From owner-freebsd-net@freebsd.org Sun Nov 22 07:06:06 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2CA3347E95C for ; Sun, 22 Nov 2020 07:06:06 +0000 (UTC) (envelope-from 32w26XwkJA-ITEWGEPYFEKQEMP.GSQRIXJVIIFWH.SVK@trix.bounces.google.com) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4Cf1XY6lX5z4dvr for ; Sun, 22 Nov 2020 07:06:05 +0000 (UTC) (envelope-from 32w26XwkJA-ITEWGEPYFEKQEMP.GSQRIXJVIIFWH.SVK@trix.bounces.google.com) Received: by mailman.nyi.freebsd.org (Postfix) id E5EE547EA64; Sun, 22 Nov 2020 07:06:05 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E5ABF47EA63 for ; Sun, 22 Nov 2020 07:06:05 +0000 (UTC) (envelope-from 32w26XwkJA-ITEWGEPYFEKQEMP.GSQRIXJVIIFWH.SVK@trix.bounces.google.com) Received: from mail-vk1-xa48.google.com (mail-vk1-xa48.google.com [IPv6:2607:f8b0:4864:20::a48]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Cf1XX6DSyz4f85 for ; Sun, 22 Nov 2020 07:06:04 +0000 (UTC) (envelope-from 32w26XwkJA-ITEWGEPYFEKQEMP.GSQRIXJVIIFWH.SVK@trix.bounces.google.com) Received: by mail-vk1-xa48.google.com with SMTP id p199so6705632vkp.23 for ; Sat, 21 Nov 2020 23:06:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:message-id:date:subject:from:to; bh=m4kJCBc0xB2u7eawcpea0/bzmpaGfn8l6xjzIT9dVh8=; b=HCVguz8l+n5qxIowviJBNQAGeu8iil+Xk7YHrM4j05/g2Dk72oZ4dKOIKefD+4c3aL muXTWvVC8iL75O+QIU8KJaS5jkNMIp2u1sMQmYsjqMIU/kgdiMYNIh5/upP0FI4I0Gip Lmyt5Audn5bQo+lnER7Kn43MU9UrNqn2MEi6ucQW0muP80JzPdsG7Ag3Zf6lsyH5vzAq TVFt/MBBMIkOfnC1qa3cJijO/Bud6chjgYRhg0fj5hYBVzooj1BwS0W/HbaeRe47CeQM yTjP8bQZ0FLOG4eJP5BRbDbFdceor49RAmREtlqQ+JrrblcWapau/985EsOyxvi5cTve W3Aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:message-id:date:subject :from:to; bh=m4kJCBc0xB2u7eawcpea0/bzmpaGfn8l6xjzIT9dVh8=; b=U8hxy2jm9SgP0vY47dyT7hdtkSQgCpuXg/15gJFy8+hBPR4n7rkjEIyFjlZ2caLHJM YB/nKAMpibIkVfbZ66KDxceHBlhMWEVdpg0a/B+cwJpydtMHgYepzOa7Go0w6n/yaxrt TShgQESkD8eaDlOumE48H5Pg/WvRCMgKBC1c9AKq5vSNADLG1vwJ6TbJ/VJmuXwOIYOY rgMCTXuvRL7kjgLOGmg+aCeoQg0RHfDM6JoUwkwo8m6jbkLt/l8CvN6yVzk9ZAfqzhg7 S8OvsxZ+gnoMWU/m7auOHExKlsAUo1Eevry1JJdfHZqmLiSH1ONwV6XtJhjcpumFuf0u D0Kg== X-Gm-Message-State: AOAM532wfDAx2QMu4MKxRpE/Riyw1dZ8N0IF5PoHZ9gbvDOCoG197ZkU Wi41wee9GV7HGy3bs1hq/24I/eWMd4EiCIR8nCwz MIME-Version: 1.0 X-Received: by 2002:a67:f2c3:: with SMTP id a3mt15697961vsn.57.1606028763467; Sat, 21 Nov 2020 23:06:03 -0800 (PST) Reply-To: pascaluba@gmail.com X-No-Auto-Attachment: 1 Message-ID: <000000000000f2286e05b4acb5ef@google.com> Date: Sun, 22 Nov 2020 07:06:04 +0000 Subject: =?UTF-8?Q?Sehr_Beg=C3=BCnstigter?