Date: Sat, 21 Nov 2009 17:03:41 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: sending mail with attachments always fail (FreeBSD/pf) Message-ID: <20091121170341.2c1bf3cb@gumby.homeunix.com> In-Reply-To: <20091121152720.GA3878@current.Sisis.de> References: <6c51dbb10911210659t2e7b87dcg66d71544312d4172@mail.gmail.com> <20091121152720.GA3878@current.Sisis.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 21 Nov 2009 16:27:20 +0100 Matthias Apitz <guru@unixarea.de> wrote: > El d=EDa Saturday, November 21, 2009 a las 08:59:12PM +0600, Victor > Lyapunov escribi=F3: >=20 > > Hi all, > >=20 > > I have production network with FreeBSD box acting as firewall. The > > problem emerge as soon as users send mail with attachments. (Sending > > mail without attachments always succeeds). Basically, when a user > > tries to send a message, only part of it transmitted before > > connection is interrupted and sending fails. The problem persists > > only when pf is enabled. >=20 > I think concerning TCP/IP there is no diff between a mail with or w/o > attachment, it is just talking SMTP to a remote server and only the > size, i.e, the number of IP pkgs, differs; the content is anyway; This kind of thing is often due to a mtu blackhole - when a larger email causes a full size IP packet to be sent. I don't see why PF should make a difference though, IFAIK it's supposed to let ICMP through when it's learned state on a tcp connection. > I never used S/SA as flags in my rules, only S.=20 S/SA is correct, it mean look at SYN and ACK and match if only SYN is set, S matches on SYN irrespective of whether ACK is set.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091121170341.2c1bf3cb>