Date: Sat, 21 Nov 2009 20:59:12 +0600 From: Victor Lyapunov <fullblaststorm@gmail.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: sending mail with attachments always fail (FreeBSD/pf) Message-ID: <6c51dbb10911210659t2e7b87dcg66d71544312d4172@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I have production network with FreeBSD box acting as firewall. The problem emerge as soon as users send mail with attachments. (Sending mail without attachments always succeeds). Basically, when a user tries to send a message, only part of it transmitted before connection is interrupted and sending fails. The problem persists only when pf is enabled. My ruleset: scrub in all fragment reassemble block drop on em0 all pass inet proto tcp from 192.168.0.0/24 to any port = smtp flags S/SA keep state pass inet proto tcp from 192.168.0.0/24 to any port = pop3 flags S/SA keep state pass inet proto tcp from 192.168.0.0/24 to any port = imap flags S/SA keep state pass inet proto tcp from 192.168.0.0/24 to any port = smtps flags S/SA keep state pass inet proto tcp from 192.168.0.0/24 to any port = pop3s flags S/SA keep state pass proto udp from any to any port = domain keep state This is what i get from pfctl -si just after #/etc/rc.d/pf start # pfctl -si Status: Enabled for 0 days 00:00:09 Debug: Urgent State Table Total Rate current entries 0 searches 0 0.0/s inserts 0 0.0/s removals 0 0.0/s Counters match 0 0.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 0 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s After I try to send some mail with attachments a couple of times(which always fail), i get this from pfctl -si: Status: Enabled for 0 days 00:02:58 Debug: Urgent State Table Total Rate current entries 48 searches 1313 7.4/s inserts 131 0.7/s removals 83 0.5/s Counters match 152 0.9/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 22 0.1/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s Any suggestions/ideas would be appreciated, Best regards, Victor FreeBSD router 7.2-RELEASE FreeBSD 7.2-RELEASE #4: Sun May 3 23:29:04 2009 root@router:/usr/obj/usr/src/sys/GENERIC i386
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6c51dbb10911210659t2e7b87dcg66d71544312d4172>