Hello all,
I have a mail server behind a obsd 3.5 firewall and I am having timeout errors
when I try and send an email with a large (5MB or greater) attachment. All
other emails succeed. So the actual scenario is a user using Outlook, with
201.43.98.72 as their source address and 201.43.98.73 as their default smtp
server, tries to send an email with a 50 MB file as an attachment. The result
is that after about 3 minutes, the user gets an error saying that the
connection to the server was terminated.
#/etc/hostname.xl0
inet 201.43.98.69 255.255.255.0 NONE media 100baseTX mediaopt full-duplex
# /etc/hostname.carp0
up vhid 1 advskew 0 pass abc 201.43.98.73
Here is (what I believe) are the pertinent rules:
scrub in on $ext_if all fragment reassemble
nat on $ext_if from $int_if:network to any -> $ext_if
binat on $ext_if from 192.168.200.11 to any -> 201.43.98.73
binat on $ext_if from 192.168.200.12 to any -> 201.43.98.74
block drop log all #default deny policy
block return-rst in log quick on $ext_if proto tcp from any to any port 113
# Allow mail servers to connect out
pass in log quick on $int_if inet proto tcp from {
192.168.200.11/32,192.168.200.12/32 } to any port 25 tag MAIL_OUT keep state
pass out log quick on $ext_if tagged MAIL_OUT keep state
# Allow connection to the mail server
pass in log quick on $ext_if inet proto tcp from any to { 192.168.200.11,
192.168.200.12 } port { 25 110 443 993 995 } flags S/SA tag MAIL_IN keep state
pass out log quick on $int_if tagged MAIL_IN keep state
Any suggestions on what I might try and/or how to debug would be great!
Thanks!
-Justin
