Date: Tue, 1 Dec 2020 14:07:42 +0100 From: Michael Grimm <trashcan@ellael.org> To: freebsd-net@freebsd.org, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Cc: gnn@freebsd.org Subject: [SOLVED] 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication Message-ID: <73D64582-2478-4F3B-9A19-29A30995FE11@ellael.org> In-Reply-To: <ECBD295C-00D6-4897-A49D-4B2049F2C132@ellael.org> References: <ECBD295C-00D6-4897-A49D-4B2049F2C132@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I finally managed to solve this issue: the MTU of all bridged network = interfaces had to be reduced from 1500 down to 1490. (The external = interface was on 1490 already.) I still don't understand why these patches of commit 367740 could cause = this, and I do not have the knowledge to understand it. Anyway, I just wanted to let you know. Regards, Michael > On 22. Nov 2020, at 14:37, Michael Grimm <trashcan@ellael.org> wrote: >=20 > Hi, >=20 > I am running 12.2-STABLE and VNET jails, one of which host a recent = Dovecot IMAP and a recent postfix SMTP server. Authentication is forced = via TLS/SSL for both services (ports 587 and 993). Setup is as follows: >=20 > extIF0/pf/NAT <=E2=80=94> epairXa (bridge0) epairXb <-> jail >=20 > A recent upgrade broke mailing of IMAP clients running at macOS = 10.14.6 (Mojave) und AVM's push service (Fritzbox), but *not* for IMAP = clients running at macOS 10.15.7 (Catalina). Strange. >=20 > Findings at macOS 10.14.6 (examplified for IMAP): >=20 > 1) mac$ nc -4vw 1 mail.xyz.zzz 993 > found 0 associations > found 1 connections: > 1: flags=3D82<CONNECTED,PREFERRED> > outif en0 > src 1.2.3.4 port 49583 > dst 11.22.33.44 port 993 > rank info not available > TCP aux info available >=20 > Connection to mail.xyz.zzz port 993 [tcp/imaps] succeeded! >=20 > 2) mac$ openssl s_client -crlf -connect mail.xyz.zzz:993 -debug > CONNECTED(00000005) > write to 0x7fa32ef01ae0 [0x7fa33080a803] (200 bytes =3D> 200 = (0xC8)) > 0000 - 16 03 01 00 c3 01 00 00-bf 03 03 32 f7 fe fa b4 = ...........2....=20 > 0010 - e8 9a 60 38 ef 34 99 70-84 ce dc 1a 08 b8 76 90 = ..`8.4.p=E2=80=A6=E2=80=A6v. > 0020 - 19 8c 81 f4 a6 37 19 37-09 70 6f 00 00 60 c0 30 = .....7.7.po..`.0 > 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 9f 00 6b 00 39 = .,.(.$.......k.9 > 0040 - cc a9 cc a8 cc aa ff 85-00 c4 00 88 00 81 00 9d = =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6. > 0050 - 00 3d 00 35 00 c0 00 84-c0 2f c0 2b c0 27 c0 23 = .=3D.5...../.+.'.# > 0060 - c0 13 c0 09 00 9e 00 67-00 33 00 be 00 45 00 9c = .......g.3...E.. > 0070 - 00 3c 00 2f 00 ba 00 41-c0 11 c0 07 00 05 00 04 = .<./...A=E2=80=A6=E2=80=A6.. > 0080 - c0 12 c0 08 00 16 00 0a-00 15 00 09 00 ff 01 00 = =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6. > 0090 - 00 36 00 0b 00 02 01 00-00 0a 00 08 00 06 00 1d = .6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6.. > 00a0 - 00 17 00 18 00 23 00 00-00 0d 00 1c 00 1a 06 01 = .....#=E2=80=A6=E2=80=A6=E2=80=A6. > 00b0 - 06 03 ef ef 05 01 05 03-04 01 04 03 ee ee ed ed = =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6. > 00c0 - 03 01 03 03 02 01 02 03- = ........ >=20 > hanging at that stage forever=20 > (and client complaining of its inability to authenticate and = reports timeout after 60 seconds) >=20 >=20 > I did identify commit 367740 being responsible for that: >=20 > mike> svn up -r 367740 > Updating '.': > U sys/netinet/ip_fastfwd.c > U sys/netinet/ip_input.c > U sys/netinet/ip_var.h > U . > Updated to revision 367740. >=20 >=20 > Any Ideas, especially why clients at different OS behave different? >=20 > FYI: I do have no access to AVM's push service, and very limited = access to the macOS 10.14.6 computer. >=20 > Thanks in advance and with kind regards, > Michael >=20 > P.S. How may I update a local svn copy and simultaneously omit commit = 367740 from being applied, or how may I revert commit 367740, only? >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?73D64582-2478-4F3B-9A19-29A30995FE11>