From owner-freebsd-net@FreeBSD.ORG  Wed Sep  3 13:28:53 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0F990106566C
	for <freebsd-net@freebsd.org>; Wed,  3 Sep 2008 13:28:53 +0000 (UTC)
	(envelope-from mike@sentex.net)
Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [64.7.153.18])
	by mx1.freebsd.org (Postfix) with ESMTP id C21818FC15
	for <freebsd-net@freebsd.org>; Wed,  3 Sep 2008 13:28:52 +0000 (UTC)
	(envelope-from mike@sentex.net)
Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18])
	by smarthost1.sentex.ca (8.14.2/8.14.2) with ESMTP id m83DSkIO015670
	for <freebsd-net@freebsd.org>; Wed, 3 Sep 2008 09:28:47 -0400 (EDT)
	(envelope-from mike@sentex.net)
Received: from mdt-xp.sentex.net (simeon.sentex.ca [192.168.43.27])
	by lava.sentex.ca (8.13.8/8.13.3) with ESMTP id m83DSkfE058566
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-net@freebsd.org>; Wed, 3 Sep 2008 09:28:46 -0400 (EDT)
	(envelope-from mike@sentex.net)
Message-Id: <200809031328.m83DSkfE058566@lava.sentex.ca>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Wed, 03 Sep 2008 09:28:38 -0400
To: freebsd-net@freebsd.org
From: Mike Tancsa <mike@sentex.net>
In-Reply-To: <7.1.0.9.0.20080822120541.1122fba0@sentex.net>
References: <7.1.0.9.0.20080822120541.1122fba0@sentex.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Scanned-By: MIMEDefang 2.64 on 64.7.153.18
Subject: Re: strange TCP issue on RELENG_7 
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Sep 2008 13:28:53 -0000

At 01:19 PM 8/22/2008, Mike Tancsa wrote:
>On one of our sendmail boxes that we are running RELENG_7, we have 
>noticed an odd issue triggered or noticed by our monitoring system 
>(bigbrother in this case).  The seems to have been happening ever 
>since we installed it, so its not a recent commit issue.


Just following up, I am still seeing this issue on a recent stable 
from sept 2. (a sendmail box periodically sending an RST after 
successful 3way handshake)

Monitoring host - 199.212.134.2, smtp host 199.212.134.9

 From the sendmail host I see

08:19:32.780772 IP 199.212.134.2.64679 > 199.212.134.9.25: S 
3568082086:3568082086(0) win 65535 <mss 1460,nop,wscale 
3,sackOK,timestamp 1692532073 0>
08:19:32.780793 IP 199.212.134.9.25 > 199.212.134.2.64679: S 
901330786:901330786(0) ack 3568082087 win 65535 <mss 1460,nop,wscale 
3,sackOK,timestamp 1026686506 1692532073>
08:19:32.781325 IP 199.212.134.2.64679 > 199.212.134.9.25: . ack 1 
win 8326 <nop,nop,timestamp 1692532074 1026686506>
08:19:32.781332 IP 199.212.134.9.25 > 199.212.134.2.64679: R 
901330787:901330787(0) win 0
08:19:32.781334 IP 199.212.134.2.64679 > 199.212.134.9.25: P 1:7(6) 
ack 1 win 8326 <nop,nop,timestamp 1692532074 1026686506>
08:19:32.781341 IP 199.212.134.9.25 > 199.212.134.2.64679: R 
901330787:901330787(0) win 0

 From the monitoring host

08:19:32.777919 IP 199.212.134.2.64679 > 199.212.134.9.25: S 
3568082086:3568082086(0) win 65535 <mss 1460,nop,wscale 
3,sackOK,timestamp 1692532073 0>
08:19:32.778448 IP 199.212.134.9.25 > 199.212.134.2.64679: S 
901330786:901330786(0) ack 3568082087 win 65535 <mss 1460,nop,wscale 
3,sackOK,timestamp 1026686506 1692532073>
08:19:32.778470 IP 199.212.134.2.64679 > 199.212.134.9.25: . ack 1 
win 8326 <nop,nop,timestamp 1692532074 1026686506>
08:19:32.778479 IP 199.212.134.2.64679 > 199.212.134.9.25: P 1:7(6) 
ack 1 win 8326 <nop,nop,timestamp 1692532074 1026686506>
08:19:32.778942 IP 199.212.134.9.25 > 199.212.134.2.64679: R 
901330787:901330787(0) win 0
08:19:32.778951 IP 199.212.134.9.25 > 199.212.134.2.64679: R 
901330787:901330787(0) win 0

There is no record of the connection in sendmail itself either and I 
have the LogLevel set to 11.  On a normal connection from the 
monitoring host, I would see

something like

Sep  3 08:59:32 smtp2 sm-mta[14042]: NOQUEUE: connect from 
ns2.sentex.ca [199.212.134.2]
Sep  3 08:59:32 smtp2 sm-mta[14042]: m83CxWHh014042: Milter 
(milter-ahead): init success to negotiate
Sep  3 08:59:32 smtp2 sm-mta[14042]: m83CxWHh014042: Milter (clamav): 
init success to negotiate
Sep  3 08:59:32 smtp2 sm-mta[14042]: m83CxWHh014042: Milter: connect to filters
Sep  3 08:59:32 smtp2 sm-mta[14042]: m83CxWHh014042: ns2.sentex.ca 
[199.212.134.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA


I tried running without pf (or any firewall) as well as disabling 
syncache but the problem would still happen (again, once or twice a 
day, sometimes once every 2 days).  Does anyone have any other 
suggestions as to how to track down this issue ?  I am a bit 
reluctant to move my other sendmail severs to RELENG_7 if the 
monitoring system is going to be tripping false positives like this.

I am just running tcpdump on the main interface now to get a sense of 
how many times this is happening with connections in general and 
comparing it to the RELENG_6 boxes.

         ---Mike