From owner-freebsd-questions@FreeBSD.ORG Sat Nov 21 17:03:47 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 01A751065670 for ; Sat, 21 Nov 2009 17:03:47 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226]) by mx1.freebsd.org (Postfix) with ESMTP id 843FB8FC14 for ; Sat, 21 Nov 2009 17:03:46 +0000 (UTC) Received: by ewy26 with SMTP id 26so626860ewy.3 for ; Sat, 21 Nov 2009 09:03:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=fYlh17dX8FMERIrMUtgaqmUhvKSBTdHfT0HWYlF3+/A=; b=aPLQUaKVTWFCcUakXCW055cOC3GoJwoDBC7CjTgVUWQZSwgZhn6kiCI0NCi7dRmWEV 0o2+qp1KgLCAM6O5NgYdpOF8ovmT7v0eNfQQuPF02+CgzRg5V2GfEqM0mOcnfFlVd6hJ jridYND7v16wI9raxCTJV/Ryw7n++krkyi72M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=fvyoFVt9hOJdc2+bGL+QWPOMWIKb4D0sEWLx4WIM9WUj/4Ffr0M1Lg+OoamO/AsWTQ ceYJJadAHWxmjxCrFE1Ol8oAh/chmrMazyitpUYBxJekjlPeanJff2w7Saktzd7ISBZq ROcBiWbc5vYkmWzdWttuUtK307XjquU68LV80= Received: by 10.213.24.1 with SMTP id t1mr2706992ebb.64.1258823025157; Sat, 21 Nov 2009 09:03:45 -0800 (PST) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id 15sm830584ewy.8.2009.11.21.09.03.43 (version=SSLv3 cipher=RC4-MD5); Sat, 21 Nov 2009 09:03:44 -0800 (PST) Date: Sat, 21 Nov 2009 17:03:41 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20091121170341.2c1bf3cb@gumby.homeunix.com> In-Reply-To: <20091121152720.GA3878@current.Sisis.de> References: <6c51dbb10911210659t2e7b87dcg66d71544312d4172@mail.gmail.com> <20091121152720.GA3878@current.Sisis.de> X-Mailer: Claws Mail 3.7.2 (GTK+ 2.16.6; i386-portbld-freebsd7.2) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: sending mail with attachments always fail (FreeBSD/pf) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Nov 2009 17:03:47 -0000 On Sat, 21 Nov 2009 16:27:20 +0100 Matthias Apitz wrote: > El d=EDa Saturday, November 21, 2009 a las 08:59:12PM +0600, Victor > Lyapunov escribi=F3: >=20 > > Hi all, > >=20 > > I have production network with FreeBSD box acting as firewall. The > > problem emerge as soon as users send mail with attachments. (Sending > > mail without attachments always succeeds). Basically, when a user > > tries to send a message, only part of it transmitted before > > connection is interrupted and sending fails. The problem persists > > only when pf is enabled. >=20 > I think concerning TCP/IP there is no diff between a mail with or w/o > attachment, it is just talking SMTP to a remote server and only the > size, i.e, the number of IP pkgs, differs; the content is anyway; This kind of thing is often due to a mtu blackhole - when a larger email causes a full size IP packet to be sent. I don't see why PF should make a difference though, IFAIK it's supposed to let ICMP through when it's learned state on a tcp connection. > I never used S/SA as flags in my rules, only S.=20 S/SA is correct, it mean look at SYN and ACK and match if only SYN is set, S matches on SYN irrespective of whether ACK is set.