12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication
Ronald Klop
ronald-lists at klop.ws
Sun Nov 22 18:48:16 UTC 2020
On Sun, 22 Nov 2020 14:37:33 +0100, Michael Grimm <trashcan at ellael.org>
wrote:
> Hi,
>
> I am running 12.2-STABLE and VNET jails, one of which host a recent
> Dovecot IMAP and a recent postfix SMTP server. Authentication is forced
> via TLS/SSL for both services (ports 587 and 993). Setup is as follows:
>
> extIF0/pf/NAT <—> epairXa (bridge0) epairXb <-> jail
>
> A recent upgrade broke mailing of IMAP clients running at macOS 10.14.6
> (Mojave) und AVM's push service (Fritzbox), but *not* for IMAP clients
> running at macOS 10.15.7 (Catalina). Strange.
>
> Findings at macOS 10.14.6 (examplified for IMAP):
>
> 1) mac$ nc -4vw 1 mail.xyz.zzz 993
> found 0 associations
> found 1 connections:
> 1: flags=82<CONNECTED,PREFERRED>
> outif en0
> src 1.2.3.4 port 49583
> dst 11.22.33.44 port 993
> rank info not available
> TCP aux info available
>
> Connection to mail.xyz.zzz port 993 [tcp/imaps] succeeded!
>
> 2) mac$ openssl s_client -crlf -connect mail.xyz.zzz:993 -debug
> CONNECTED(00000005)
> write to 0x7fa32ef01ae0 [0x7fa33080a803] (200 bytes => 200 (0xC8))
> 0000 - 16 03 01 00 c3 01 00 00-bf 03 03 32 f7 fe fa b4 ...........2....
> 0010 - e8 9a 60 38 ef 34 99 70-84 ce dc 1a 08 b8 76 90 ..`8.4.p……v.
> 0020 - 19 8c 81 f4 a6 37 19 37-09 70 6f 00 00 60 c0 30
> .....7.7.po..`.0
> 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 9f 00 6b 00 39
> .,.(.$.......k.9
> 0040 - cc a9 cc a8 cc aa ff 85-00 c4 00 88 00 81 00 9d …………….
> 0050 - 00 3d 00 35 00 c0 00 84-c0 2f c0 2b c0 27 c0 23
> .=.5...../.+.'.#
> 0060 - c0 13 c0 09 00 9e 00 67-00 33 00 be 00 45 00 9c
> .......g.3...E..
> 0070 - 00 3c 00 2f 00 ba 00 41-c0 11 c0 07 00 05 00 04 .<./...A……..
> 0080 - c0 12 c0 08 00 16 00 0a-00 15 00 09 00 ff 01 00 …………….
> 0090 - 00 36 00 0b 00 02 01 00-00 0a 00 08 00 06 00 1d .6…………..
> 00a0 - 00 17 00 18 00 23 00 00-00 0d 00 1c 00 1a 06 01 .....#……….
> 00b0 - 06 03 ef ef 05 01 05 03-04 01 04 03 ee ee ed ed …………….
> 00c0 - 03 01 03 03 02 01 02 03- ........
>
> hanging at that stage forever
> (and client complaining of its inability to authenticate and reports
> timeout after 60 seconds)
>
>
> I did identify commit 367740 being responsible for that:
>
> mike> svn up -r 367740
> Updating '.':
> U sys/netinet/ip_fastfwd.c
> U sys/netinet/ip_input.c
> U sys/netinet/ip_var.h
> U .
> Updated to revision 367740.
>
>
> Any Ideas, especially why clients at different OS behave different?
>
> FYI: I do have no access to AVM's push service, and very limited access
> to the macOS 10.14.6 computer.
>
> Thanks in advance and with kind regards,
> Michael
>
> P.S. How may I update a local svn copy and simultaneously omit commit
> 367740 from being applied, or how may I revert commit 367740, only?
From the top of my head you can do something like:
Assuming your svn checkout is in /usr/src:
cd /usr/src
svn up
svn diff -c -367740 | patch
This will get the reverse of commit 367740 (because of the -) and patch
the code with it.
Regards,
Ronald.
More information about the freebsd-stable
mailing list