Date: Tue, 11 Mar 2014 12:24:35 -0500 From: Karl Denninger <tickerguydenninger@gmail.com> To: Karl Denninger <tickerguydenninger@gmail.com>, freebsd-stable@freebsd.org Subject: Re: Two odd problems with STABLE-10 r262921 Message-ID: <CAHCMRk8VM-kyH6JO9t_v8V8=nBAzCiJO-4_AzMPmcWhQTUwHdw@mail.gmail.com> In-Reply-To: <20140311155948.GR32089@funkthat.com> References: <CAHCMRk_=s%2B2LYr-pLkt7LJK3LcWSiomtLb_HhfUrj4VMUHjQVQ@mail.gmail.com> <20140311155948.GR32089@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yeah it hasn't changed...... I turned on verbose logging and I'm not getting anything in the logs on it -- what's even more-odd is that I can telnet to port 25 on the MX gateway and hand-feed an email in there, and it works. If I turn off the signatures, it ALSO works. That makes no sense; STARTTLS starts up on port 25, so if I can telnet there from a shell prompt how's this happening? The only thing I can come up with is that sendmail is (for an unknown reason) choosing to elect to bind to an inappropriate address (this box has a number of addresses on the interfaces and not all of them can get out!) Check out the log here: Mar 11 12:13:59 NewFS sm-mta[11023]: STARTTLS=client, relay= gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 Mar 11 12:13:59 NewFS sm-mta[11023]: STARTTLS: write error=syscall error (-1), errno=13, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5 Mar 11 12:13:59 NewFS sm-mta[11023]: s2BGax4D095381: SYSERR(root): putbody: write error: Permission denied Mar 11 12:13:59 NewFS sm-mta[11023]: s2BGax4D095381: SYSERR(root): timeout writing message to gmail-smtp-in.l.google.com.: Permission denied This fails..... then I send another message, from the same email client, with no signature less than a minute later and I get this: Mar 11 12:14:38 NewFS sm-mta[11321]: STARTTLS=client, relay= gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 Mar 11 12:14:39 NewFS sm-mta[11321]: s2BHEcNn011282: to=< tickerguydenninger@gmail.com>, ctladdr=<karl@denninger.net> (1001/1001), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30766, relay= gmail-smtp-in.l.google.com. [74.125.29.26], dsn=2.0.0, stat=Sent (OK 1394558079 v4si11548175qap.151 - gsmtp) Huh? The MX record only has one address too -- 74.125.29.26 Same cipher negotiated, same everything -- one fails with EPERM the other succeeds, and the only difference between the two emails is the presence of a MIME signature block. I think it's safe to believe (given that I've got all "deny" lines marked with the log key and nothing is showing up) this is not being blocked by the firewall. It's also new with 10.0; never happened with 9.2..... On Tue, Mar 11, 2014 at 10:59 AM, John-Mark Gurney <jmg@funkthat.com> wrote: > Karl Denninger wrote this message on Tue, Mar 11, 2014 at 08:29 -0500: > > 1. I am getting errors coming from mail transmissions to certain MX > relays > > -- and only those relays. One of them is (ironically) mx1.freebsd.org, > > which precludes emailing the list from my primary email address! The > error > > logs in the maillog file show: > > > > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS=client, relay= > mx1.freebsd.org., > > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, > > bits=256/256 > > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS: write error=syscall error > > (-1), errno=13, get_error=error:00000000:lib(0):func(0):reason(0), > > retry=99, ssl_err=5 > > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): > putbody: > > write error: Permission denied > > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): timeout > > writing message to mx1.freebsd.org.: Permission denied > > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: to=< > > freebsd-fs@freebsd.org>, ctladdr=<karl@denninger.net> (1001/1001), > > delay=16:33:50, xdelay=00:00:05, mailer=esmtp, pri=4186247, relay= > > mx1.freebsd.org. [8.8.178.115], dsn=4.0.0, stat=Deferred > > > > Permission denied -- on a socket? As root? What am I missing here? > > > > (Shutting off TLS does not resolve this.) However, this is not > universal; > > it only impacts *some* emails.... > > > > > > Mar 11 08:20:37 NewFS sm-mta[5433]: s2BDKbF4005433: from=< > > ticker@fs.denninger.net>, size=962, class=0, nrcpts=1, msgid=< > > 201403111320.s2BDKTF3005412@fs.denninger.net>, proto=ESMTP, daemon=IPv4, > > relay=localhost [127.0.0.1] > > Mar 11 08:20:37 NewFS sendmail[5412]: s2BDKTF3005412: to= > xxxxxxxx@yahoo.com, > > ctladdr=ticker (20098/20098), delay=00:00:08, xdelay=00:00:05, > > mailer=relay, pri=3 > > 0494, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Message > accepted) > > Mar 11 08:20:37 NewFS sm-mta[5461]: STARTTLS=client, relay= > > mta5.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, > > cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256 > > Mar 11 08:20:39 NewFS sm-mta[5461]: s2BDKbF4005433: to=< > xxxxxxx@yahoo.com>, > > ctladdr=<ticker@fs.denninger.net> (20098/20098), delay=00:00:02, > > xdelay=00:00:02, > > mailer=esmtp, pri=30962, relay=mta5.am0.yahoodns.net. [66.196.118.35], > > dsn=2.0.0, stat=Sent (ok dirdel) > > > > That one went through successfully.... > > > > This is new; I didn't have any trouble on 9.2-STABLE at all. Ideas? > > This is usually due to a firewall not allowing some packets out... > Make sure that your firewall is properly configured, and disable it > for testing to see if the errors go away... > > -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not." >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHCMRk8VM-kyH6JO9t_v8V8=nBAzCiJO-4_AzMPmcWhQTUwHdw>