= From: pascaluba@gmail.com To: net@freebsd.org X-Rspamd-Queue-Id: 4Cf1XX6DSyz4f85 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=HCVguz8l; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of 32w26XwkJA-ITEWGEPYFEKQEMP.GSQRIXJVIIFWH.SVK@trix.bounces.google.com designates 2607:f8b0:4864:20::a48 as permitted sender) smtp.mailfrom=32w26XwkJA-ITEWGEPYFEKQEMP.GSQRIXJVIIFWH.SVK@trix.bounces.google.com X-Spamd-Result: default: False [0.40 / 15.00]; HAS_REPLYTO(0.00)[pascaluba@gmail.com]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_NONE(0.00)[]; URI_COUNT_ODD(1.00)[9]; DKIM_TRACE(0.00)[gmail.com:+]; MIME_BASE64_TEXT(0.10)[]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FORGED_SENDER(0.30)[pascaluba@gmail.com,32w26XwkJA-ITEWGEPYFEKQEMP.GSQRIXJVIIFWH.SVK@trix.bounces.google.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::a48:from]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[pascaluba@gmail.com,32w26XwkJA-ITEWGEPYFEKQEMP.GSQRIXJVIIFWH.SVK@trix.bounces.google.com]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; REPLYTO_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; FREEMAIL_REPLYTO(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[net@freebsd.org]; HTML_SHORT_LINK_IMG_2(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::a48:from:127.0.2.255]; NEURAL_SPAM_SHORT(1.00)[1.000]; FROM_NO_DN(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::a48:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[net] Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Nov 2020 07:06:06 -0000 SSd2ZSBpbnZpdGVkIHlvdSB0byBmaWxsIG91dCB0aGUgZm9sbG93aW5nIGZvcm06DQpVbnRpdGxl ZCBmb3JtDQoNClRvIGZpbGwgaXQgb3V0LCB2aXNpdDoNCmh0dHBzOi8vZG9jcy5nb29nbGUuY29t L2Zvcm1zL2QvZS8xRkFJcFFMU2VkTWxXQ2VoS2pJYndzOW9uc2M3OGRDN1gyNGlMZzNxUkd6VzBQ TzhTY0w0WTdrQS92aWV3Zm9ybT92Yz0wJmFtcDtjPTAmYW1wO3c9MSZhbXA7ZmxyPTAmYW1wO3Vz cD1tYWlsX2Zvcm1fbGluaw0KDQpTZWhyIEJlZ8O8bnN0aWd0ZXINCg0KSWNoIHNjaHJlaWJlIElo bmVuLCB1bSBTaWUgZGFyw7xiZXIgenUgaW5mb3JtaWVyZW4sIGRhc3MgSWhyIGxhbmcgZXJ3YXJ0 ZXRlciAgDQpFbnRzY2jDpGRpZ3VuZ3Nmb25kcyBpbiBIw7ZoZSB2b24gMi4wMDAuMDAwLDAwIEV1 cm8gZnJlaWdlZ2ViZW4gdW5kIGF1Y2ggIA0KZWluZXIgZsO8ciBTaWUgcHJvZ3JhbW1pZXJ0ZW4g R2VsZGF1dG9tYXRlbmthcnRlIGd1dGdlc2NocmllYmVuIHd1cmRlLCBkaWUgIA0KYW4gamVkZW0g R2VsZGF1dG9tYXRlbiB0w6RnbGljaCAzMDAwIEV1cm8gYWJoZWJ0ICkgSWhyZXIgV2FobCBpbiBq ZWRlbSBUZWlsICANCmRlciBXZWx0Lg0KDQpFcyB3aXJkIGRhaGVyIGVtcGZvaGxlbiwgc2ljaCBh biBEci4gTWljaGFlbCBEdWtlIHp1IHdlbmRlbiwgZGVyIHVuc2VyICANClZlcnRyZXRlciBpbiBk ZXIgUmVwdWJsaWsgQmVuaW4gaXN0LiBFciBoaWxmdCBJaG5lbiBiZWltIEVyaGFsdCBJaHJlciAg DQpHZWxkYXV0b21hdGVua2FydGUuIFVudGVuIGlzdCBzZWluZSBLb250YWt0YWRyZXNzZQ0KDQpB bnNwcmVjaHBhcnRuZXI6IE1pY2hhZWwgRHVrZQ0KRS1NYWlsOiBtaWtlZHVrZXNyQGdtYWlsLmNv