I had a similar issue with sendmail/ipf on solaris 10 using the ipf that ships
with solaris. Any SBC destination (relay) would time out on the connection
very quickly. I upgraded to the FOSS version of ipf and the issues went away.
- Ken
On Fri, January 18, 2008 09:57, Gabriele Bulfon wrote:
> Hello, It's some time that I'm having problems of timeouts on Postfix only
> with specific destinations, on Solaris 10 boxes running ipfilter. After
> investigating a lot, I found that if I completely stop the ipfilter service
> (or just feed it with an empty configuration file), the Postifx queue runs
> smoothly and sends those mails defferred for timeouts. The machine running
> postfix has a public IP on his outgoing ethernet, with a general outgoing
> rule like: pass out quick on e1000g0 from {public-ip}/32 to any keep state and
> some incoming rules like: pass in quick on e1000g0 proto tcp from any to
> {public-ip}/32 port = 22 keep state
> pass in quick on e1000g0 proto tcp from any to {public-ip}
> /32 port = 25 keep state
> pass in quick on e1000g0 proto tcp from any to {public-ip}
> /32 port = 53 keep state
> pass in quick on e1000g0 proto tcp from any to {public-ip}
> /32 port = 80 keep state
> everything else is blocked (there are obviously much more rules to secure the
> machine). These configurations worked fine for many years, and it started to
> have some timout problems only with some destination MTA (e.g.
> mail.register.it). What may be confusing the transmission?
> Timeouts usually occurs during mail body transfer (DATA chunk), or at the end
> of this. Thanx a lot for any help.
> Gabriele.
> Gabriele Bulfon - Sonicle S.r.l.
> Tel +39 028246016 Int. 30 - Fax +39 028243880
> Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY
> http://www.sonicle.com
>
>
--
Ken Jones
