Re: sending mail with attachments always fail (FreeBSD/pf)

From: Matthias Apitz <guru@xxxxxxxxxxx>
Date: Sat, 21 Nov 2009 16:27:20 +0100

El día Saturday, November 21, 2009 a las 08:59:12PM +0600, Victor Lyapunov escribió:

Hi all,

I have production network with FreeBSD box acting as firewall. The
problem emerge as soon as users send mail with attachments. (Sending
mail without attachments always succeeds). Basically, when a user
tries to send a message, only part of it transmitted before connection
is interrupted and sending fails. The problem persists only when pf is
enabled.

I think concerning TCP/IP there is no diff between a mail with or w/o
attachment, it is just talking SMTP to a remote server and only the
size, i.e, the number of IP pkgs, differs; the content is anyway;

My ruleset:
scrub in all fragment reassemble
block drop on em0 all
pass inet proto tcp from 192.168.0.0/24 to any port = smtp flags S/SA keep state
pass inet proto tcp from 192.168.0.0/24 to any port = pop3 flags S/SA keep state
pass inet proto tcp from 192.168.0.0/24 to any port = imap flags S/SA keep state
pass inet proto tcp from 192.168.0.0/24 to any port = smtps flags S/SA
keep state
pass inet proto tcp from 192.168.0.0/24 to any port = pop3s flags S/SA
keep state
pass proto udp from any to any port = domain keep state

I never used S/SA as flags in my rules, only S. More I can' see.
HIH (if not watch with some tcpdump(1) what's going on between the NIC
and the remote server).

matthias

--
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <guru@xxxxxxxxxxx> - w http://www.unixarea.de/
Vote NO to EU The Lisbon Treaty: http://www.no-means-no.eu
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: sending mail with attachments always fail (FreeBSD/pf)
  - From: RW

References:
- sending mail with attachments always fail (FreeBSD/pf)
  - From: Victor Lyapunov

Prev by Date: Re: GPUs on FBSD?
Next by Date: Re: Dump
Previous by thread: sending mail with attachments always fail (FreeBSD/pf)
Next by thread: Re: sending mail with attachments always fail (FreeBSD/pf)
Index(es):
- Date
- Thread

Relevant Pages

sending mail with attachments always fail (FreeBSD/pf)
... problem emerge as soon as users send mail with attachments. ... pass inet proto tcp from 192.168.0.0/24 to any port = smtp flags S/SA keep state ...
(freebsd-questions)
sshd in jail
... debug1: connect to address 84.3.27.205 port 5859: Connection refused ... block return-rst out log on $Ext proto tcp all ... block in log quick on $Ext inet proto tcp from any to any flags FUP/FUP ... pass in quick on $Ext inet proto tcp from any to any port $InServicesTCP flags S/SA keep state ...
(freebsd-questions)
Re: sshd in jail
... If I use the ssh -l user 10.0.0.40 ... debug1: connect to address 84.3.27.205 port 5859: Connection refused ... block in log quick on $Ext inet proto tcp from any to any flags FUP/FUP ... flags S/SA modulate state ...
(freebsd-questions)
Re: sshd in jail
... block in log quick on $Ext inet proto tcp from any to any flags FUP/FUP ... pass out quick on $Ext inet proto udp from any to any port $OutServicesUDP ... > flags S/SA modulate state ... $CVSupPorts flags S/SA modulate state ...
(freebsd-questions)
trouble with authpf
... #queue dflt bandwidth 5% cbq ... no rdr inet proto tcp from to any port smtp ... # redirect connections from spammers to spamd, ...
(freebsd-questions)