Sendmail timeouts

Kamil Monticolo kmonticolo at siodemka.com
Wed Apr 16 00:39:02 PDT 2008 

> Message: 1
> Date: Mon, 14 Apr 2008 23:48:40 -0500
> From: Chris Bennett <chris at bennettconstruction.biz>
> Subject: Re: Sendmail timeouts
> To: openbsd-newbies at sfobug.org
> Message-ID: <480433A8.8070809 at bennettconstruction.biz>
> Content-Type: text/plain; charset=us-ascii; format=flowed
> 
> Well I finally found an obscure reference to these timeouts happening 
> due to firewalls.
> So I disabled pf and voila!
> No more problems
> 
> Now what I need to know is what to do with my pf.conf to be able to 
> reactivate it:
> 
> pf.conf:
> ext_if="fxp0"
> #int_if="int0"
> NoRouteIPs = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
> 10.0.0.0/8 }"
> #table <spamd> persist
> #table <spamd-white> persist
> 
> #my additions --Chris
> table <badhosts> persist file "/etc/badhosts"
> table <bruteforce> persist file "/etc/bruteforce"
> 
> 
> set skip on lo
> 
> #scrub in
> scrub in on $ext_if all
> 
> #nat-anchor "ftp-proxy/*"
> #rdr-anchor "ftp-proxy/*"
> #nat on $ext_if from !($ext_if) -> ($ext_if:0)
> #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
> #rdr pass on $ext_if proto tcp from <spamd> to port smtp \
> # -> 127.0.0.1 port spamd
> #rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
> # -> 127.0.0.1 port spamd
> 
> #anchor "ftp-proxy/*"
> #block in
> #pass out keep state
> antispoof quick log for $ext_if inet
> #pass quick on $int_if
> #antispoof quick for { lo $int_if }
> 
> pass inet proto tcp from any to egress port 22123 flags S/SA synproxy 
> state (max-src-conn 10, max-src-conn-rate 15/5, overload <bruteforce> 
> flush global)
> pass in on $ext_if proto tcp to ($ext_if) port ssh synproxy state
> pass in log on $ext_if proto tcp to ($ext_if) port smtp synproxy state
> pass out log on $ext_if proto tcp from ($ext_if) to port smtp synproxy state
> block on fxp0 from { <badhosts> <bruteforce> } to any
> block in log quick inet6 all
> # block smb, nfs, mysql, rndc? from the mean world
> block in quick on $ext_if proto tcp from any to any port {137, 138, 139, 
> 901}
> block in quick on $ext_if proto tcp from any to any port {2049, 111}
> block in log quick on $ext_if proto tcp from any to any port 3306
> block in quick on $ext_if proto tcp from any to any port 953
> block in quick on $ext_if from $NoRouteIPs to any
> block out quick on $ext_if from any to $NoRouteIPs
> 
> Which entry is causing me these problems with sendmail?
>
Did you try set Timeout.ident=0 in sendmail config?
Probably you have a problem with ident packets (port 113).

-- 
Kamil Monticolo <kmonticolo at siodemka.com>
Koordynator IT d/s Infrastruktury

More information about the Openbsd-newbies mailing list