sending mail with attachments always fails (FreeBSD/pf)
Michael Proto
mike at jellydonut.org
Sat Nov 21 18:27:09 UTC 2009
On Sat, Nov 21, 2009 at 1:23 PM, Michael Proto <mike at jellydonut.org> wrote:
> On Sat, Nov 21, 2009 at 1:07 PM, Victor Lyapunov
> <fullblaststorm at gmail.com> wrote:
>
>> rule 4/0(match): pass out on em0: (tos 0x0, ttl 127, id 19860, offset
>> 0, flags [DF], proto TCP (6), length 48) 192.168.0.5.1822 >
>> 209.85.129.111.465: tcp 28 [bad hdr length 0 - too short, < 20]
>
> This looks to be your problem-- bad hdr length 0. I don't know enough
> of what mailer(s) you're using to relay this message outbound, but
> since port 465 is smtp over TLS/SSL are you sure your smtp encryption
> is working correctly? I often see these types of errors with other
> TLS/SSL apps when one side is expecting an encrypted connection and
> the other is not (correctly) providing it.
>
> Have you tried using unencrypted smtp on port 25? Does that work?
>
Er... wait, I just re-read that you said things work fine with pf
disabled, so my theory about bad encryption probably isn't very
accurate. Are you still using a scrub rule? Have you tried disabling
it? If pf is seeing a "bad hdr length" error it might be dropping the
packet due to scrubbing. Of course, this could also mean that TSO is
enabled on your ethernet interface and bpf just isn't seeing the tcp
header at all, so my whole theory might be moot.
-Proto
More information about the freebsd-pf
mailing list