Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 21 Nov 2009 17:03:41 +0000
From:      RW <>
Subject:   Re: sending mail with attachments always fail (FreeBSD/pf)
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sat, 21 Nov 2009 16:27:20 +0100
Matthias Apitz <> wrote:

> El d=EDa Saturday, November 21, 2009 a las 08:59:12PM +0600, Victor
> Lyapunov escribi=F3:
> > Hi all,
> >=20
> > I have production network with FreeBSD box acting as firewall. The
> > problem emerge as soon as users send mail with attachments. (Sending
> > mail without attachments always succeeds). Basically, when a user
> > tries to send a message, only part of it transmitted before
> > connection is interrupted and sending fails. The problem persists
> > only when pf is enabled.
> I think concerning TCP/IP there is no diff between a mail with or w/o
> attachment, it is just talking SMTP to a remote server and only the
> size, i.e, the number of IP pkgs, differs; the content is anyway;

This kind of thing is often due to a mtu blackhole - when a larger
email causes a full size IP packet to be sent. I don't see why PF
should make a difference though, IFAIK it's supposed to let ICMP through
when it's learned state on a tcp connection.

> I never used S/SA as flags in my rules, only S.=20

S/SA is correct, it mean look at SYN and ACK and match if only SYN is
set, S matches on SYN irrespective of whether ACK is set.

Want to link to this message? Use this URL: <>