Date: Sat, 21 Nov 2009 13:27:08 -0500 From: Michael Proto <mike@jellydonut.org> To: Victor Lyapunov <fullblaststorm@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: sending mail with attachments always fails (FreeBSD/pf) Message-ID: <1de79840911211027mbc0e731l565817f678db128e@mail.gmail.com> In-Reply-To: <1de79840911211023n165ecbd0h1051aaada4acefb@mail.gmail.com> References: <6c51dbb10911210706g3490e463x7fdf3809243e30d2@mail.gmail.com> <4B082302.3040704@gmx.de> <6c51dbb10911211007x4ea07528y7642460629788903@mail.gmail.com> <1de79840911211023n165ecbd0h1051aaada4acefb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Nov 21, 2009 at 1:23 PM, Michael Proto <mike@jellydonut.org> wrote: > On Sat, Nov 21, 2009 at 1:07 PM, Victor Lyapunov > <fullblaststorm@gmail.com> wrote: > >> rule 4/0(match): pass out on em0: (tos 0x0, ttl 127, id 19860, offset >> 0, flags [DF], proto TCP (6), length 48) 192.168.0.5.1822 > >> 209.85.129.111.465: =A0tcp 28 [bad hdr length 0 - too short, < 20] > > This looks to be your problem-- bad hdr length 0. I don't know enough > of what mailer(s) you're using to relay this message outbound, but > since port 465 is smtp over TLS/SSL are you sure your smtp encryption > is working correctly? I often see these types of errors with other > TLS/SSL apps when one side is expecting an encrypted connection and > the other is not (correctly) providing it. > > Have you tried using unencrypted smtp on port 25? Does that work? > Er... wait, I just re-read that you said things work fine with pf disabled, so my theory about bad encryption probably isn't very accurate. Are you still using a scrub rule? Have you tried disabling it? If pf is seeing a "bad hdr length" error it might be dropping the packet due to scrubbing. Of course, this could also mean that TSO is enabled on your ethernet interface and bpf just isn't seeing the tcp header at all, so my whole theory might be moot. -Proto
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1de79840911211027mbc0e731l565817f678db128e>