Date: Wed, 03 Sep 2008 09:28:38 -0400 From: Mike Tancsa <mike@sentex.net> To: freebsd-net@freebsd.org Subject: Re: strange TCP issue on RELENG_7 Message-ID: <200809031328.m83DSkfE058566@lava.sentex.ca> In-Reply-To: <7.1.0.9.0.20080822120541.1122fba0@sentex.net> References: <7.1.0.9.0.20080822120541.1122fba0@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:19 PM 8/22/2008, Mike Tancsa wrote:
>On one of our sendmail boxes that we are running RELENG_7, we have
>noticed an odd issue triggered or noticed by our monitoring system
>(bigbrother in this case). The seems to have been happening ever
>since we installed it, so its not a recent commit issue.
Just following up, I am still seeing this issue on a recent stable
from sept 2. (a sendmail box periodically sending an RST after
successful 3way handshake)
Monitoring host - 199.212.134.2, smtp host 199.212.134.9
From the sendmail host I see
08:19:32.780772 IP 199.212.134.2.64679 > 199.212.134.9.25: S
3568082086:3568082086(0) win 65535 <mss 1460,nop,wscale
3,sackOK,timestamp 1692532073 0>
08:19:32.780793 IP 199.212.134.9.25 > 199.212.134.2.64679: S
901330786:901330786(0) ack 3568082087 win 65535 <mss 1460,nop,wscale
3,sackOK,timestamp 1026686506 1692532073>
08:19:32.781325 IP 199.212.134.2.64679 > 199.212.134.9.25: . ack 1
win 8326 <nop,nop,timestamp 1692532074 1026686506>
08:19:32.781332 IP 199.212.134.9.25 > 199.212.134.2.64679: R
901330787:901330787(0) win 0
08:19:32.781334 IP 199.212.134.2.64679 > 199.212.134.9.25: P 1:7(6)
ack 1 win 8326 <nop,nop,timestamp 1692532074 1026686506>
08:19:32.781341 IP 199.212.134.9.25 > 199.212.134.2.64679: R
901330787:901330787(0) win 0
From the monitoring host
08:19:32.777919 IP 199.212.134.2.64679 > 199.212.134.9.25: S
3568082086:3568082086(0) win 65535 <mss 1460,nop,wscale
3,sackOK,timestamp 1692532073 0>
08:19:32.778448 IP 199.212.134.9.25 > 199.212.134.2.64679: S
901330786:901330786(0) ack 3568082087 win 65535 <mss 1460,nop,wscale
3,sackOK,timestamp 1026686506 1692532073>
08:19:32.778470 IP 199.212.134.2.64679 > 199.212.134.9.25: . ack 1
win 8326 <nop,nop,timestamp 1692532074 1026686506>
08:19:32.778479 IP 199.212.134.2.64679 > 199.212.134.9.25: P 1:7(6)
ack 1 win 8326 <nop,nop,timestamp 1692532074 1026686506>
08:19:32.778942 IP 199.212.134.9.25 > 199.212.134.2.64679: R
901330787:901330787(0) win 0
08:19:32.778951 IP 199.212.134.9.25 > 199.212.134.2.64679: R
901330787:901330787(0) win 0
There is no record of the connection in sendmail itself either and I
have the LogLevel set to 11. On a normal connection from the
monitoring host, I would see
something like
Sep 3 08:59:32 smtp2 sm-mta[14042]: NOQUEUE: connect from
ns2.sentex.ca [199.212.134.2]
Sep 3 08:59:32 smtp2 sm-mta[14042]: m83CxWHh014042: Milter
(milter-ahead): init success to negotiate
Sep 3 08:59:32 smtp2 sm-mta[14042]: m83CxWHh014042: Milter (clamav):
init success to negotiate
Sep 3 08:59:32 smtp2 sm-mta[14042]: m83CxWHh014042: Milter: connect to filters
Sep 3 08:59:32 smtp2 sm-mta[14042]: m83CxWHh014042: ns2.sentex.ca
[199.212.134.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
I tried running without pf (or any firewall) as well as disabling
syncache but the problem would still happen (again, once or twice a
day, sometimes once every 2 days). Does anyone have any other
suggestions as to how to track down this issue ? I am a bit
reluctant to move my other sendmail severs to RELENG_7 if the
monitoring system is going to be tripping false positives like this.
I am just running tcpdump on the main interface now to get a sense of
how many times this is happening with connections in general and
comparing it to the RELENG_6 boxes.
---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809031328.m83DSkfE058566>