Re: Sendmail timeouts

Wed, 16 Apr 2008 07:20:26 -0700 

> Message: 1
> Date: Mon, 14 Apr 2008 23:48:40 -0500
> From: Chris Bennett <[EMAIL PROTECTED]>
> Subject: Re: Sendmail timeouts
> To: [email protected]
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=us-ascii; format=flowed
> 
> Well I finally found an obscure reference to these timeouts happening 
> due to firewalls.
> So I disabled pf and voila!
> No more problems
> 
> Now what I need to know is what to do with my pf.conf to be able to 
> reactivate it:
> 
> pf.conf:
> ext_if="fxp0"
> #int_if="int0"
> NoRouteIPs = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
> 10.0.0.0/8 }"
> #table <spamd> persist
> #table <spamd-white> persist
> 
> #my additions --Chris
> table <badhosts> persist file "/etc/badhosts"
> table <bruteforce> persist file "/etc/bruteforce"
> 
> 
> set skip on lo
> 
> #scrub in
> scrub in on $ext_if all
> 
> #nat-anchor "ftp-proxy/*"
> #rdr-anchor "ftp-proxy/*"
> #nat on $ext_if from !($ext_if) -> ($ext_if:0)
> #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
> #rdr pass on $ext_if proto tcp from <spamd> to port smtp \
> # -> 127.0.0.1 port spamd
> #rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
> # -> 127.0.0.1 port spamd
> 
> #anchor "ftp-proxy/*"
> #block in
> #pass out keep state
> antispoof quick log for $ext_if inet
> #pass quick on $int_if
> #antispoof quick for { lo $int_if }
> 
> pass inet proto tcp from any to egress port 22123 flags S/SA synproxy 
> state (max-src-conn 10, max-src-conn-rate 15/5, overload <bruteforce> 
> flush global)
> pass in on $ext_if proto tcp to ($ext_if) port ssh synproxy state
> pass in log on $ext_if proto tcp to ($ext_if) port smtp synproxy state
> pass out log on $ext_if proto tcp from ($ext_if) to port smtp synproxy state
> block on fxp0 from { <badhosts> <bruteforce> } to any
> block in log quick inet6 all
> # block smb, nfs, mysql, rndc? from the mean world
> block in quick on $ext_if proto tcp from any to any port {137, 138, 139, 
> 901}
> block in quick on $ext_if proto tcp from any to any port {2049, 111}
> block in log quick on $ext_if proto tcp from any to any port 3306
> block in quick on $ext_if proto tcp from any to any port 953
> block in quick on $ext_if from $NoRouteIPs to any
> block out quick on $ext_if from any to $NoRouteIPs
> 
> Which entry is causing me these problems with sendmail?
>
Did you try set Timeout.ident=0 in sendmail config?
Probably you have a problem with ident packets (port 113).

-- 
Kamil Monticolo <[EMAIL PROTECTED]>
Koordynator IT d/s Infrastruktury
_______________________________________________
Openbsd-newbies mailing list
[email protected]
http://mailman.theapt.org/listinfo/openbsd-newbies

Reply via email to