but from other hosts some mail passes, while some mail does not succeed. I'm going to try to provide as much information as possible, since this seems (to me at least) to be a hard-to-diagnose problem. I'll start with a tcpdump taken during attempted mail delivery from one of the known affected hosts.
10:23:22.874245 PPPoE [ses 0x1e90] 198.108.1.26.33927 > 68.165.x.x.25: S [tcp sum ok] 388695950:388695950(0) win 8760 <mss 1460> (DF) (ttl 241, id 5178, len 44)
10:23:22.877015 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.33927: S [tcp sum ok] 426038296:426038296(0) ack 388695951 win 49640 <mss 1460> (DF) (ttl 63, id 48430, len 44)
10:23:22.974234 PPPoE [ses 0x1e90] 198.108.1.26.33927 > 68.165.x.x.25: . [tcp sum ok] 1:1(0) ack 1 win 8760 (DF) (ttl 241, id 5179, len 40)
10:23:22.999340 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.33927: P [tcp sum ok] 1:36(35) ack 1 win 49640 (DF) (ttl 63, id 48431, len 75)
10:23:23.099113 PPPoE [ses 0x1e90] 198.108.1.26.33927 > 68.165.x.x.25: . [tcp sum ok] 1:1(0) ack 36 win 8760 (DF) (ttl 241, id 5180, len 40)
10:23:23.099874 PPPoE [ses 0x1e90] 198.108.1.26.33927 > 68.165.x.x.25: P [tcp sum ok] 1:26(25) ack 36 win 8760 (DF) (ttl 241, id 5181, len 65)
10:23:23.101072 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.33927: . [tcp sum ok] 36:36(0) ack 26 win 49640 (DF) (ttl 63, id 48432, len 40)
10:23:23.102353 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.33927: P 36:126(90) ack 26 win 49640 (DF) (ttl 63, id 48433, len 130)
10:23:23.212263 PPPoE [ses 0x1e90] 198.108.1.26.33927 > 68.165.x.x.25: P 26:104(78) ack 126 win 8760 (DF) (ttl 241, id 5182, len 118)
10:23:23.213775 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.33927: . [tcp sum ok] 126:126(0) ack 104 win 49562 (DF) (ttl 63, id 48434, len 40)
10:23:23.227054 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.33927: P 126:179(53) ack 104 win 49562 (DF) (ttl 63, id 48435, len 93)
10:23:23.336608 PPPoE [ses 0x1e90] 198.108.1.26.33927 > 68.165.x.x.25: P 1564:2808(1244) ack 179 win 8760 (DF) (ttl 241, id 5184, len 1284)
10:23:23.339197 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.33927: . [tcp sum ok] 179:179(0) ack 104 win 49562 (DF) (ttl 63, id 48436, len 40)
10:24:51.517664 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.61526: P [tcp sum ok] 179:208(29) ack 104 win 49562 (DF) (ttl 63, id 48437, len 69)
10:24:51.520143 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.61526: R [tcp sum ok] 1681535264:1681535264(0) win 49562 (DF) (ttl 63, id 48438, len 40)
10:28:24.190848 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.33927: P [tcp sum ok] 179:208(29) ack 104 win 49562 (DF) (ttl 63, id 48439, len 69)
10:28:24.194387 PPPoE [ses 0x1e90] 68.165.x.x.25 > 198.108.1.26.33927: R [tcp sum ok] 426038504:426038504(0) win 49562 (DF) (ttl 63, id 48440, len 40)
Here is what the syslog on the mail server says during this time:
