Date: Tue, 11 Mar 2014 13:39:10 -0600 From: John Nielsen <lists@jnielsen.net> To: Karl Denninger <tickerguydenninger@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: Two odd problems with STABLE-10 r262921 Message-ID: <07F92476-4D78-42DA-93D4-373680AEE93A@jnielsen.net> In-Reply-To: <CAHCMRk_=s%2B2LYr-pLkt7LJK3LcWSiomtLb_HhfUrj4VMUHjQVQ@mail.gmail.com> References: <CAHCMRk_=s%2B2LYr-pLkt7LJK3LcWSiomtLb_HhfUrj4VMUHjQVQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 11, 2014, at 7:29 AM, Karl Denninger = <tickerguydenninger@gmail.com> wrote: > Two things I've run into with this coming from 9.2-STABLE.... >=20 > 1. I am getting errors coming from mail transmissions to certain MX = relays > -- and only those relays. One of them is (ironically) = mx1.freebsd.org, > which precludes emailing the list from my primary email address! The = error > logs in the maillog file show: >=20 > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS=3Dclient, = relay=3Dmx1.freebsd.org., > version=3DTLSv1/SSLv3, verify=3DFAIL, = cipher=3DECDHE-RSA-AES256-GCM-SHA384, > bits=3D256/256 > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS: write error=3Dsyscall = error > (-1), errno=3D13, get_error=3Derror:00000000:lib(0):func(0):reason(0), > retry=3D99, ssl_err=3D5 > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): = putbody: > write error: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): = timeout > writing message to mx1.freebsd.org.: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: to=3D< > freebsd-fs@freebsd.org>, ctladdr=3D<karl@denninger.net> (1001/1001), > delay=3D16:33:50, xdelay=3D00:00:05, mailer=3Desmtp, pri=3D4186247, = relay=3D > mx1.freebsd.org. [8.8.178.115], dsn=3D4.0.0, stat=3DDeferred >=20 > Permission denied -- on a socket? As root? What am I missing here? >=20 > (Shutting off TLS does not resolve this.) However, this is not = universal; > it only impacts *some* emails.... >=20 >=20 > Mar 11 08:20:37 NewFS sm-mta[5433]: s2BDKbF4005433: from=3D< > ticker@fs.denninger.net>, size=3D962, class=3D0, nrcpts=3D1, msgid=3D< > 201403111320.s2BDKTF3005412@fs.denninger.net>, proto=3DESMTP, = daemon=3DIPv4, > relay=3Dlocalhost [127.0.0.1] > Mar 11 08:20:37 NewFS sendmail[5412]: s2BDKTF3005412: = to=3Dxxxxxxxx@yahoo.com, > ctladdr=3Dticker (20098/20098), delay=3D00:00:08, xdelay=3D00:00:05, > mailer=3Drelay, pri=3D3 > 0494, relay=3D[127.0.0.1] [127.0.0.1], dsn=3D2.0.0, stat=3DSent = (Message accepted) > Mar 11 08:20:37 NewFS sm-mta[5461]: STARTTLS=3Dclient, relay=3D > mta5.am0.yahoodns.net., version=3DTLSv1/SSLv3, verify=3DFAIL, > cipher=3DDHE-RSA-CAMELLIA256-SHA, bits=3D256/256 > Mar 11 08:20:39 NewFS sm-mta[5461]: s2BDKbF4005433: = to=3D<xxxxxxx@yahoo.com>, > ctladdr=3D<ticker@fs.denninger.net> (20098/20098), delay=3D00:00:02, > xdelay=3D00:00:02, > mailer=3Desmtp, pri=3D30962, relay=3Dmta5.am0.yahoodns.net. = [66.196.118.35], > dsn=3D2.0.0, stat=3DSent (ok dirdel) >=20 > That one went through successfully.... >=20 > This is new; I didn't have any trouble on 9.2-STABLE at all. Ideas? Are you by any chance using both TSO and NAT on an interface[1]? I saw = problems with larger transmissions and odd "permission denied" errors on = a machine in that situation. Not sure what changed in 10 vs 9 to expose = the issue but it wouldn't be the first I've heard of it[2]. Try "ifconfig yournatinterface -tso" if so and see if the problem goes = away (obviously replace "yournatinterface" with the actual interface = name). If it does, add "-tso" to the appropriate ifconfig entry in = /etc/rc.conf. JN [1] See also the related BUGS entry in ipfw(8): = http://www.freebsd.org/cgi/man.cgi?query=3Dipfw&sektion=3D8#end [2] = http://lists.freebsd.org/pipermail/freebsd-ipfw/2014-February/005560.html=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?07F92476-4D78-42DA-93D4-373680AEE93A>