Two odd problems with STABLE-10 r262921
Karl Denninger
tickerguydenninger at gmail.com
Tue Mar 11 19:45:12 UTC 2014
That appears to have fixed it (turning TSO off)
No idea why I was never bit by it before, but it looks like it's ok now.
Thank you.
On Tue, Mar 11, 2014 at 2:39 PM, John Nielsen <lists at jnielsen.net> wrote:
> On Mar 11, 2014, at 7:29 AM, Karl Denninger <tickerguydenninger at gmail.com>
> wrote:
>
> > Two things I've run into with this coming from 9.2-STABLE....
> >
> > 1. I am getting errors coming from mail transmissions to certain MX
> relays
> > -- and only those relays. One of them is (ironically) mx1.freebsd.org,
> > which precludes emailing the list from my primary email address! The
> error
> > logs in the maillog file show:
> >
> > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS=client, relay=
> mx1.freebsd.org.,
> > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384,
> > bits=256/256
> > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS: write error=syscall error
> > (-1), errno=13, get_error=error:00000000:lib(0):func(0):reason(0),
> > retry=99, ssl_err=5
> > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root):
> putbody:
> > write error: Permission denied
> > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): timeout
> > writing message to mx1.freebsd.org.: Permission denied
> > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: to=<
> > freebsd-fs at freebsd.org>, ctladdr=<karl at denninger.net> (1001/1001),
> > delay=16:33:50, xdelay=00:00:05, mailer=esmtp, pri=4186247, relay=
> > mx1.freebsd.org. [8.8.178.115], dsn=4.0.0, stat=Deferred
> >
> > Permission denied -- on a socket? As root? What am I missing here?
> >
> > (Shutting off TLS does not resolve this.) However, this is not
> universal;
> > it only impacts *some* emails....
> >
> >
> > Mar 11 08:20:37 NewFS sm-mta[5433]: s2BDKbF4005433: from=<
> > ticker at fs.denninger.net>, size=962, class=0, nrcpts=1, msgid=<
> > 201403111320.s2BDKTF3005412 at fs.denninger.net>, proto=ESMTP, daemon=IPv4,
> > relay=localhost [127.0.0.1]
> > Mar 11 08:20:37 NewFS sendmail[5412]: s2BDKTF3005412: to=
> xxxxxxxx at yahoo.com,
> > ctladdr=ticker (20098/20098), delay=00:00:08, xdelay=00:00:05,
> > mailer=relay, pri=3
> > 0494, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Message
> accepted)
> > Mar 11 08:20:37 NewFS sm-mta[5461]: STARTTLS=client, relay=
> > mta5.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL,
> > cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256
> > Mar 11 08:20:39 NewFS sm-mta[5461]: s2BDKbF4005433: to=<
> xxxxxxx at yahoo.com>,
> > ctladdr=<ticker at fs.denninger.net> (20098/20098), delay=00:00:02,
> > xdelay=00:00:02,
> > mailer=esmtp, pri=30962, relay=mta5.am0.yahoodns.net. [66.196.118.35],
> > dsn=2.0.0, stat=Sent (ok dirdel)
> >
> > That one went through successfully....
> >
> > This is new; I didn't have any trouble on 9.2-STABLE at all. Ideas?
>
> Are you by any chance using both TSO and NAT on an interface[1]? I saw
> problems with larger transmissions and odd "permission denied" errors on a
> machine in that situation. Not sure what changed in 10 vs 9 to expose the
> issue but it wouldn't be the first I've heard of it[2].
>
> Try "ifconfig yournatinterface -tso" if so and see if the problem goes
> away (obviously replace "yournatinterface" with the actual interface name).
> If it does, add "-tso" to the appropriate ifconfig entry in /etc/rc.conf.
>
> JN
>
> [1] See also the related BUGS entry in ipfw(8):
> http://www.freebsd.org/cgi/man.cgi?query=ipfw&sektion=8#end
> [2]
> http://lists.freebsd.org/pipermail/freebsd-ipfw/2014-February/005560.html
More information about the freebsd-stable
mailing list