Re: Google 7720 Error [thread resumed due to useful data]
On 5/16/2011 7:10 PM, Sahil Tandon wrote: > Jason, > > I am glad your problem was solved. Also, I hope this thread taught you > a valuable lesson: instead of spreading misinformation and questioning > the 'quality' of free advice, you could focus your efforts on the very > basics of system administration. You may also benefit from a review of > the following document: > > http://www.catb.org/~esr/faqs/smart-questions.html Jason, take note that Sahil is a FreeBSD dev and uses Postfix, not Sendmail. In fact, Sahil is the Postfix maintainer for the FreeBSD project, IIRC, among other things. Also note that Wietse's preferred/primary Postfix development and testing platform is FreeBSD, IIRC. Thus, you won't see/hear all FreeBSD people saying "use Sendmail", maybe not even a majority. -- Stan
Re: Google 7720 Error [thread resumed due to useful data]
Jason, I am glad your problem was solved. Also, I hope this thread taught you a valuable lesson: instead of spreading misinformation and questioning the 'quality' of free advice, you could focus your efforts on the very basics of system administration. You may also benefit from a review of the following document: http://www.catb.org/~esr/faqs/smart-questions.html -- Sahil Tandon
Re: Google 7720 Error [thread resumed due to useful data]
On May 16, 2011, at 5:42 PM, Stan Hoeppner wrote: > On 5/16/2011 10:38 AM, jason hirsh wrote: > >> I have a lot more to learn > > Nah, you've just spent too much time under water breathing through a > tube. Eats away at the brain ya know. You demonstrated this when you > contemplated switching to Sendmail to solve this problem. > > ;) > Hey I use tanks when I am underwater.. brain eating was from aliens . the idea on sendmail came from freebsd folks new hard drive start with minimal config and see what happened as I changed software > -- > Stan
Re: Google 7720 Error [thread resumed due to useful data]
On 5/16/2011 10:38 AM, jason hirsh wrote: > I have a lot more to learn Nah, you've just spent too much time under water breathing through a tube. Eats away at the brain ya know. You demonstrated this when you contemplated switching to Sendmail to solve this problem. ;) -- Stan
Re: Google 7720 Error [thread resumed due to useful data]
On 5/16/2011 9:47 AM, /dev/rob0 wrote: >>> If the netmask is mis-configured (say, 0xff00) then that explains >>> why we see no responses to connection attempts from 209.85.210.182 >>> (and other 209.* IP addresses). > > Wietse's amazing crystal ball strikes again! :) Well, ya know, one just might expect the author of *TCP* Wrappers (emphasis mine) and co-author of Coroner's Toolkit to know just a little bit about TCP/IP. ;) I think many people tend to forget Wietse's work outside of Postfix, and his breadth of knowledge of UNIX/networking, and computer science in general. I'd hazard a guess that there's much more to Dr. Venema than Postfix, more than... queue the Transformers jingle. -- Stan
Re: Google 7720 Error [thread resumed due to useful data]
Am 16.05.2011 18:22, schrieb Jerry: > On Mon, 16 May 2011 11:14:03 -0400 > jason hirsh articulated: > >> I was unable to get this quality of advice from the Freebsd forum > > Not surprising. The FreeBSD group is more concerned with bumping version > numbers and blaming Microsoft and hardware manufacturers for their > problems than in actually doing something constructive to correct them on the other hand they do not expect a total wrong subnet on a server becuase one of a million does xxx.255.255.255 and this is not os-specific signature.asc Description: OpenPGP digital signature
Re: Google 7720 Error [thread resumed due to useful data]
On Mon, 16 May 2011 11:14:03 -0400 jason hirsh articulated: > I was unable to get this quality of advice from the Freebsd forum Not surprising. The FreeBSD group is more concerned with bumping version numbers and blaming Microsoft and hardware manufacturers for their problems than in actually doing something constructive to correct them. -- Jerry ✌ postfix-u...@seibercom.net _ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Re: Google 7720 Error [thread resumed due to useful data]
