From owner-freebsd-net@FreeBSD.ORG Sun Feb 3 09:26:20 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8EE2916A418 for ; Sun, 3 Feb 2008 09:26:20 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 0588613C4E1 for ; Sun, 3 Feb 2008 09:26:19 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 82801 invoked from network); 3 Feb 2008 08:45:43 -0000 Received: from localhost (HELO [127.0.0.1]) ([127.0.0.1]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 3 Feb 2008 08:45:43 -0000 Message-ID: <47A588C3.4000806@freebsd.org> Date: Sun, 03 Feb 2008 10:26:27 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.14 (Windows/20071210) MIME-Version: 1.0 To: Oskar Eyb References: <47A4E868.7000500@eyb.de> In-Reply-To: <47A4E868.7000500@eyb.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: syncache_timer: Response timeout and other msgs, whats up? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Feb 2008 09:26:20 -0000 Oskar Eyb wrote: > Hello! > > A remote MTA cannot deliver me any email. the admin gets the following > errors: > > "retry time not reached for any host after a long failure period" > and "retry timeout exceeded". > > After I cant find anything related to this server in my postfix log, I > grep'ed for in /var/log/* and got the following hits: > > [...] > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25 tcpflags > 0x2; syncache_add: Received duplicate SYN, resetting timer and > retransmitting SYN|ACK > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; > syncache_timer: Response timeout, retransmitting (1) SYN|ACK > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; > syncache_timer: Response timeout, retransmitting (2) SYN|ACK > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; > syncache_timer: Response timeout, retransmitting (3) SYN|ACK > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; > syncache_timer: Retransmits exhausted, giving up and removing syncache > entry > > 85.214.42.62 is the other MTA, 172.16.0.2 is my jail. > I use PF with rdr/nat on FreeBSD 7 RC4. We have not released 7RC4 yet. You probably run BETA4. An upgrade to 7RC1 or 7RC2 in the next few days fixes all known TCP bugs. Other than that it looks like your PF rule set may be not entirely correct. Please post your pf.conf. -- Andre > in the daily security email I get dozens of messages like this, also to > other tcp ports (e.g. 80) > > default-values for: > net.inet.tcp.syncache.rst_on_sock_fail: 1 > net.inet.tcp.syncache.rexmtlimit: 3 > net.inet.tcp.syncache.hashsize: 512 > net.inet.tcp.syncache.count: 0 > net.inet.tcp.syncache.cachelimit: 15360 > net.inet.tcp.syncache.bucketlimit: 30 > > > Can anybody help me out of this?