Oskar Eyb wrote:
Hello!
A remote MTA cannot deliver me any email. the admin gets the following
errors:
"retry time not reached for any host after a long failure period"
and "retry timeout exceeded".
After I cant find anything related to this server in my postfix log, I
grep'ed for <ip> in /var/log/* and got the following hits:
[...]
dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25 tcpflags
0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and
retransmitting SYN|ACK
dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25;
syncache_timer: Response timeout, retransmitting (1) SYN|ACK
dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25;
syncache_timer: Response timeout, retransmitting (2) SYN|ACK
dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25;
syncache_timer: Response timeout, retransmitting (3) SYN|ACK
dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25;
syncache_timer: Retransmits exhausted, giving up and removing syncache
entry
85.214.42.62 is the other MTA, 172.16.0.2 is my jail.
I use PF with rdr/nat on FreeBSD 7 RC4.
We have not released 7RC4 yet. You probably run BETA4. An upgrade to
7RC1 or 7RC2 in the next few days fixes all known TCP bugs.
Other than that it looks like your PF rule set may be not entirely
correct. Please post your pf.conf.
--
Andre
in the daily security email I get dozens of messages like this, also to
other tcp ports (e.g. 80)
default-values for:
net.inet.tcp.syncache.rst_on_sock_fail: 1
net.inet.tcp.syncache.rexmtlimit: 3
net.inet.tcp.syncache.hashsize: 512
net.inet.tcp.syncache.count: 0
net.inet.tcp.syncache.cachelimit: 15360
net.inet.tcp.syncache.bucketlimit: 30
Can anybody help me out of this?
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
