Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 21 Nov 2009 13:27:08 -0500
From:      Michael Proto <mike@jellydonut.org>
To:        Victor Lyapunov <fullblaststorm@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: sending mail with attachments always fails (FreeBSD/pf)
Message-ID:  <1de79840911211027mbc0e731l565817f678db128e@mail.gmail.com>
In-Reply-To: <1de79840911211023n165ecbd0h1051aaada4acefb@mail.gmail.com>
References:  <6c51dbb10911210706g3490e463x7fdf3809243e30d2@mail.gmail.com> <4B082302.3040704@gmx.de> <6c51dbb10911211007x4ea07528y7642460629788903@mail.gmail.com> <1de79840911211023n165ecbd0h1051aaada4acefb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Nov 21, 2009 at 1:23 PM, Michael Proto <mike@jellydonut.org> wrote:
> On Sat, Nov 21, 2009 at 1:07 PM, Victor Lyapunov
> <fullblaststorm@gmail.com> wrote:
>
>> rule 4/0(match): pass out on em0: (tos 0x0, ttl 127, id 19860, offset
>> 0, flags [DF], proto TCP (6), length 48) 192.168.0.5.1822 >
>> 209.85.129.111.465: =A0tcp 28 [bad hdr length 0 - too short, < 20]
>
> This looks to be your problem-- bad hdr length 0. I don't know enough
> of what mailer(s) you're using to relay this message outbound, but
> since port 465 is smtp over TLS/SSL are you sure your smtp encryption
> is working correctly? I often see these types of errors with other
> TLS/SSL apps when one side is expecting an encrypted connection and
> the other is not (correctly) providing it.
>
> Have you tried using unencrypted smtp on port 25? Does that work?
>

Er... wait, I just re-read that you said things work fine with pf
disabled, so my theory about bad encryption probably isn't very
accurate. Are you still using a scrub rule? Have you tried disabling
it? If pf is seeing a "bad hdr length" error it might be dropping the
packet due to scrubbing. Of course, this could also mean that TSO is
enabled on your ethernet interface and bpf just isn't seeing the tcp
header at all, so my whole theory might be moot.


-Proto

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1de79840911211027mbc0e731l565817f678db128e>