 2.2.x changes, where it is moved from core to it's own module as part of the 2.1.1 changes. The last real change was in Apache 2.0.27, where a bug was fixed that was causing it to always "bungling" the request thus ensuring a "nobody" response.

Elijah

------ betting the bungling happened on the path from 1.x Apache to 2.x Apache

Re: Re: Telnet By: Scott Alfter to snipped-for-privacy@andyburns.uk on Wed Oct 20 2021 05:39 pm

Ident is still relevant for some IRC services. Some IRC servers in actual networks don't let you in if your Ident responsie is not convincing.

This still makes sense because a bunch of users connect to IRC using remote shells.

--
gopher://gopher.richardfalken.com/1/richardfalken

ident is one of the few protocols I tend to configure firewalls to send an active reject, rather than a silent drop, but that was a habit developed 15+ years ago, no idea how many ident requests get sent nowadays.

I was talking more about the SMTP server getting upset if you don't e.g. send an RCPT TO: within a second or two after the MAIL FROM:

Get on with the transaction immediately. I don't think I've ever noticed this happening in the log file.

--
Joe

I've been fooling around with the Internet for over 30 years (including using telnet to send test emails and talk to IRC servers), but I've never even heard of this "ident" thing until it was brought up here. I've never had to configure any hosts, firewalls, or whatever with it in mind, and I've run my own mail server for over 20 years, so I suspect that if it ever really was a thing, by now it's pretty much a non-issue.

(Someone else commented on my sig in another reply. The ASCII Apple has been in it since 1989, though for the first four years it had "IIe" in the middle instead of "IIGS," because that's what I was using. The IIGS is no longer my daily driver, but I still have it and it lives on here. :-) )

_/_ / v \ Scott Alfter (remove the obvious to send mail) (IIGS(

Top-posting! \_^_/ >What's the most annoying thing on Usenet?

The problem is it is not a sig vvvvvvvvvvvvvvvvvvvvvvvvvv

--
     ?I know that most men, including those at ease with problems of the  
greatest complexity, can seldom accept even the simplest and most  
obvious truth if it be such as would oblige them to admit the falsity of  
conclusions which they have delighted in explaining to colleagues, which  
they have proudly taught to others, and which they have woven, thread by  
thread, into the fabric of their lives.? 

     ? Leo Tolstoy

It's very old, one of the primeval protocols of the Net, like finger, from the days when most people who used the Net were academics and were moderately trustworthy.

--
Joe

So just that? No logging of the identity or adding it to mail headers somehow? I just used `telnet mail.jretrading.com smtp` to send you some mail from this host. I didn't notice any 30 second delays, but there was a ~1 second pause after the RCPT command. Is that when the ident kicks in?

Elijah

------ or it could have been normal internet lag

I don't think I've ever had even one reply. I do see 'timeout exceeded' messages throughout the log, and a lot of obvious spammer connections dropped for no other reason. Not all, unfortunately.

Probably. Most of the rejection code is in RCPT, on the theory that if told there is no such recipient, they won't bother ringing back. I don't know how well that works, but it is/was standard advice.

I do know that I found it convenient to run ident on my main workstation, though I'm not worried about timeouts elsewhere. But I sometimes send a string of emails quite quickly from the workstation, and the thirty seconds were irritating.

--
Joe