On May 16, 2011, at 11:27 AM, Wietse Venema wrote: > Wietse Venema: >> jason hirsh: >> What is the output of >> >> ifconfig -a | grep 209.160 > > inet 209.160.65.133 netmask 0xf800 broadcast 209.160.71.255 > > (this is the IP handling mail services) > > inet 209.160.68.112 netmask 0xff00 broadcast 209.255.255.255 >> >> If the netmask is mis-configured (say, 0xff00) then that explains >> why we see no responses to connection attempts from 209.85.210.182 >> (and other 209.* IP addresses). Wietse's amazing crystal ball strikes again! :) >> >> FYI the correct FreeBSD rc.conf setting would be: >> >> (assuming your interface is em0) >> ifconfig_em0="inet 209.160.65.133 netmask 0xf800" >> ifconfig_em0_alias0="inet 209.160.68.112 netmask 0x" >> >> And to fix by hand: >> >> (assuming your interface is em0) >> # ifconfig em0 inet 209.160.68.112 netmask 0x > > That is, assuming the two addresses were on the same network > interface. If they're on different interfaces then specify > the same 0xf800 netmask for both. Wietse They were and thank your for the information.. saved me MUCH research as I am use to 255. format I was able to get at least one of the trouble addresses to mail me again and it worked. thanks for the help, patience and understand.. I have a lot more to learn jason >
Re: Google 7720 Error [thread resumed due to useful data]
Wietse Venema: > jason hirsh: > > >>> What is the output of > > >>> > > >>> ifconfig -a | grep 209.160 > > >> > > >> inet 209.160.65.133 netmask 0xf800 broadcast 209.160.71.255 > > >> > > >> (this is the IP handling mail services) > > >> > > >> inet 209.160.68.112 netmask 0xff00 broadcast 209.255.255.255 > > >>> > > >>> If the netmask is mis-configured (say, 0xff00) then that explains > > >>> why we see no responses to connection attempts from 209.85.210.182 > > >>> (and other 209.* IP addresses). > > > > > > Wietse's amazing crystal ball strikes again! :) > > FYI the correct FreeBSD rc.conf setting would be: > > (assuming your interface is em0) > ifconfig_em0="inet 209.160.65.133 netmask 0xf800" > ifconfig_em0_alias0="inet 209.160.68.112 netmask 0x" > > And to fix by hand: > > (assuming your interface is em0) > # ifconfig em0 inet 209.160.68.112 netmask 0x That is, assuming the two addresses were on the same network interface. If they're on different interfaces then specify the same 0xf800 netmask for both. Wietse
Re: Google 7720 Error [thread resumed due to useful data]
jason hirsh: > >>> What is the output of > >>> > >>> ifconfig -a | grep 209.160 > >> > >> inet 209.160.65.133 netmask 0xf800 broadcast 209.160.71.255 > >> > >> (this is the IP handling mail services) > >> > >> inet 209.160.68.112 netmask 0xff00 broadcast 209.255.255.255 > >>> > >>> If the netmask is mis-configured (say, 0xff00) then that explains > >>> why we see no responses to connection attempts from 209.85.210.182 > >>> (and other 209.* IP addresses). > > > > Wietse's amazing crystal ball strikes again! :) FYI the correct FreeBSD rc.conf setting would be: (assuming your interface is em0) ifconfig_em0="inet 209.160.65.133 netmask 0xf800" ifconfig_em0_alias0="inet 209.160.68.112 netmask 0x" And to fix by hand: (assuming your interface is em0) # ifconfig em0 inet 209.160.68.112 netmask 0x Wietse
Re: Google 7720 Error [thread resumed due to useful data]
