From owner-freebsd-pf@FreeBSD.ORG Sat Nov 21 18:27:09 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A17C91065670 for ; Sat, 21 Nov 2009 18:27:09 +0000 (UTC) (envelope-from mike@jellydonut.org) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by mx1.freebsd.org (Postfix) with ESMTP id 418C18FC12 for ; Sat, 21 Nov 2009 18:27:08 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id d23so1773605fga.13 for ; Sat, 21 Nov 2009 10:27:08 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.76.21 with SMTP id d21mr1319055mul.78.1258828028231; Sat, 21 Nov 2009 10:27:08 -0800 (PST) In-Reply-To: <1de79840911211023n165ecbd0h1051aaada4acefb@mail.gmail.com> References: <6c51dbb10911210706g3490e463x7fdf3809243e30d2@mail.gmail.com> <4B082302.3040704@gmx.de> <6c51dbb10911211007x4ea07528y7642460629788903@mail.gmail.com> <1de79840911211023n165ecbd0h1051aaada4acefb@mail.gmail.com> Date: Sat, 21 Nov 2009 13:27:08 -0500 Message-ID: <1de79840911211027mbc0e731l565817f678db128e@mail.gmail.com> From: Michael Proto To: Victor Lyapunov Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: sending mail with attachments always fails (FreeBSD/pf) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Nov 2009 18:27:09 -0000 On Sat, Nov 21, 2009 at 1:23 PM, Michael Proto wrote: > On Sat, Nov 21, 2009 at 1:07 PM, Victor Lyapunov > wrote: > >> rule 4/0(match): pass out on em0: (tos 0x0, ttl 127, id 19860, offset >> 0, flags [DF], proto TCP (6), length 48) 192.168.0.5.1822 > >> 209.85.129.111.465: =A0tcp 28 [bad hdr length 0 - too short, < 20] > > This looks to be your problem-- bad hdr length 0. I don't know enough > of what mailer(s) you're using to relay this message outbound, but > since port 465 is smtp over TLS/SSL are you sure your smtp encryption > is working correctly? I often see these types of errors with other > TLS/SSL apps when one side is expecting an encrypted connection and > the other is not (correctly) providing it. > > Have you tried using unencrypted smtp on port 25? Does that work? > Er... wait, I just re-read that you said things work fine with pf disabled, so my theory about bad encryption probably isn't very accurate. Are you still using a scrub rule? Have you tried disabling it? If pf is seeing a "bad hdr length" error it might be dropping the packet due to scrubbing. Of course, this could also mean that TSO is enabled on your ethernet interface and bpf just isn't seeing the tcp header at all, so my whole theory might be moot. -Proto