Two things I've run into with this coming from 9.2-STABLE....
1. I am getting errors coming from mail transmissions to certain MX relays
-- and only those relays. One of them is (ironically) mx1.freebsd.org,
which precludes emailing the list from my primary email address! The error
logs in the maillog file show:
Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS=client, relay=mx1.freebsd.org.,
version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384,
bits=256/256
Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS: write error=syscall error
(-1), errno=13, get_error=error:00000000:lib(0):func(0):reason(0),
retry=99, ssl_err=5
Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): putbody:
write error: Permission denied
Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): timeout
writing message to mx1.freebsd.org.: Permission denied
Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: to=<
freebsd-fs at freebsd.org>, ctladdr=<karl at denninger.net>
(1001/1001),
delay=16:33:50, xdelay=00:00:05, mailer=esmtp, pri=4186247,
relaymx1.freebsd.org. [8.8.178.115], dsn=4.0.0, stat=Deferred
Permission denied -- on a socket? As root? What am I missing here?
(Shutting off TLS does not resolve this.) However, this is not universal;
it only impacts *some* emails....
Mar 11 08:20:37 NewFS sm-mta[5433]: s2BDKbF4005433: from=<
ticker at fs.denninger.net>, size=962, class=0, nrcpts=1, msgid=<
201403111320.s2BDKTF3005412 at fs.denninger.net>, proto=ESMTP, daemon=IPv4,
relay=localhost [127.0.0.1]
Mar 11 08:20:37 NewFS sendmail[5412]: s2BDKTF3005412: to=xxxxxxxx at yahoo.com,
ctladdr=ticker (20098/20098), delay=00:00:08, xdelay=00:00:05,
mailer=relay, pri=3
0494, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Message accepted)
Mar 11 08:20:37 NewFS sm-mta[5461]: STARTTLS=client,
relaymta5.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256
Mar 11 08:20:39 NewFS sm-mta[5461]: s2BDKbF4005433: to=<xxxxxxx at
yahoo.com>,
ctladdr=<ticker at fs.denninger.net> (20098/20098), delay=00:00:02,
xdelay=00:00:02,
mailer=esmtp, pri=30962, relay=mta5.am0.yahoodns.net. [66.196.118.35],
dsn=2.0.0, stat=Sent (ok dirdel)
That one went through successfully....
This is new; I didn't have any trouble on 9.2-STABLE at all. Ideas?
The other issue is that I am running into bizarre wired memory behavior. I
have ZFS on the box and it was wiring down ~20GB, driving the system into
paging. I dropped arc_max to 16GB as a hard limit, it's currently showing
15GB, but...
20531152 wire
zfs-stats -A shows:
------------------------------------------------------------------------
ZFS Subsystem Report Tue Mar 11 08:27:55 2014
------------------------------------------------------------------------
ARC Summary: (HEALTHY)
Memory Throttle Count: 0
ARC Misc:
Deleted: 4.22m
Recycle Misses: 57.10k
Mutex Misses: 320
Evict Skips: 2.35m
ARC Size: 95.96% 15.35 GiB
Target Size: (Adaptive) 100.00% 16.00 GiB
Min Size (Hard Limit): 12.50% 2.00 GiB
Max Size (High Water): 8:1 16.00 GiB
ARC Size Breakdown:
Recently Used Cache Size: 75.49% 12.08 GiB
Frequently Used Cache Size: 24.51% 3.92 GiB
ARC Hash Breakdown:
Elements Max: 1.59m
Elements Current: 55.53% 883.80k
Collisions: 5.84m
Chain Max: 16
Chains: 261.48k
------------------------------------------------------------------------
Ok, where's the rest coming from? There's nothing in the shared memory
segment list that appears to be related.
Is there a memory leak in here somewhere?
