imap problem with blackhole

Nikos Vassiliadis nvass at
Tue Feb 28 03:27:16 PST 2006

On Sunday 26 February 2006 14:26, Perttu Laine wrote:
> Hello!
> I have problem with imap. Works fine if blackhole (tcp) is set to 0, but I
> set it 1 or 2 imap stops responding (timeouts). Dovecot imap and freebsd
> 5.4. So. What could be case here?

I suspect that it's trying to do something to localhost and doesn't get a
reply back. Many programs behave like that, in my case kmail. It was
trying to use rpc, other programs try to use ident. So, first find out what
it's trying to do, use netstat -nafinet and you'll see some some TCP sockets
in SYN_SENT state, for example:

nik:0:~$ telnet 127.1 &
[1] 75027
nik:1:~$ Trying
netstat -nafinet
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0           SYN_SENT

telnet will time out eventually. The kernel never sends a TCP reset
there 'cause tcp.blackhole=1

step 2, use your favorite firewall to return an active reply(TCP reset),
in my case:

root:0:~# pfctl -srules
No ALTQ support in kernel
ALTQ related functions disabled
block return in inet proto tcp from to port = sunrpc
block return in inet proto udp from to port = sunrpc
block drop in log inet proto tcp from any to any port 6000:6010 flags S/SA

perhaps in a more complex situation(UDP) you should use a packet filter
to log everything that goes through the loopback interface. Are you using
TCP AND UDP blackhole?

HTH, Nikos

> --
> kpn @ IRCnet
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list