Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 03 Feb 2008 10:26:27 +0100
From:      Andre Oppermann <andre@freebsd.org>
To:        Oskar Eyb <oskar-FreeBSD@eyb.de>
Cc:        freebsd-net@freebsd.org
Subject:   Re: syncache_timer: Response timeout and other msgs, whats up?
Message-ID:  <47A588C3.4000806@freebsd.org>
In-Reply-To: <47A4E868.7000500@eyb.de>
References:  <47A4E868.7000500@eyb.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
Oskar Eyb wrote:
> Hello!
> 
> A remote MTA cannot deliver me any email. the admin gets the following
> errors:
> 
> "retry time not reached for any host after a long failure period"
> and "retry timeout exceeded".
> 
> After I cant find anything related to this server in my postfix log, I
> grep'ed for <ip> in /var/log/* and got the following hits:
> 
> [...]
> dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25 tcpflags
> 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and
> retransmitting SYN|ACK
> dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25;
> syncache_timer: Response timeout, retransmitting (1) SYN|ACK
> dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25;
> syncache_timer: Response timeout, retransmitting (2) SYN|ACK
> dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25;
> syncache_timer: Response timeout, retransmitting (3) SYN|ACK
> dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25;
> syncache_timer: Retransmits exhausted, giving up and removing syncache 
> entry
> 
> 85.214.42.62 is the other MTA, 172.16.0.2 is my jail.
> I use PF with rdr/nat on FreeBSD 7 RC4.

We have not released 7RC4 yet.  You probably run BETA4.  An upgrade to
7RC1 or 7RC2 in the next few days fixes all known TCP bugs.

Other than that it looks like your PF rule set may be not entirely
correct.  Please post your pf.conf.

-- 
Andre

> in the daily security email I get dozens of messages like this, also to
> other tcp ports (e.g. 80)
> 
> default-values for:
> net.inet.tcp.syncache.rst_on_sock_fail: 1
> net.inet.tcp.syncache.rexmtlimit: 3
> net.inet.tcp.syncache.hashsize: 512
> net.inet.tcp.syncache.count: 0
> net.inet.tcp.syncache.cachelimit: 15360
> net.inet.tcp.syncache.bucketlimit: 30
> 
> 
> Can anybody help me out of this?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47A588C3.4000806>