Karl Denninger wrote this message on Tue, Mar 11, 2014 at 08:29 -0500:> 1. I am getting errors coming from mail transmissions to certain MX relays > -- and only those relays. One of them is (ironically) mx1.freebsd.org, > which precludes emailing the list from my primary email address! The error > logs in the maillog file show: > > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS=client, relay=mx1.freebsd.org., > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, > bits=256/256 > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS: write error=syscall error > (-1), errno=13, get_error=error:00000000:lib(0):func(0):reason(0), > retry=99, ssl_err=5 > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): putbody: > write error: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): timeout > writing message to mx1.freebsd.org.: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: to=< > freebsd-fs at freebsd.org>, ctladdr=<karl at denninger.net> (1001/1001), > delay=16:33:50, xdelay=00:00:05, mailer=esmtp, pri=4186247, relay> mx1.freebsd.org. [8.8.178.115], dsn=4.0.0, stat=Deferred > > Permission denied -- on a socket? As root? What am I missing here? > > (Shutting off TLS does not resolve this.) However, this is not universal; > it only impacts *some* emails.... > > > Mar 11 08:20:37 NewFS sm-mta[5433]: s2BDKbF4005433: from=< > ticker at fs.denninger.net>, size=962, class=0, nrcpts=1, msgid=< > 201403111320.s2BDKTF3005412 at fs.denninger.net>, proto=ESMTP, daemon=IPv4, > relay=localhost [127.0.0.1] > Mar 11 08:20:37 NewFS sendmail[5412]: s2BDKTF3005412: to=xxxxxxxx at yahoo.com, > ctladdr=ticker (20098/20098), delay=00:00:08, xdelay=00:00:05, > mailer=relay, pri=3 > 0494, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Message accepted) > Mar 11 08:20:37 NewFS sm-mta[5461]: STARTTLS=client, relay> mta5.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, > cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256 > Mar 11 08:20:39 NewFS sm-mta[5461]: s2BDKbF4005433: to=<xxxxxxx at yahoo.com>, > ctladdr=<ticker at fs.denninger.net> (20098/20098), delay=00:00:02, > xdelay=00:00:02, > mailer=esmtp, pri=30962, relay=mta5.am0.yahoodns.net. [66.196.118.35], > dsn=2.0.0, stat=Sent (ok dirdel) > > That one went through successfully.... > > This is new; I didn't have any trouble on 9.2-STABLE at all. Ideas?This is usually due to a firewall not allowing some packets out... Make sure that your firewall is properly configured, and disable it for testing to see if the errors go away... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
On Mar 11, 2014, at 7:29 AM, Karl Denninger <tickerguydenninger at gmail.com> wrote:> Two things I've run into with this coming from 9.2-STABLE.... > > 1. I am getting errors coming from mail transmissions to certain MX relays > -- and only those relays. One of them is (ironically) mx1.freebsd.org, > which precludes emailing the list from my primary email address! The error > logs in the maillog file show: > > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS=client, relay=mx1.freebsd.org., > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, > bits=256/256 > Mar 11 08:17:46 NewFS sm-mta[3605]: STARTTLS: write error=syscall error > (-1), errno=13, get_error=error:00000000:lib(0):func(0):reason(0), > retry=99, ssl_err=5 > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): putbody: > write error: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: SYSERR(root): timeout > writing message to mx1.freebsd.org.: Permission denied > Mar 11 08:17:46 NewFS sm-mta[3605]: s2AKht3B064414: to=< > freebsd-fs at freebsd.org>, ctladdr=<karl at denninger.net> (1001/1001), > delay=16:33:50, xdelay=00:00:05, mailer=esmtp, pri=4186247, relay> mx1.freebsd.org. [8.8.178.115], dsn=4.0.0, stat=Deferred > > Permission denied -- on a socket? As root? What am I missing here? > > (Shutting off TLS does not resolve this.) However, this is not universal; > it only impacts *some* emails.... > > > Mar 11 08:20:37 NewFS sm-mta[5433]: s2BDKbF4005433: from=< > ticker at fs.denninger.net>, size=962, class=0, nrcpts=1, msgid=< > 201403111320.s2BDKTF3005412 at fs.denninger.net>, proto=ESMTP, daemon=IPv4, > relay=localhost [127.0.0.1] > Mar 11 08:20:37 NewFS sendmail[5412]: s2BDKTF3005412: to=xxxxxxxx at yahoo.com, > ctladdr=ticker (20098/20098), delay=00:00:08, xdelay=00:00:05, > mailer=relay, pri=3 > 0494, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Message accepted) > Mar 11 08:20:37 NewFS sm-mta[5461]: STARTTLS=client, relay> mta5.am0.yahoodns.net., version=TLSv1/SSLv3, verify=FAIL, > cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256 > Mar 11 08:20:39 NewFS sm-mta[5461]: s2BDKbF4005433: to=<xxxxxxx at yahoo.com>, > ctladdr=<ticker at fs.denninger.net> (20098/20098), delay=00:00:02, > xdelay=00:00:02, > mailer=esmtp, pri=30962, relay=mta5.am0.yahoodns.net. [66.196.118.35], > dsn=2.0.0, stat=Sent (ok dirdel) > > That one went through successfully.... > > This is new; I didn't have any trouble on 9.2-STABLE at all. Ideas?Are you by any chance using both TSO and NAT on an interface[1]? I saw problems with larger transmissions and odd "permission denied" errors on a machine in that situation. Not sure what changed in 10 vs 9 to expose the issue but it wouldn't be the first I've heard of it[2]. Try "ifconfig yournatinterface -tso" if so and see if the problem goes away (obviously replace "yournatinterface" with the actual interface name). If it does, add "-tso" to the appropriate ifconfig entry in /etc/rc.conf. JN [1] See also the related BUGS entry in ipfw(8): http://www.freebsd.org/cgi/man.cgi?query=ipfw&sektion=8#end [2] http://lists.freebsd.org/pipermail/freebsd-ipfw/2014-February/005560.html