El día Saturday, November 21, 2009 a las 08:59:12PM +0600, Victor Lyapunov
escribió:
> Hi all,
>
> I have production network with FreeBSD box acting as firewall. The
> problem emerge as soon as users send mail with attachments. (Sending
> mail without attachments always succeeds). Basically, when a user
> tries to send a message, only part of it transmitted before connection
> is interrupted and sending fails. The problem persists only when pf is
> enabled.
I think concerning TCP/IP there is no diff between a mail with or w/o
attachment, it is just talking SMTP to a remote server and only the
size, i.e, the number of IP pkgs, differs; the content is anyway;
> My ruleset:
> scrub in all fragment reassemble
> block drop on em0 all
> pass inet proto tcp from 192.168.0.0/24 to any port = smtp flags S/SA keep
> state
> pass inet proto tcp from 192.168.0.0/24 to any port = pop3 flags S/SA keep
> state
> pass inet proto tcp from 192.168.0.0/24 to any port = imap flags S/SA keep
> state
> pass inet proto tcp from 192.168.0.0/24 to any port = smtps flags S/SA
> keep state
> pass inet proto tcp from 192.168.0.0/24 to any port = pop3s flags S/SA
> keep state
> pass proto udp from any to any port = domain keep state
I never used S/SA as flags in my rules, only S. More I can' see.
HIH (if not watch with some tcpdump(1) what's going on between the NIC
and the remote server).
matthias
--
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <g...@unixarea.de> - w http://www.unixarea.de/
Vote NO to EU The Lisbon Treaty: http://www.no-means-no.eu
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
