From owner-freebsd-stable@FreeBSD.ORG Tue Mar 11 19:38:21 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 93E911B7 for ; Tue, 11 Mar 2014 19:38:21 +0000 (UTC) Received: from secure.freebsdsolutions.net (secure.freebsdsolutions.net [69.55.234.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 791A0617 for ; Tue, 11 Mar 2014 19:38:21 +0000 (UTC) Received: from [10.10.1.198] (office.betterlinux.com [199.58.199.60]) (authenticated bits=0) by secure.freebsdsolutions.net (8.14.4/8.14.4) with ESMTP id s2BJcCZv043621 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 11 Mar 2014 15:38:12 -0400 (EDT) (envelope-from lists@jnielsen.net) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: Two odd problems with STABLE-10 r262921 From: John Nielsen In-Reply-To: Date: Tue, 11 Mar 2014 13:39:10 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: <07F92476-4D78-42DA-93D4-373680AEE93A@jnielsen.net> References: To: Karl Denninger X-Mailer: Apple Mail (2.1874) X-DCC--Metrics: ns1.jnielsen.net 1282; Body=2 Fuz1=2 Fuz2=2 X-Virus-Scanned: clamav-milter 0.97.8 at ns1.jnielsen.net X-Virus-Status: Clean Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Mar 2014 19:38:21 -0000 On Mar 11, 2014, at 7:29 AM, Karl Denninger = wrote: > Two things I've run into with this coming from 9.2-STABLE.... >=20 > 1. I am getting errors coming from mail transmissions to certain MX = relays > -- and only those relays. One of them is (ironically) = mx1.freebsd.org, > which precludes emailing the list from my primary email address! The = error > logs in the maillog file show: >=20 > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS=3Dclient, = relay=3Dmx1.freebsd.org., > version=3DTLSv1/SSLv3, verify=3DFAIL, = cipher=3DECDHE-RSA-AES256-GCM-SHA384, > bits=3D256/256 > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS: write error=3Dsyscall = error > (-1), errno=3D13, get_error=3Derror:00000000:lib(0):func(0):reason(0), > retry=3D99, ssl_err=3D5 > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): = putbody: > write error: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): = timeout > writing message to mx1.freebsd.org.: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: to=3D< > freebsd-fs@freebsd.org>, ctladdr=3D (1001/1001), > delay=3D16:33:50, xdelay=3D00:00:05, mailer=3Desmtp, pri=3D4186247, = relay=3D > mx1.freebsd.org. [8.8.178.115], dsn=3D4.0.0, stat=3DDeferred >=20 > Permission denied -- on a socket? As root? What am I missing here? >=20 > (Shutting off TLS does not resolve this.) However, this is not = universal; > it only impacts *some* emails.... >=20 >=20 > Mar 11 08:20:37 NewFS sm-mta[5433]: s2BDKbF4005433: from=3D< > ticker@fs.denninger.net>, size=3D962, class=3D0, nrcpts=3D1, msgid=3D< > 201403111320.s2BDKTF3005412@fs.denninger.net>, proto=3DESMTP, = daemon=3DIPv4, > relay=3Dlocalhost [127.0.0.1] > Mar 11 08:20:37 NewFS sendmail[5412]: s2BDKTF3005412: = to=3Dxxxxxxxx@yahoo.com, > ctladdr=3Dticker (20098/20098), delay=3D00:00:08, xdelay=3D00:00:05, > mailer=3Drelay, pri=3D3 > 0494, relay=3D[127.0.0.1] [127.0.0.1], dsn=3D2.0.0, stat=3DSent = (Message accepted) > Mar 11 08:20:37 NewFS sm-mta[5461]: STARTTLS=3Dclient, relay=3D > mta5.am0.yahoodns.net., version=3DTLSv1/SSLv3, verify=3DFAIL, > cipher=3DDHE-RSA-CAMELLIA256-SHA, bits=3D256/256 > Mar 11 08:20:39 NewFS sm-mta[5461]: s2BDKbF4005433: = to=3D, > ctladdr=3D (20098/20098), delay=3D00:00:02, > xdelay=3D00:00:02, > mailer=3Desmtp, pri=3D30962, relay=3Dmta5.am0.yahoodns.net. = [66.196.118.35], > dsn=3D2.0.0, stat=3DSent (ok dirdel) >=20 > That one went through successfully.... >=20 > This is new; I didn't have any trouble on 9.2-STABLE at all. Ideas? Are you by any chance using both TSO and NAT on an interface[1]? I saw = problems with larger transmissions and odd "permission denied" errors on = a machine in that situation. Not sure what changed in 10 vs 9 to expose = the issue but it wouldn't be the first I've heard of it[2]. Try "ifconfig yournatinterface -tso" if so and see if the problem goes = away (obviously replace "yournatinterface" with the actual interface = name). If it does, add "-tso" to the appropriate ifconfig entry in = /etc/rc.conf. JN [1] See also the related BUGS entry in ipfw(8): = http://www.freebsd.org/cgi/man.cgi?query=3Dipfw&sektion=3D8#end [2] = http://lists.freebsd.org/pipermail/freebsd-ipfw/2014-February/005560.html=