Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 22 Nov 2020 07:06:04 +0000
From:      pascaluba@gmail.com
To:        net@freebsd.org
Subject:   =?UTF-8?Q?Sehr_Beg=C3=BCnstigter?=
Message-ID:  <000000000000f2286e05b4acb5ef@google.com>

Next in thread | Raw E-Mail | Index | Archive | Help
SSd2ZSBpbnZpdGVkIHlvdSB0byBmaWxsIG91dCB0aGUgZm9sbG93aW5nIGZvcm06DQpVbnRpdGxl
ZCBmb3JtDQoNClRvIGZpbGwgaXQgb3V0LCB2aXNpdDoNCmh0dHBzOi8vZG9jcy5nb29nbGUuY29t
L2Zvcm1zL2QvZS8xRkFJcFFMU2VkTWxXQ2VoS2pJYndzOW9uc2M3OGRDN1gyNGlMZzNxUkd6VzBQ
TzhTY0w0WTdrQS92aWV3Zm9ybT92Yz0wJmFtcDtjPTAmYW1wO3c9MSZhbXA7ZmxyPTAmYW1wO3Vz
cD1tYWlsX2Zvcm1fbGluaw0KDQpTZWhyIEJlZ8O8bnN0aWd0ZXINCg0KSWNoIHNjaHJlaWJlIElo
bmVuLCB1bSBTaWUgZGFyw7xiZXIgenUgaW5mb3JtaWVyZW4sIGRhc3MgSWhyIGxhbmcgZXJ3YXJ0
ZXRlciAgDQpFbnRzY2jDpGRpZ3VuZ3Nmb25kcyBpbiBIw7ZoZSB2b24gMi4wMDAuMDAwLDAwIEV1
cm8gZnJlaWdlZ2ViZW4gdW5kIGF1Y2ggIA0KZWluZXIgZsO8ciBTaWUgcHJvZ3JhbW1pZXJ0ZW4g
R2VsZGF1dG9tYXRlbmthcnRlIGd1dGdlc2NocmllYmVuIHd1cmRlLCBkaWUgIA0KYW4gamVkZW0g
R2VsZGF1dG9tYXRlbiB0w6RnbGljaCAzMDAwIEV1cm8gYWJoZWJ0ICkgSWhyZXIgV2FobCBpbiBq
ZWRlbSBUZWlsICANCmRlciBXZWx0Lg0KDQpFcyB3aXJkIGRhaGVyIGVtcGZvaGxlbiwgc2ljaCBh
biBEci4gTWljaGFlbCBEdWtlIHp1IHdlbmRlbiwgZGVyIHVuc2VyICANClZlcnRyZXRlciBpbiBk
ZXIgUmVwdWJsaWsgQmVuaW4gaXN0LiBFciBoaWxmdCBJaG5lbiBiZWltIEVyaGFsdCBJaHJlciAg
DQpHZWxkYXV0b21hdGVua2FydGUuIFVudGVuIGlzdCBzZWluZSBLb250YWt0YWRyZXNzZQ0KDQpB
bnNwcmVjaHBhcnRuZXI6IE1pY2hhZWwgRHVrZQ0KRS1NYWlsOiBtaWtlZHVrZXNyQGdtYWlsLmNv
bQ0KVGVsZWZvbjogKyAyMjktMzk2ODQ3ODkNCg0KU3RlbGxlbiBTaWUgc2ljaGVyLCBkYXNzIFNp
ZSBpaG4gc29mb3J0IG1pdCBJaHJlbSB2b2xsc3TDpG5kaWdlbiBOYW1lbiwgIA0KSWhyZXIgUHJp
dmF0LSBvZGVyIELDvHJvYWRyZXNzZSwgSWhyZXIgU3RhZHQsIElocmVtIExhbmQgdW5kIElocmVy
ICANClRlbGVmb25udW1tZXIgenVyIMOcYmVycHLDvGZ1bmcga29udGFrdGllcmVuLCB1bSB6dSB2
ZXJtZWlkZW4sIGRhc3MgZGllc2UgYW4gIA0KZGllIGZhbHNjaGUgUGVyc29uIHdlaXRlcmdlZ2Vi
ZW4gd2VyZGVuLiBJY2ggd2VyZGUgZGFyYXVmIHdhcnRlbiwgdm9uIElobmVuICANCnp1IGjDtnJl
biwgd2VubiBTaWUgSWhyZSBHZWxkYXV0b21hdGVua2FydGUgZXJoYWx0ZW4uDQoNCkRhbmtlIHZp
ZWxtYWxzLA0KSGVyciBLYXJsIFdlcm5lcg0KVmVyYmluZHVuZ3Niw7xybyBkZXIgVmVyZWludGVu
IE5hdGlvbmVuDQpEaXJla3Rpb24gZsO8ciBpbnRlcm5hdGlvbmFsZSBaYWhsdW5nZW4NCg0KR29v
Z2xlIEZvcm1zOiBDcmVhdGUgYW5kIGFuYWx5emUgc3VydmV5cy4NCg==
From owner-freebsd-net@freebsd.org  Sun Nov 22 13:37:51 2020
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D6EBE468B32;
 Sun, 22 Nov 2020 13:37:51 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [91.121.41.56])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CfBDb0f8bz3Fr8;
 Sun, 22 Nov 2020 13:37:50 +0000 (UTC)
 (envelope-from trashcan@ellael.org)
Received: from [IPv6:2003:fb:4f0f:4a01:384c:e785:7e69:e5ee]
 (p200300Fb4f0F4A01384ce7857e69E5EE.dip0.t-ipconnect.de
 [IPv6:2003:fb:4f0f:4a01:384c:e785:7e69:e5ee])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 4CfBDN3cGJzFdH;
 Sun, 22 Nov 2020 14:37:40 +0100 (CET)
From: Michael Grimm <trashcan@ellael.org>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication
Message-Id: <ECBD295C-00D6-4897-A49D-4B2049F2C132@ellael.org>
Date: Sun, 22 Nov 2020 14:37:33 +0100
Cc: gnn@freebsd.org
To: freebsd-net@freebsd.org,
 FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Rspamd-Queue-Id: 4CfBDb0f8bz3Fr8
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of trashcan@ellael.org has no SPF policy
 when checking 91.121.41.56) smtp.mailfrom=trashcan@ellael.org
X-Spamd-Result: default: False [-1.41 / 15.00]; RCVD_TLS_ALL(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3];
 MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[ellael.org];
 ARC_NA(0.00)[]; TO_DN_SOME(0.00)[];
 SPAMHAUS_ZRD(0.00)[91.121.41.56:from:127.0.2.255];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 RBL_DBL_DONT_QUERY_IPS(0.00)[91.121.41.56:from];
 NEURAL_HAM_LONG(-1.00)[-1.000];
 NEURAL_HAM_SHORT(-0.81)[-0.813]; AUTH_NA(1.00)[];
 R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:16276, ipnet:91.121.0.0/16, country:FR];
 RCVD_COUNT_TWO(0.00)[2];
 MAILMAN_DEST(0.00)[freebsd-net,freebsd-stable]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>;
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2020 13:37:51 -0000