bQ0KVGVsZWZvbjogKyAyMjktMzk2ODQ3ODkNCg0KU3RlbGxlbiBTaWUgc2ljaGVyLCBkYXNzIFNp ZSBpaG4gc29mb3J0IG1pdCBJaHJlbSB2b2xsc3TDpG5kaWdlbiBOYW1lbiwgIA0KSWhyZXIgUHJp dmF0LSBvZGVyIELDvHJvYWRyZXNzZSwgSWhyZXIgU3RhZHQsIElocmVtIExhbmQgdW5kIElocmVy ICANClRlbGVmb25udW1tZXIgenVyIMOcYmVycHLDvGZ1bmcga29udGFrdGllcmVuLCB1bSB6dSB2 ZXJtZWlkZW4sIGRhc3MgZGllc2UgYW4gIA0KZGllIGZhbHNjaGUgUGVyc29uIHdlaXRlcmdlZ2Vi ZW4gd2VyZGVuLiBJY2ggd2VyZGUgZGFyYXVmIHdhcnRlbiwgdm9uIElobmVuICANCnp1IGjDtnJl biwgd2VubiBTaWUgSWhyZSBHZWxkYXV0b21hdGVua2FydGUgZXJoYWx0ZW4uDQoNCkRhbmtlIHZp ZWxtYWxzLA0KSGVyciBLYXJsIFdlcm5lcg0KVmVyYmluZHVuZ3Niw7xybyBkZXIgVmVyZWludGVu IE5hdGlvbmVuDQpEaXJla3Rpb24gZsO8ciBpbnRlcm5hdGlvbmFsZSBaYWhsdW5nZW4NCg0KR29v Z2xlIEZvcm1zOiBDcmVhdGUgYW5kIGFuYWx5emUgc3VydmV5cy4NCg== From owner-freebsd-net@freebsd.org Sun Nov 22 13:37:51 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D6EBE468B32; Sun, 22 Nov 2020 13:37:51 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [91.121.41.56]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4CfBDb0f8bz3Fr8; Sun, 22 Nov 2020 13:37:50 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from [IPv6:2003:fb:4f0f:4a01:384c:e785:7e69:e5ee] (p200300Fb4f0F4A01384ce7857e69E5EE.dip0.t-ipconnect.de [IPv6:2003:fb:4f0f:4a01:384c:e785:7e69:e5ee]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 4CfBDN3cGJzFdH; Sun, 22 Nov 2020 14:37:40 +0100 (CET) From: Michael Grimm Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication Message-Id: Date: Sun, 22 Nov 2020 14:37:33 +0100 Cc: gnn@freebsd.org To: freebsd-net@freebsd.org, FreeBSD-STABLE Mailing List X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Rspamd-Queue-Id: 4CfBDb0f8bz3Fr8 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of trashcan@ellael.org has no SPF policy when checking 91.121.41.56) smtp.mailfrom=trashcan@ellael.org X-Spamd-Result: default: False [-1.41 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[ellael.org]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; SPAMHAUS_ZRD(0.00)[91.121.41.56:from:127.0.2.255]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RBL_DBL_DONT_QUERY_IPS(0.00)[91.121.41.56:from]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.81)[-0.813]; AUTH_NA(1.00)[]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16276, ipnet:91.121.0.0/16, country:FR]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-net,freebsd-stable] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Nov 2020 13:37:51 -0000 Hi, I am running 12.2-STABLE and VNET jails, one of which host a recent = Dovecot IMAP and a recent postfix SMTP server. Authentication is forced = via TLS/SSL for