[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: your mail
On Wed, Jul 28, 2004 at 12:44:34PM -0700, [email protected] wrote:
> I have a mail server behind a obsd 3.5 firewall and I am having timeout errors
> when I try and send an email with a large (5MB or greater) attachment.
i would have the knee-jerk reaction that this is not due to pf.
> So the actual scenario is a user using Outlook,
> after about 3 minutes, the user gets an error saying that the
> connection to the server was terminated.
afair, msimn and outlook both have a 3m timeout by default. i cannot
say i remember for certain if it has to do with only sending or only
receiving or both. it is a slider on the advanced tab of the account
settings for the servers in question ( on the msimn/outlook ). it may
be worth your time to set it to "Long" ( iirc, 5m ) to eliminate that
variable from the equation ( or at least see if now the timeout is 5m.... )
if the user is virus-scanning outgoing messages via program on their
machine, turn that off, and to be safe, utterly exit / endtask the
if testing the scenario with pf removed from the equation ( eg: a pf.conf
with as minimal hands-off ruleset as possible: "pass all" and whatever
natting you _need_ to do ) is not possible in your scenario, test
a different mailing client on the user's PC.
i would hope that their mail client would only generate a timeout if
and only if they heard nothing back from the other end of the xfer
( the smtp/pop3/imap server ). so unless you were, in pf, somehow
blocking a certain reply from the server ( unlikely ), it is probably
somewhere else to look for the source of problems.
msimn/outlook have abilities to turn on logging. this may be of some
small value to you here too.
i've got $1 who says it's not pf.
> Here is (what I believe) are the pertinent rules:
i may suggest that if you are not _CERTAIN_ what the pertinent rules
are, to post at least the entire pf.conf - if for no other reason
as so show respect to people whom you are asking to help. openbsd
list readers have rightful grounds to be !polite if people do not
provide to them the thorough scenario.
> Any suggestions on what I might try and/or how to debug would be great!
other than what i say above, get rid of 'flags S/SA'. if there is
some proxying antivirus program on the user's PC, who can say for certain
that between the antivirus and the outlook, one might send and F before
the other thinks something is done? windows antivirus programs are,
each one of them, prone to not working _right now_, *regardless* of
"it was working fine yesterday".
[ openbsd 3.5 GENERIC ( jun 7 ) // i386 ]