Robert Sargent
2015-Aug-27 17:55 UTC
sendmail server sending milter data after latest FreeBSD upgrade
Hi, After rebuilding my systems after the latest openssl/iret handler I noticed some incoming email sessions were failing. The failures were primarily from hotmail.com, outlook.com, google.com and me.com. The SMTP server [sendmail v 8.15.2] logs contained lines like this: Aug 27 14:41:22 tusk sm-mta[18366]: t7REfKQd018366: col004-omc4s12.hotmail.com [65.55.34.214] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 I captured some packets with tcpdump and read them with wireshark. The failed session packets' contents indicated after the SYN, SYN, ACK 3-way handshake I would send out Response: milter_negotiate(milter-regex): send: version 6, fflags 0x1ff, pflags 0x1fffff\n I then rec'd an ACK from the client and then I would send out more milter data like: Response: milter_negotiate(milter-regex): received: version 6, fflags 0x20, pflags 0x300\n Response: milter_negotiate(opendkim): send: version 6, fflags 0x1ff, pflags 0x1fffff\n Response: milter_negotiate(opendkim): received: version 6, fflags 0x111, pflags 0x100702\n Response: milter_negotiate(smf-spf): send: version 6, fflags 0x1ff, pflags 0x1fffff\n Response: milter_negotiate(smf-spf): received: version 6, fflags 0x1d, pflags 0x350\n Response: milter_negotiate(greylist): send: version 6, fflags 0x1ff, pflags 0x1fffff\n Response: milter_negotiate(greylist): received: version 6, fflags 0x13, pflags 0x100\n Response: milter_negotiate(clmilter): send: version 6, fflags 0x1ff, pflags 0x1fffff\n Response: milter_negotiate(clmilter): received: version 6, fflags 0x31, pflags 0x342\n The client would then ACK and I would send out my normal SMTP greeting: Response: 220 tusk.sgt.com ESMTP Sendmail 8.15.2/8.14.9; Thu, 27 Aug 2015 12:24:38 GMT\r\n Then the client would send a FIN ------------------- Needless to say I was concerned and tried restarting sendmail and associated milters, no change, I kept sending out milter data to the client. I tried reinstalling sendmail from both pkgs and ports, no change. I finally rebooted the system and the problem "went away". There was no problem with incoming hotmail, google, apple emails prior to this latest OS upgrade. uname -a: FreeBSD tusk.sgt.com 9.3-RELEASE-p24 FreeBSD 9.3-RELEASE-p24 #10 r287147: Tue Aug 25 23:19:33 UTC 2015 root at tusk.sgt.com:/usr/obj/usr/src/sys/SGT93AMD64ZFS amd64 Is this a known problem? Any ideas WTF is [was] going on? Any suggestions on what to do next time it happens [short of rebooting]? Please do not publicly release any of my site/domain specific data. tcpdumpfile attached. Thanks, Rob -------------- next part -------------- A non-text attachment was scrubbed... Name: tcpdumpfile Type: application/octet-stream Size: 3512 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150827/54887d10/attachment.obj> -------------- next part --------------