both services (ports 587 and 993). Setup is as follows: extIF0/pf/NAT <=E2=80=94> epairXa (bridge0) epairXb <-> jail A recent upgrade broke mailing of IMAP clients running at macOS 10.14.6 = (Mojave) und AVM's push service (Fritzbox), but *not* for IMAP clients = running at macOS 10.15.7 (Catalina). Strange. Findings at macOS 10.14.6 (examplified for IMAP): 1) mac$ nc -4vw 1 mail.xyz.zzz 993 found 0 associations found 1 connections: 1: flags=3D82 outif en0 src 1.2.3.4 port 49583 dst 11.22.33.44 port 993 rank info not available TCP aux info available Connection to mail.xyz.zzz port 993 [tcp/imaps] succeeded! 2) mac$ openssl s_client -crlf -connect mail.xyz.zzz:993 -debug CONNECTED(00000005) write to 0x7fa32ef01ae0 [0x7fa33080a803] (200 bytes =3D> 200 = (0xC8)) 0000 - 16 03 01 00 c3 01 00 00-bf 03 03 32 f7 fe fa b4 = ...........2....=20 0010 - e8 9a 60 38 ef 34 99 70-84 ce dc 1a 08 b8 76 90 = ..`8.4.p=E2=80=A6=E2=80=A6v. 0020 - 19 8c 81 f4 a6 37 19 37-09 70 6f 00 00 60 c0 30 = .....7.7.po..`.0 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 9f 00 6b 00 39 = .,.(.$.......k.9 0040 - cc a9 cc a8 cc aa ff 85-00 c4 00 88 00 81 00 9d = =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6. 0050 - 00 3d 00 35 00 c0 00 84-c0 2f c0 2b c0 27 c0 23 = .=3D.5...../.+.'.# 0060 - c0 13 c0 09 00 9e 00 67-00 33 00 be 00 45 00 9c = .......g.3...E.. 0070 - 00 3c 00 2f 00 ba 00 41-c0 11 c0 07 00 05 00 04 = .<./...A=E2=80=A6=E2=80=A6.. 0080 - c0 12 c0 08 00 16 00 0a-00 15 00 09 00 ff 01 00 = =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6. 0090 - 00 36 00 0b 00 02 01 00-00 0a 00 08 00 06 00 1d = .6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6.. 00a0 - 00 17 00 18 00 23 00 00-00 0d 00 1c 00 1a 06 01 = .....#=E2=80=A6=E2=80=A6=E2=80=A6. 00b0 - 06 03 ef ef 05 01 05 03-04 01 04 03 ee ee ed ed = =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6. 00c0 - 03 01 03 03 02 01 02 03- = ........ hanging at that stage forever=20 (and client complaining of its inability to authenticate and = reports timeout after 60 seconds) I did identify commit 367740 being responsible for that: mike> svn up -r 367740 Updating '.': U sys/netinet/ip_fastfwd.c U sys/netinet/ip_input.c U sys/netinet/ip_var.h U . Updated to revision 367740. Any Ideas, especially why clients at different OS behave different? FYI: I do have no access to AVM's push service, and very limited access = to the macOS 10.14.6 computer. Thanks in advance and with kind regards, Michael P.S. How may I update a local svn copy and simultaneously omit commit = 367740 from being applied, or how may I revert commit 367740, only?