Date: Sat, 21 Nov 2009 18:27:30 +0100 From: olli hauer <ohauer@gmx.de> To: Victor Lyapunov <fullblaststorm@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: sending mail with attachments always fails (FreeBSD/pf) Message-ID: <4B082302.3040704@gmx.de> In-Reply-To: <6c51dbb10911210706g3490e463x7fdf3809243e30d2@mail.gmail.com> References: <6c51dbb10911210706g3490e463x7fdf3809243e30d2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Victor Lyapunov wrote: > Hi all, > > I have production network with FreeBSD box acting as firewall. The > problem emerge as soon as users send mail with attachments. (Sending > mail without attachments always succeeds). Basically, when a user > tries to send a message, only part of it transmitted before connection > is interrupted and sending fails. The problem persists only when pf is > enabled. > > My ruleset: > scrub in all fragment reassemble > block drop on em0 all > pass inet proto tcp from 192.168.0.0/24 to any port = smtp flags S/SA keep state > pass inet proto tcp from 192.168.0.0/24 to any port = pop3 flags S/SA keep state > pass inet proto tcp from 192.168.0.0/24 to any port = imap flags S/SA keep state > pass inet proto tcp from 192.168.0.0/24 to any port = smtps flags S/SA > keep state > pass inet proto tcp from 192.168.0.0/24 to any port = pop3s flags S/SA > keep state > pass proto udp from any to any port = domain keep state > [...] Is this only for client submitting (imap) or even for incoming mails from outside via smtp? What about outgoing traffic from the machine? Try the following in pf.conf to see why this happens set loginterface pflog0 set block-policy drop set skip on lo0 block drop in log on em0 all pass out log on em0 all Now use tcpdump to see which rule drops the traffic #> tcpdump -net -i pflog0 -- olli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B082302.3040704>