Date: Wed, 10 Mar 2004 08:05:16 +1100 (EST) From: daemon@swiftdsl.com.au To: daemon@swiftdsl.com.au Cc: freebsd-questions@freebsd.org Subject: Re: tcp port sticks in closing state Message-ID: <29275.61.88.6.90.1078866316.squirrel@webmail.swiftdsl.com.au> In-Reply-To: <15351.218.214.54.98.1078817948.squirrel@webmail.swiftdsl.com.au> References: <15351.218.214.54.98.1078817948.squirrel@webmail.swiftdsl.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi all, > > I have a strange question that is probably more a tcp thing than FreeBSD, > but you all have helped me so much in the past that I thought I'd start > here. > > I am running FreeBSD 5.2.1 at home with postfix-2.0.18,1 from ports. When > I send an email from my work (red hat 9, qmail), which is behind a > Watchguard Firebox 700 doing NAT and using their "smtp-filter" (i'm the > sysadmin at work, so any bad there is all me), to my home address it > causes the freebsd machine to sit in the the following state (from a > netstat -an | grep 25): > > tcp4 0 0 192.168.1.2.25 61.XX.X.XX.28709 CLOSING > tcp4 0 0 192.168.1.2.25 61.XX.X.XX.28708 CLOSING > > This ties up the smtp port and any further attempts to connect from > anywhere on the net yield: > > 421 SMTP service not available, closing transmission channel > > To get this I have to send a bunch of emails (say 4 or more) and the first > two always get through. When I send a bunch of emails from any other > address (yahoo, etc) this does not happen. > > I did a tcpdump -i fxp0 and greped for the port of one of these sessions > and see: > > 21:45:18.424512 chinook.myhost.com.smtp > 61.XX.X.XX.28709: F > 2504912170:2504912170(0) ack 2923328197 win 65535 (DF) > 21:47:26.436486 chinook.myhost.com.smtp > 61.XX.X.XX.28709: F > 2504912170:2504912170(0) ack 2923328197 win 65535 (DF) > 21:48:30.442449 chinook.myhost.com.smtp > 61.XX.X.XX.28709: R > 2504912171:2504912171(0) ack 2923328197 win 65535 (DF) > > So ... what's going on here? To me it looks as if chinook.myhost.com is > trying to ACK back to the server at my work and not getting an answer. >>From what I googled the tcp connection takes 5 mins to die in the closing > state. But in the meantime my mail server is not able to receive messages. > Should it do this? This seems like a "bad thing" and an way of DOSing > someone's mail system. > > Any thoughts? Any better places to post? > > Thanks in advance, > > August Simonelli > > Follow up: the outgoing mail was relayed through a Red Hat 9 / qmail box (hiding exchange 2000). when i removed the relay, the problem went away. maybe i missed a patch? maybe it's the private ip that the box is using (dmz - screwed up nat rule?)? not sure ... but it'll be fun to test. as this is probably not an issue for this list i won't post anymore follow-ups ... please contact me directly if you are interested in any more info! august
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29275.61.88.6.90.1078866316.squirrel>