From owner-freebsd-questions@FreeBSD.ORG Sat Nov 21 14:59:14 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A2ED106566C for ; Sat, 21 Nov 2009 14:59:14 +0000 (UTC) (envelope-from fullblaststorm@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.156]) by mx1.freebsd.org (Postfix) with ESMTP id CBAC08FC19 for ; Sat, 21 Nov 2009 14:59:13 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id d23so1741100fga.13 for ; Sat, 21 Nov 2009 06:59:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=52bhV8a87W9T1B0p2O5QKHzvuek2XknjNWey1aoE7ZI=; b=fMWFdV8Z4KsNV26+Gy5iPXahc7vaFYcnbkRRK/w8HCmybhyDgUSI7yESLx5Gg3xUkI wtUmdivOhu/6wdGwmdGWo9af7Pgdr4khmocH7CkYGi5iNKe8lKmjkxN0KA2xArykA+in 44ArvHIwrHpo0cvyz5Wxv49R8s22GvmNCdP5U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=dxc0Trp1GfImSqMzRaJEIZ+1f7QB+6ujh0WFCXAoY55Ja+qA61TOtZJ062nMFTkpnD MVa7DwHIov8w1K27zRey2bH2KpX6xiXRsipVShot3ZSgl8FGxhNkxxeKnQSEvjX8MNs9 HFK4YlGmry8PS0kDl+lJ1uOiaYzrfYNjebnDc= MIME-Version: 1.0 Received: by 10.239.145.144 with SMTP id s16mr269589hba.145.1258815552372; Sat, 21 Nov 2009 06:59:12 -0800 (PST) Date: Sat, 21 Nov 2009 20:59:12 +0600 Message-ID: <6c51dbb10911210659t2e7b87dcg66d71544312d4172@mail.gmail.com> From: Victor Lyapunov To: FreeBSD Mailing List Content-Type: text/plain; charset=ISO-8859-1 Subject: sending mail with attachments always fail (FreeBSD/pf) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Nov 2009 14:59:14 -0000 Hi all, I have production network with FreeBSD box acting as firewall. The problem emerge as soon as users send mail with attachments. (Sending mail without attachments always succeeds). Basically, when a user tries to send a message, only part of it transmitted before connection is interrupted and sending fails. The problem persists only when pf is enabled. My ruleset: scrub in all fragment reassemble block drop on em0 all pass inet proto tcp from 192.168.0.0/24 to any port = smtp flags S/SA keep state pass inet proto tcp from 192.168.0.0/24 to any port = pop3 flags S/SA keep state pass inet proto tcp from 192.168.0.0/24 to any port = imap flags S/SA keep state pass inet proto tcp from 192.168.0.0/24 to any port = smtps flags S/SA keep state pass inet proto tcp from 192.168.0.0/24 to any port = pop3s flags S/SA keep state pass proto udp from any to any port = domain keep state This is what i get from pfctl -si just after #/etc/rc.d/pf start # pfctl -si Status: Enabled for 0 days 00:00:09 Debug: Urgent State Table Total Rate current entries 0 searches 0 0.0/s inserts 0 0.0/s removals 0 0.0/s Counters match 0 0.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 0 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s After I try to send some mail with attachments a couple of times(which always fail), i get this from pfctl -si: Status: Enabled for 0 days 00:02:58 Debug: Urgent State Table Total Rate current entries 48 searches 1313 7.4/s inserts 131 0.7/s removals 83 0.5/s Counters match 152 0.9/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 22 0.1/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s Any suggestions/ideas would be appreciated, Best regards, Victor FreeBSD router 7.2-RELEASE FreeBSD 7.2-RELEASE #4: Sun May 3 23:29:04 2009 root@router:/usr/obj/usr/src/sys/GENERIC i386