From owner-freebsd-questions@FreeBSD.ORG Fri Jan 25 13:54:18 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D02CE16A468 for ; Fri, 25 Jan 2008 13:54:18 +0000 (UTC) (envelope-from oskar-FreeBSD@eyb.de) Received: from beastie.eyb.de (beastie.eyb.de [85.214.103.56]) by mx1.freebsd.org (Postfix) with ESMTP id EB75313C455 for ; Fri, 25 Jan 2008 13:54:17 +0000 (UTC) (envelope-from oskar-FreeBSD@eyb.de) Received: from chuck.ath.cx (dslb-088-066-235-152.pools.arcor-ip.net [88.66.235.152]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by beastie.eyb.de (Postfix) with ESMTP id BE4088B799C for ; Fri, 25 Jan 2008 14:35:01 +0100 (CET) Received: from [10.0.0.3] (saturn.intra.eyb.de [10.0.0.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by chuck.ath.cx (Postfix) with ESMTP id F067F11850D5 for ; Fri, 25 Jan 2008 14:35:46 +0100 (CET) Message-ID: <4799E571.9020808@eyb.de> Date: Fri, 25 Jan 2008 14:34:41 +0100 From: Oskar Eyb User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: syncache_timer: Response timeout and other msgs, whats up? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jan 2008 13:54:18 -0000 Hello! I'm not sure if this is a issue belonging to -current, but maybe.. A remote MTA cannot deliver me any email. the admin gets the following errors: "retry time not reached for any host after a long failure period" and "retry timeout exceeded". After I cant find anything related to this server in my postfix log, I grep'ed for in /var/log/* and got the following hits: [...] dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (2) SYN|ACK dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (3) SYN|ACK dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; syncache_timer: Retransmits exhausted, giving up and removing syncache entry 85.214.42.62 is the other MTA, 172.16.0.2 is my jail. I use PF with rdr/nat on FreeBSD 7 RC4. in the daily security email I get dozens of messages like this, also to other tcp ports. default-values for: net.inet.tcp.syncache.rst_on_sock_fail: 1 net.inet.tcp.syncache.rexmtlimit: 3 net.inet.tcp.syncache.hashsize: 512 net.inet.tcp.syncache.count: 0 net.inet.tcp.syncache.cachelimit: 15360 net.inet.tcp.syncache.bucketlimit: 30 Can anybody help me out of this? Greets, Oskar +TCP: [58.182.131.11]:4216 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4216 to [172.16.0.2]:25 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4216 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4217 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4217 to [172.16.0.2]:25 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4217 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4218 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4218 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4219 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4219 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4220 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4220 to [172.16.0.2]:25 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4220 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4221 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4221 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4222 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4222 to [172.16.0.2]:25 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4222 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4223 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4223 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4224 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4224 to [172.16.0.2]:25 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4224 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4225 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4225 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4226 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4226 to [172.16.0.2]:25 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4226 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4227 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4227 to [172.16.0.2]:25 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4227 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4228 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4228 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4229 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4230 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4231 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4232 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4230 to [172.16.0.2]:25 tcpflags 0x18; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4231 to [172.16.0.2]:25 tcpflags 0x18; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4234 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4234 to [172.16.0.2]:25 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4234 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4235 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4235 to [172.16.0.2]:25 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4235 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4236 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4236 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [58.182.131.11]:4233 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [58.182.131.11]:4233 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [58.182.131.11]:4233 to [172.16.0.2]:25 tcpflags 0x18; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +Connection attempt to UDP 172.16.0.2:57897 from 85.214.103.56:53 +Connection attempt to UDP 172.16.0.2:60521 from 85.214.103.56:53 +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (2) SYN|ACK +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (3) SYN|ACK +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Retransmits exhausted, giving up and removing syncache entry +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (2) SYN|ACK +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (3) SYN|ACK +Connection attempt to UDP 85.214.103.56:57111 from 88.191.254.7:53 +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [83.40.210.36]:27836 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Retransmits exhausted, giving up and removing syncache entry +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (2) SYN|ACK +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (3) SYN|ACK +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Retransmits exhausted, giving up and removing syncache entry +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (2) SYN|ACK +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (3) SYN|ACK +TCP: [193.43.150.242]:60772 to [85.214.103.56]:22 tcpflags 0x2; tcp_input: Connection attempt to closed port +Connection attempt to UDP 172.16.0.2:59259 from 85.214.103.56:53 +Connection attempt to UDP 172.16.0.2:52025 from 85.214.103.56:53 +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: Retransmits exhausted, giving up and removing syncache entry +TCP: [64.237.204.59]:64347 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +Connection attempt to UDP 172.16.0.2:49575 from 85.214.103.56:53 +Connection attempt to UDP 172.16.0.2:49201 from 85.214.103.56:53 +Connection attempt to UDP 172.16.0.2:53140 from 85.214.103.56:53 +Connection attempt to UDP 172.16.0.2:60597 from 85.214.103.56:53 +TCP: [209.223.48.146]:36342 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +TCP: [189.132.247.46]:3006 to [172.16.0.2]:25 tcpflags 0x14; syncache_chkrst: Spurious RST with ACK, SYN or FIN flag set, segment ignored +TCP: [190.142.56.104]:1990 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [190.142.56.104]:1990 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [190.142.56.104]:2350 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [72.52.143.18]:38333 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +TCP: [65.19.179.9]:1973 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +TCP: [88.67.29.27]:62531 to [172.16.0.2]:25 tcpflags 0x18; tcp_do_segment: FIN_WAIT_2: Received 37 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [88.67.29.27]:62531 to [172.16.0.2]:25 tcpflags 0x11; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) +TCP: [195.4.92.9]:25 to [172.16.0.2]:57654 tcpflags 0x18; tcp_do_segment: FIN_WAIT_1: Received 69 bytes of data after socket was closed, sending RST and removing tcpcb +TCP: [213.133.109.71]:47054 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +TCP: [202.164.234.72]:3775 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +TCP: [207.217.120.84]:54387 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +TCP: [207.217.120.84]:54387 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +TCP: [220.226.52.141]:3655 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [220.226.52.141]:3655 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [220.226.52.141]:3655 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK +TCP: [220.226.52.141]:3655 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [217.255.195.182]:61347 to [172.16.0.2]:25 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored +TCP: [220.226.52.141]:4446 to [172.16.0.2]:25; syncache_timer: Response timeout, retransmitting (1) SYN|ACK +TCP: [220.226.52.141]:4446 to [172.16.0.2]:25 tcpflags 0x2; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK