From owner-freebsd-stable@FreeBSD.ORG Tue Mar 11 19:45:11 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E4546541 for ; Tue, 11 Mar 2014 19:45:11 +0000 (UTC) Received: from mail-ve0-x244.google.com (mail-ve0-x244.google.com [IPv6:2607:f8b0:400c:c01::244]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9E61874B for ; Tue, 11 Mar 2014 19:45:11 +0000 (UTC) Received: by mail-ve0-f196.google.com with SMTP id cz12so3376075veb.3 for ; Tue, 11 Mar 2014 12:45:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=eDOAofhTehO1heCWCGWeiM7Hh0w+caaAc8KT0ICGhtA=; b=n492BvdZHfn/0t7WmS0aVtci63HhElis8GSoMQdsaw1Nh4nquhhzFF6/aQaUrzY2rh VU2lnHJLjBq8EYIfecPXrCrQXqLjSkMA9yDhWAH4+ZrJM7emm7/ffAJ0qZsShrg9+JHl lATsdH/xa266CM3CJSp1oKLSNBR24QE/4966gAASt8ha8+WlkryAO2HInQlqncza83Ux 81L4LrLsCxPtgXo7OUMFNZZn3NYYZ73QG6Da3v9sxRFLop4I6ULFNRaJFApc4nODg5YW rvypBFArQ/ByHwKfXzrHrqSEYw8dJAi4uVxY4SxhYcTf3EzTp3rQsdJvKd3UL1zi0Jbl uV4A== MIME-Version: 1.0 X-Received: by 10.52.164.39 with SMTP id yn7mr12448195vdb.25.1394567110833; Tue, 11 Mar 2014 12:45:10 -0700 (PDT) Received: by 10.220.150.132 with HTTP; Tue, 11 Mar 2014 12:45:10 -0700 (PDT) In-Reply-To: <07F92476-4D78-42DA-93D4-373680AEE93A@jnielsen.net> References: <07F92476-4D78-42DA-93D4-373680AEE93A@jnielsen.net> Date: Tue, 11 Mar 2014 14:45:10 -0500 Message-ID: Subject: Re: Two odd problems with STABLE-10 r262921 From: Karl Denninger To: John Nielsen Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Mar 2014 19:45:12 -0000 That appears to have fixed it (turning TSO off) No idea why I was never bit by it before, but it looks like it's ok now. Thank you. On Tue, Mar 11, 2014 at 2:39 PM, John Nielsen wrote: > On Mar 11, 2014, at 7:29 AM, Karl Denninger > wrote: > > > Two things I've run into with this coming from 9.2-STABLE.... > > > > 1. I am getting errors coming from mail transmissions to certain MX > relays > > -- and only those relays. One of them is (ironically) mx1.freebsd.org, > > which precludes emailing the list from my primary email address! The > error > > logs in the maillog file show: > > > > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS=client, relay= > mx1.freebsd.org., > > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, > > bits=256/256 > > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS: write error=syscall error > > (-1), errno=13, get_error=error:00000000:lib(0):func(0):reason(0), > > retry=99, ssl_err=5 > > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): > putbody: > > write error: Permission denied > > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): timeout > > writing message to mx1.freebsd.org.: Permission denied > > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: to=< > > freebsd-fs@freebsd.org>, ctladdr= (1001/1001), > > delay=16:33:50, xdelay=00:00:05, mailer=esmtp, pri=4186247, relay= > > mx1.freebsd.org. [8.8.178.115], dsn=4.0.0, stat=Deferred > > > > Permission denied -- on a socket? As root? What am I missing here? > > > > (Shutting off TLS does not resolve this.) However, this is not > universal; > > it only impacts *some* emails.... > > > > > > Mar 11 08:20:37 NewFS sm-mta[5433]: s2BDKbF4005433: from=< > > ticker@fs.denninger.net>, size=962, class=0, nrcpts=1, msgid=< > > 201403111320.s2BDKTF3005412@fs.denninger.net>, proto=ESMTP, daemon=IPv4, > > relay=localhost [127.0.0.1] > > Mar 11 08:20:37 NewFS sendmail[5412]: s2BDKTF3005412: to= > xxxxxxxx@yahoo.com, > > ctladdr=ticker (20098/20098), delay=00:00:08, xdelay=00:00:05, > > mailer=relay, pri=3 > > 0494, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Message > accepted) > > Mar 11 08:20:37 NewFS sm-mta[5461]: STARTTLS=client, relay= > > mta5.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, > > cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256 > > Mar 11 08:20:39 NewFS sm-mta[5461]: s2BDKbF4005433: to=< > xxxxxxx@yahoo.com>, > > ctladdr= (20098/20098), delay=00:00:02, > > xdelay=00:00:02, > > mailer=esmtp, pri=30962, relay=mta5.am0.yahoodns.net. [66.196.118.35], > > dsn=2.0.0, stat=Sent (ok dirdel) > > > > That one went through successfully.... > > > > This is new; I didn't have any trouble on 9.2-STABLE at all. Ideas? > > Are you by any chance using both TSO and NAT on an interface[1]? I saw > problems with larger transmissions and odd "permission denied" errors on a > machine in that situation. Not sure what changed in 10 vs 9 to expose the > issue but it wouldn't be the first I've heard of it[2]. > > Try "ifconfig yournatinterface -tso" if so and see if the problem goes > away (obviously replace "yournatinterface" with the actual interface name). > If it does, add "-tso" to the appropriate ifconfig entry in /etc/rc.conf. > > JN > > [1] See also the related BUGS entry in ipfw(8): > http://www.freebsd.org/cgi/man.cgi?query=ipfw&sektion=8#end > [2] > http://lists.freebsd.org/pipermail/freebsd-ipfw/2014-February/005560.html