Mar 24 10:23:57 sparc postfix/smtpd[1176]: [ID 197553 mail.info] connect from trapdoor.merit.edu[198.108.1.26]
Mar 24 10:23:57 sparc postfix/smtpd[1176]: [ID 197553 mail.info] 63520204D0: client=trapdoor.merit.edu[198.108.1.26]
Mar 24 10:24:09 sparc postfix/smtpd[1184]: [ID 197553 mail.info] timeout after DATA from ohno.mrbill.net[207.200.6.75]
Mar 24 10:24:09 sparc postfix/smtpd[1184]: [ID 197553 mail.info] disconnect from ohno.mrbill.net[207.200.6.75]
Mar 24 10:25:25 sparc postfix/smtpd[1186]: [ID 197553 mail.info] timeout after DATA from trapdoor.merit.edu[198.108.1.26]
Mar 24 10:25:25 sparc postfix/smtpd[1186]: [ID 197553 mail.info] disconnect from trapdoor.merit.edu[198.108.1.26]
Mar 24 10:27:41 sparc postfix/smtpd[1188]: [ID 197553 mail.info] connect from cairo.anu.edu.au[150.203.224.11]
Mar 24 10:27:42 sparc postfix/smtpd[1188]: [ID 197553 mail.info] 18D3B204D5: client=cairo.anu.edu.au[150.203.224.11]
Mar 24 10:28:58 sparc postfix/smtpd[1176]: [ID 197553 mail.info] timeout after DATA from trapdoor.merit.edu[198.108.1.26]
Mar 24 10:28:58 sparc postfix/smtpd[1176]: [ID 197553 mail.info] disconnect from trapdoor.merit.edu[198.108.1.26]
Now comes the information suggested in the IPFilter FAQ:
bash-2.05b# uname -a
NetBSD ns.example.net 1.6.2 NetBSD 1.6.2 (GENERIC) #0: Wed Feb 11 08:05:11 UTC 2004 [EMAIL PROTECTED]:/autobuild/netbsd-1-6-PATCH002/sparc/OBJ/autobuild/netbsd-1-6-PATCH002/src/sys/arch/sparc/compile/GENERIC sparc
bash-2.05b# netstat -rn Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 172.31.255.248 UGS 2 57128 - pppoe0
127 127.0.0.1 UGRS 0 0 33220 lo0
127.0.0.1 127.0.0.1 UH 1 210 33220 lo0
172.31.255.248 68.165.x.x UH 1 0 - pppoe0
192.168.1 link#2 UC 3 0 - le1
192.168.1.1 08:00:20:1b:2e:09 UHLc 0 3306 - lo0
192.168.1.13 08:00:20:1f:3f:2e UHLc 0 1880 - le1
192.168.1.16 08:00:09:cd:b4:8f UHLc 0 25 - le1
XNS:
Destination Gateway Flags Refs Use Mtu Interface
ISO:
Destination Gateway Flags Refs Use Mtu Interface
Internet6:
Destination Gateway Flags Refs Use Mtu Interface
::/104 ::1 UGRS 0 0 33220 lo0 =>
::/96 ::1 UGRS 0 0 33220 lo0
::1 ::1 UH 12 0 33220 lo0
::127.0.0.0/104 ::1 UGRS 0 0 33220 lo0
::224.0.0.0/100 ::1 UGRS 0 0 33220 lo0
::255.0.0.0/104 ::1 UGRS 0 0 33220 lo0
::ffff:0.0.0.0/96 ::1 UGRS 0 0 33220 lo0
2002::/24 ::1 UGRS 0 0 33220 lo0
2002:7f00::/24 ::1 UGRS 0 0 33220 lo0
2002:e000::/20 ::1 UGRS 0 0 33220 lo0
2002:ff00::/24 ::1 UGRS 0 0 33220 lo0
fe80::/10 ::1 UGRS 0 0 33220 lo0
fe80::%le0/64 link#1 UC 0 0 - le0
fe80::%le1/64 link#2 UC 0 0 - le1
fe80::%lo0/64 fe80::1%lo0 U 0 0 33220 lo0
fe80::%pppoe0/64 fe80::a00:20ff:fe1b:2e09%pppoe0 UC 0 0 - pppoe0
fe80::a00:20ff:fe1b:2e09%pppoe0 ::1 UH 0 0 33220 lo0
fec0::/10 ::1 UGRS 0 0 33220 lo0
ff01::/32 ::1 U 0 0 33220 lo0
ff02::%le0/32 link#1 UC 0 0 - le0
ff02::%le1/32 link#2 UC 0 0 - le1
ff02::%lo0/32 fe80::1%lo0 UC 0 0 33220 lo0
ff02::%pppoe0/32 fe80::a00:20ff:fe1b:2e09%pppoe0 UC 0 0 - pppoe0
bash-2.05b# netstat -i
