From owner-freebsd-stable@FreeBSD.ORG Tue Mar 11 15:59:50 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0942667E for ; Tue, 11 Mar 2014 15:59:50 +0000 (UTC) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DC0A188D for ; Tue, 11 Mar 2014 15:59:49 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id s2BFxmEU089145 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 11 Mar 2014 08:59:48 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id s2BFxmZT089144; Tue, 11 Mar 2014 08:59:48 -0700 (PDT) (envelope-from jmg) Date: Tue, 11 Mar 2014 08:59:48 -0700 From: John-Mark Gurney To: Karl Denninger Subject: Re: Two odd problems with STABLE-10 r262921 Message-ID: <20140311155948.GR32089@funkthat.com> Mail-Followup-To: Karl Denninger , freebsd-stable@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Tue, 11 Mar 2014 08:59:48 -0700 (PDT) Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Mar 2014 15:59:50 -0000 Karl Denninger wrote this message on Tue, Mar 11, 2014 at 08:29 -0500: > 1. I am getting errors coming from mail transmissions to certain MX relays > -- and only those relays. One of them is (ironically) mx1.freebsd.org, > which precludes emailing the list from my primary email address! The error > logs in the maillog file show: > > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS=client, relay=mx1.freebsd.org., > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, > bits=256/256 > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS: write error=syscall error > (-1), errno=13, get_error=error:00000000:lib(0):func(0):reason(0), > retry=99, ssl_err=5 > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): putbody: > write error: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): timeout > writing message to mx1.freebsd.org.: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: to=< > freebsd-fs@freebsd.org>, ctladdr= (1001/1001), > delay=16:33:50, xdelay=00:00:05, mailer=esmtp, pri=4186247, relay= > mx1.freebsd.org. [8.8.178.115], dsn=4.0.0, stat=Deferred > > Permission denied -- on a socket? As root? What am I missing here? > > (Shutting off TLS does not resolve this.) However, this is not universal; > it only impacts *some* emails.... > > > Mar 11 08:20:37 NewFS sm-mta[5433]: s2BDKbF4005433: from=< > ticker@fs.denninger.net>, size=962, class=0, nrcpts=1, msgid=< > 201403111320.s2BDKTF3005412@fs.denninger.net>, proto=ESMTP, daemon=IPv4, > relay=localhost [127.0.0.1] > Mar 11 08:20:37 NewFS sendmail[5412]: s2BDKTF3005412: to=xxxxxxxx@yahoo.com, > ctladdr=ticker (20098/20098), delay=00:00:08, xdelay=00:00:05, > mailer=relay, pri=3 > 0494, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Message accepted) > Mar 11 08:20:37 NewFS sm-mta[5461]: STARTTLS=client, relay= > mta5.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, > cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256 > Mar 11 08:20:39 NewFS sm-mta[5461]: s2BDKbF4005433: to=, > ctladdr= (20098/20098), delay=00:00:02, > xdelay=00:00:02, > mailer=esmtp, pri=30962, relay=mta5.am0.yahoodns.net. [66.196.118.35], > dsn=2.0.0, stat=Sent (ok dirdel) > > That one went through successfully.... > > This is new; I didn't have any trouble on 9.2-STABLE at all. Ideas? This is usually due to a firewall not allowing some packets out... Make sure that your firewall is properly configured, and disable it for testing to see if the errors go away... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."