Quoting Michael D. Spence (spence@panix.com):
> I have identd blocked by ipfilter, but I just discovered that's 
> the cause of abuse.com always taking so long to respond.  Should 
> I allow auth requests through ipfilter or is that a bad idea?

The problem we long had with Sendmail was incorrectly
configured firewalls dropping ident.  Sendmail would
wait 30 seconds for some response.  The correct action
is a block that causes an ICMP_UNREACH_PORT to be
sent back (usually "block" vs. "drop").

Sniff a bit for some response from your firewall on the block.

At Sendmail, the response was to drop the ident timeout to 2sec.
   define(TO_IDENT, 2s)dnl

The lets you get it (can be handy for LAN based mail), but not
wait forever for it from the WAN.