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Colls
le0 1500 <Link> 08:00:20:1b:2e:09 1005784 0 557457 2 55
le0 1500 fe80:: fe80::a00:20ff:fe 1005784 0 557457 2 55
le1 1500 <Link> 08:00:20:1b:2e:09 543821 0 987010 0 33
le1 1500 fe80:: fe80::a00:20ff:fe 543821 0 987010 0 33
le1 1500 192.168.1 ns 543821 0 987010 0 33
lo0 33220 <Link> 3522 0 3522 0 0
lo0 33220 fe80:: fe80::1 3522 0 3522 0 0
lo0 33220 localhost ::1 3522 0 3522 0 0
lo0 33220 loopback localhost 3522 0 3522 0 0
sl0* 296 <Link> 0 0 0 0 0
sl1* 296 <Link> 0 0 0 0 0
ppp0* 1500 <Link> 0 0 0 0 0
ppp1* 1500 <Link> 0 0 0 0 0
pppoe 1492 <Link> 1005779 0 557469 0 0
pppoe 1492 fe80:: fe80::a00:20ff:fe 1005779 0 557469 0 0
pppoe 1492 68 h-68-165-x-x.ch 1005779 0 557469 0 0
bash-2.05b# netstat -s (I'm only including the section for ip)
ip:
1541806 total packets received
0 bad header checksums
0 with size smaller than minimum
0 with data size < data length
0 with length > max ip packet size
0 with header length < data size
0 with data length < header length
0 with bad options
0 with incorrect version number
0 fragments received
0 fragments dropped (dup or out of space)
0 malformed fragments dropped
0 fragments dropped after timeout
0 packets reassembled ok
32091 packets for this host
0 packets for unknown/unsupported protocol
1507904 packets forwarded (0 packets fast forwarded)
13 packets not forwardable
0 redirects sent
29069 packets sent from this host
8 packets sent with fabricated ip header
0 output packets dropped due to no bufs, etc.
0 output packets discarded due to no route
0 output datagrams fragmented
0 fragments created
26 datagrams that can't be fragmented
0 datagrams with bad address in headerbash-2.05b# ipf -V
ipf: IP Filter: v3.4.29 (344)
Kernel: IP Filter: v3.4.29 Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
bash-2.05b# ipfstat
IPv6 packets: in 0 out 8
input packets: blocked 1796 passed 1540098 nomatch 1 counted 0 short 0
output packets: blocked 0 passed 1537089 nomatch 8 counted 0 short 0
input packets logged: blocked 661 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0
fragment state(out): kept 0 lost 0
packet state(in): kept 1929 lost 38
packet state(out): kept 1912 lost 129
ICMP replies: 0 TCP RSTs sent: 8
Invalid source(in): 0
Result cache hits(in): 461 (out): 39
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 8 failures: 0
TCP cksum fails(in): 0 (out): 0
Packet log flags set: (0)
none
bash-2.05b# ipfstat -io
block out on any from any to any
pass out quick on lo0 from any to any
pass out quick on pppoe0 proto tcp/udp from any to any keep state keep frags
pass out quick on pppoe0 proto icmp from any to any keep state keep frags
pass out quick on le1 proto tcp/udp from any to any keep state keep frags
pass out quick on le1 proto icmp from any to any keep state keep frags
block in on any from any to any
pass in quick on lo0 from any to any
