Mark, > > My onboard pf firewall is only showing occasional blocked ICMP > (type 3, code 1). > > This is certainly one of the first things to fix. > ICMP is not there just for fun and to be an 'ancilliary protocol', > but has its function and purpose. > > ICMP type 3 must not be blocked by a firewall! > Otherwise MSS negotiation does not work, which will cause > seemingly unexplicable (some but not all) non-deliverable messages, > and timeouts occur without client being able to report the reason > for a failure. > > Type 4 can be useful, and type 11 makes outgoing traceroute work. > Ping (0,8) can be useful. > > Other icmp types may be blocked, and some of them must be blocked > (like redirects from outside).
Are talking about outbound or inbound ICMP? I allow all outbound traffic to exit unmolested. My f/w is blocking *occasional* inbound ICMP type 3 code 1. Meanwhile, disconnections are occurring like this: Jun 1 11:18:36 host postfix/smtpd[19076]: disconnect from unknown[59.5.222.236] Jun 1 11:19:20 host postfix/smtpd[364]: disconnect from unknown[61.178.41.11] Jun 1 11:19:29 host postfix/smtpd[25378]: disconnect from ppp-58.10.204.113.revip2.asianet.co.th[58.10.204.113] Jun 1 11:19:44 host postfix/smtpd[22902]: disconnect from unknown[218.236.89.163] Jun 1 11:19:44 host postfix/smtpd[22902]: disconnect from tomts29.bellnexxia.net[209.226.175.103] Jun 1 11:19:45 host postfix/smtpd[22902]: disconnect from unknown[63.240.26.107] Jun 1 11:19:45 host postfix/smtpd[22902]: disconnect from gas45-1-82-229-108-119.fbx.proxad.net[82.229.108.119] Jun 1 11:19:45 host postfix/smtpd[22902]: disconnect from cmn1lsm3.beliefnet.com[129.33.230.137] Jun 1 11:19:45 host postfix/smtpd[22902]: disconnect from tomts29.bellnexxia.net[209.226.175.103] Jun 1 11:21:07 host postfix/smtpd[27705]: disconnect from unknown[220.77.242.115] Jun 1 11:21:08 host postfix/smtpd[27705]: disconnect from unknown[61.138.121.106] Jun 1 11:23:36 host postfix/smtpd[19076]: disconnect from unknown[124.90.101.118] Jun 1 11:24:21 host postfix/smtpd[364]: disconnect from unknown[211.138.246.3] Jun 1 11:24:21 host postfix/smtpd[364]: disconnect from tomts23.bellnexxia.net[209.226.175.185] Jun 1 11:24:29 host postfix/smtpd[25378]: disconnect from unknown[222.160.48.133] Jun 1 11:24:45 host postfix/smtpd[22902]: disconnect from 125-228-43-212.dynamic.hinet.net[125.228.43.212] Jun 1 11:26:08 host postfix/smtpd[27705]: disconnect from unknown[60.8.1.238] Jun 1 11:28:36 host postfix/smtpd[19076]: disconnect from unknown[59.52.6.225] Jun 1 11:29:29 host postfix/smtpd[25378]: disconnect from unknown[60.26.47.107] Jun 1 11:29:45 host postfix/smtpd[22902]: disconnect from 220-133-132-3.HINET-IP.hinet.net[220.133.132.3] Jun 1 11:29:45 host postfix/smtpd[22902]: disconnect from tomts35-srv.bellnexxia.net[209.226.175.109] Jun 1 11:30:21 host postfix/smtpd[364]: disconnect from unknown[200.104.18.47] Jun 1 11:30:21 host postfix/smtpd[364]: disconnect from tomts24.bellnexxia.net[209.226.175.187] Jun 1 11:30:21 host postfix/smtpd[364]: disconnect from unknown[220.76.91.153] Jun 1 11:31:08 host postfix/smtpd[27705]: disconnect from 125-231-56-181.dynamic.hinet.net[125.231.56.181] Jun 1 11:33:36 host postfix/smtpd[19076]: disconnect from unknown[202.88.214.123] Jun 1 11:33:36 host postfix/smtpd[19076]: disconnect from mail.gwl.ca[64.42.217.68] Gary said I'm missing something primordial in my postfix config file. How can it be that my system was working before? I am using SQL lookups if that can help diagnose the problem. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
