From owner-freebsd-net Wed Dec 4 7:12:11 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B69C37B401 for ; Wed, 4 Dec 2002 07:12:10 -0800 (PST) Received: from skynet.stack.nl (skynet.stack.nl [131.155.140.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF83B43EA9 for ; Wed, 4 Dec 2002 07:12:09 -0800 (PST) (envelope-from dean@dragon.stack.nl) Received: by skynet.stack.nl (Postfix, from userid 65534) id 5DAE74018; Wed, 4 Dec 2002 16:14:12 +0100 (CET) Received: from dragon.stack.nl (dragon.stack.nl [2001:610:1108:5011:207:e9ff:fe09:230]) by skynet.stack.nl (Postfix) with ESMTP id 5E9CA4012; Wed, 4 Dec 2002 16:14:06 +0100 (CET) Received: by dragon.stack.nl (Postfix, from userid 1600) id 22D4C9895; Wed, 4 Dec 2002 16:12:02 +0100 (CET) Date: Wed, 4 Dec 2002 16:12:02 +0100 From: Dean Strik To: Markus Stumpf Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD <-> PIX IP comm problem - no ACK received Message-ID: <20021204151201.GA98370@dragon.stack.nl> References: <20021204160439.A66263@Space.Net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021204160439.A66263@Space.Net> X-Editor: VIM Rulez! http://www.vim.org/ X-MUD: Outerspace - telnet://mud.stack.nl:3333 X-Really: Yes User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-3.3 required=8.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, SIGNATURE_SHORT_DENSE,SPAM_PHRASE_00_01,USER_AGENT, USER_AGENT_MUTT version=2.43 X-Spam-Level: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Markus Stumpf wrote: > Problem: > I have an email message that is 3374 Bytes. It should be sent via SMTP > to another server that is behind a PIX Firewall. > The communiction gets tricky at the end of the message, because instead of > CR LF "." CR LF > packet N contains > data CR LF "." CR > and the following packet would only contain > LF > so far so good, but the problem is > a) the PIX does never ACK packet N > b) packet N+1 never gets out despite the fact that it could be sent > according to the window size. This is a known problem with PIXes. The solution is to either disable the PIX SMTP firewall or to upgrade the OS to at least 5.2(4) or 6.0(1). Indeed this only happens if the '.' is in one packet and the CR/LF in the next. I think Postfix has a workaround for this; don't know about other software. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message