pass in quick on le1 proto tcp/udp from 192.168.1.0/24 to any keep state
pass in quick on le1 proto icmp from 192.168.1.0/24 to any keep state
pass in quick on pppoe0 proto tcp from any to any port = 22 flags S/FSRPAU keep state keep frags
pass in quick on pppoe0 proto tcp from any to any port = 25 keep state keep frags
pass in quick on pppoe0 proto tcp from any to any port = 80 flags S/FSRPAU keep state keep frags
pass in quick on pppoe0 proto icmp from any to any icmp-type echo
pass in quick on pppoe0 proto icmp from any to any icmp-type echorep code 0
pass in quick on pppoe0 proto icmp from any to any icmp-type unreach code 4
pass in quick on pppoe0 proto icmp from any to any icmp-type timex code 0
block return-rst in quick on pppoe0 proto tcp from any to any port = 113 flags S/FSRPAU
block in log quick on pppoe0 from any to any
bash-2.05b# ipnat -slv
mapped in 977043 out 530884
added 1084 expired 926
no memory 0 bad nat 0
inuse 7
rules 8
wilds 0
table 0xeffffa20 list 0xf0681800
List of active MAP/Redirect filters:
map pppoe0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 30000:60000 mssclamp 1440
map pppoe0 192.168.1.0/24 -> 0.0.0.0/32 mssclamp 1440
rdr pppoe0 0.0.0.0/0 port 80 -> 192.168.1.13 port 80 tcp
rdr pppoe0 0.0.0.0/0 port 81 -> 192.168.1.16 port 80 tcp
rdr pppoe0 0.0.0.0/0 port 25 -> 192.168.1.13 port 25 tcp
rdr pppoe0 0.0.0.0/0 port 10022 -> 192.168.1.13 port 22 tcp
List of active sessions:
RDR 192.168.1.13 25 <- -> 68.165.x.x 25 [198.108.1.26 33927]
age 863953 use 0 sumd 0x4fcd/0x4fcd pr 6 bkt 108/58 flags 1 drop 0/0
ifp pppoe0 bytes 2053 pkts 13
RDR 192.168.1.13 25 <- -> 68.165.x.x 25 [198.108.1.26 61526]
age 863528 use 0 sumd 0x4fcd/0x4fcd pr 6 bkt 21/98 flags 1 drop 0/0
ifp pppoe0 bytes 936 pkts 13
MAP 192.168.1.16 49152 <- -> 68.165.x.x 30009 [64.105.179.138 53]
age 574 use 0 sumd 0x6568/0x6568 pr 17 bkt 9/6 flags 2 drop 0/0
ifp pppoe0 bytes 313 pkts 2
RDR 192.168.1.13 25 <- -> 68.165.x.x 25 [207.200.6.75 55791]
age 456 use 0 sumd 0x4fcd/0x4fcd pr 6 bkt 101/51 flags 1 drop 0/0
ifp pppoe0 bytes 1029 pkts 16
RDR 192.168.1.13 25 <- -> 68.165.x.x 25 [150.203.224.11 44411]
age 259 use 0 sumd 0x4fcd/0x4fcd pr 6 bkt 95/61 flags 1 drop 0/0
ifp pppoe0 bytes 1040 pkts 17
RDR 192.168.1.13 22 <- -> 68.165.x.x 10022 [68.249.136.117 25761]
age 860950 use 0 sumd 0x28bd/0x28bd pr 6 bkt 88/21 flags 1 drop 0/0
ifp pppoe0 bytes 261752 pkts 2037
MAP 192.168.1.13 22 <- -> 68.165.x.x 30001 [68.249.136.117 28716]
age 691280 use 0 sumd 0x2623/0x2623 pr 6 bkt 122/54 flags 1 drop 0/0
ifp pppoe0 bytes 574 pkts 14List of active host mappings: 192.168.1.13 -> 0.0.0.0 (use = 1 hv = 64) 192.168.1.16 -> 0.0.0.0 (use = 1 hv = 67)
Wow, that was a lot of information :) Incidentally, I've encountered the same problems running Solaris 9 and IPFilter on the same machine, but I have had no similar problems running OpenBSD 3.4 on the same machine. Thanks in advance for any insight anyone can provide - Mike