Hi,

I am running 12.2-STABLE and VNET jails, one of which host a recent =
Dovecot IMAP and a recent postfix SMTP server. Authentication is forced =
via TLS/SSL for both services (ports 587 and 993). Setup is as follows:

	extIF0/pf/NAT <=E2=80=94> epairXa (bridge0) epairXb <-> jail

A recent upgrade broke mailing of IMAP clients running at macOS 10.14.6 =
(Mojave) und AVM's push service (Fritzbox), but *not* for IMAP clients =
running at macOS 10.15.7 (Catalina). Strange.

Findings at macOS 10.14.6 (examplified for IMAP):

1) 	mac$ nc -4vw 1 mail.xyz.zzz 993
	found 0 associations
	found 1 connections:
 	    1:	flags=3D82<CONNECTED,PREFERRED>
		outif en0
		src 1.2.3.4 port 49583
		dst 11.22.33.44 port 993
		rank info not available
		TCP aux info available

	Connection to mail.xyz.zzz port 993 [tcp/imaps] succeeded!

2)	mac$ openssl s_client -crlf -connect mail.xyz.zzz:993 -debug
	CONNECTED(00000005)
	write to 0x7fa32ef01ae0 [0x7fa33080a803] (200 bytes =3D> 200 =
(0xC8))
	0000 - 16 03 01 00 c3 01 00 00-bf 03 03 32 f7 fe fa b4 =
...........2....=20
	0010 - e8 9a 60 38 ef 34 99 70-84 ce dc 1a 08 b8 76 90   =
..`8.4.p=E2=80=A6=E2=80=A6v.
	0020 - 19 8c 81 f4 a6 37 19 37-09 70 6f 00 00 60 c0 30   =
.....7.7.po..`.0
	0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 9f 00 6b 00 39   =
.,.(.$.......k.9
	0040 - cc a9 cc a8 cc aa ff 85-00 c4 00 88 00 81 00 9d   =
=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6.
	0050 - 00 3d 00 35 00 c0 00 84-c0 2f c0 2b c0 27 c0 23   =
.=3D.5...../.+.'.#
	0060 - c0 13 c0 09 00 9e 00 67-00 33 00 be 00 45 00 9c   =
.......g.3...E..
	0070 - 00 3c 00 2f 00 ba 00 41-c0 11 c0 07 00 05 00 04   =
.<./...A=E2=80=A6=E2=80=A6..
	0080 - c0 12 c0 08 00 16 00 0a-00 15 00 09 00 ff 01 00   =
=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6.
	0090 - 00 36 00 0b 00 02 01 00-00 0a 00 08 00 06 00 1d   =
.6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6..
	00a0 - 00 17 00 18 00 23 00 00-00 0d 00 1c 00 1a 06 01   =
.....#=E2=80=A6=E2=80=A6=E2=80=A6.
	00b0 - 06 03 ef ef 05 01 05 03-04 01 04 03 ee ee ed ed   =
=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6.
	00c0 - 03 01 03 03 02 01 02 03-                          =
........

	hanging at that stage forever=20
	(and client complaining of its inability to authenticate and =
reports timeout after 60 seconds)


I did identify commit 367740 being responsible for that:

	mike>	svn up -r 367740
	Updating '.':
	U    sys/netinet/ip_fastfwd.c
	U    sys/netinet/ip_input.c
	U    sys/netinet/ip_var.h
	 U   .
	Updated to revision 367740.


Any Ideas, especially why clients at different OS behave different?

FYI: I do have no access to AVM's push service, and very limited access =
to the macOS 10.14.6 computer.

Thanks in advance and with kind regards,
Michael

P.S. How may I update a local svn copy and simultaneously omit commit =
367740 from being applied, or how may I revert commit 367740, only?





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?000000000000f2286e05b4acb5ef>