On May 16, 2011, at 10:48 AM, Wietse Venema wrote: > jason hirsh: >> inet 209.160.68.112 netmask 0xff00 broadcast 209.255.255.255 > > Well that explains everything. With this, your machine believes > that all IP addresses in 209.* are on the local subnet. > >>> If the netmask is mis-configured (say, 0xff00) then that explains >>> why we see no responses to connection attempts from 209.85.210.182 >>> (and other 209.* IP addresses). >>> >>> FYI this means that no-one in 209.* would be able to connect to >>> your web server as well. >> I am more then a little confused in that I have in fact received >> mail from that google server >> >> an example from message header is >> >> "Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com >> [74.125.83.54]) by tuna.theoceanwindow-bv.com (Postfix) with ESMTP >> id 11AB65C23 for ; Sat, 14 May 2011 22:37:41 >> -0400 (EDT)" >> > > Indeed. Have you noticed that this is 74.125.83.54? staring at screen too long > > You will never receive a connection from 209.* until you fix > that IP netmask from 0xff00. I am correcting.. thank you I was unable to get this quality of advice from the Freebsd forum I rechecked my mindspring bounce and found it was also a 209. IP > > Wietse
Re: Google 7720 Error [thread resumed due to useful data]
On May 16, 2011, at 10:47 AM, /dev/rob0 wrote: > On Mon, May 16, 2011 at 10:29:10AM -0400, jason hirsh wrote: >> On May 16, 2011, at 9:51 AM, Wietse Venema wrote: >>> jason hirsh: 08:40:31.036997 IP mail-iy0-f182.google.com.51101 > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, options [mss 1430,sackOK,TS val 2972295960 ecr 0,nop,wscale 6], length 0 >>> >>> So, you are receiving connection attempts from a Google system >>> mail-iy0-f182.google.com. This has IP address 209.85.210.182. >>> >>> I also notice that tuna.theoceanwindow-bv.com has an IP address >>> of 209.160.65.133. >>> >>> What is the output of >>> >>> ifconfig -a | grep 209.160 >> >> inet 209.160.65.133 netmask 0xf800 broadcast 209.160.71.255 >> >> (this is the IP handling mail services) >> >> inet 209.160.68.112 netmask 0xff00 broadcast 209.255.255.255 >> >> >>> >>> If the netmask is mis-configured (say, 0xff00) then that explains >>> why we see no responses to connection attempts from 209.85.210.182 >>> (and other 209.* IP addresses). > > Wietse's amazing crystal ball strikes again! :) > >>> The reason is that your machine is sending out ARP requests to the >>> local subnet for 209.85.210.182. Of course it gets no response, >>> and therefore it never replies to connection attempts from that IP >>> address. >>> >>> FYI this means that no-one in 209.* would be able to connect to >>> your web server as well. >> >> >> I am more then a little confused in that I have in fact received >> mail from that google server >> >> an example from message header is >> >> "Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com >> [74.125.83.54]) by tuna.theoceanwindow-bv.com (Postfix) with ESMTP > > mail-iy0-f182.google.com[209.85.210.182] is not the same as > mail-gw0-f54.google.com[74.125.83.54] staring at my screen too long > >> id 11AB65C23 for ; Sat, 14 May 2011 22:37:41 >> -0400 (EDT)" > -- >Offlist mail to this address is discarded unless >"/dev/rob0" or "not-spam" is in Subject: header
Re: Google 7720 Error [thread resumed due to useful data]
jason hirsh: > inet 209.160.68.112 netmask 0xff00 broadcast 209.255.255.255 Well that explains everything. With this, your machine believes that all IP addresses in 209.* are on the local subnet. > > If the netmask is mis-configured (say, 0xff00) then that explains > > why we see no responses to connection attempts from 209.85.210.182 > > (and other 209.* IP addresses). > > > > FYI this means that no-one in 209.* would be able to connect to > > your web server as well. > I am more then a little confused in that I have in fact received > mail from that google server > > an example from message header is > > "Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com > [74.125.83.54]) by tuna.theoceanwindow-bv.com (Postfix) with ESMTP > id 11AB65C23 for ; Sat, 14 May 2011 22:37:41 > -0400 (EDT)" > Indeed. Have you noticed that this is 74.125.83.54? You will never receive a connection from 209.* until you fix that IP netmask from 0xff00. Wietse
Re: Google 7720 Error [thread resumed due to useful data]
On Mon, May 16, 2011 at 10:29:10AM -0400, jason hirsh wrote: > On May 16, 2011, at 9:51 AM, Wietse Venema wrote: > > jason hirsh: > >> 08:40:31.036997 IP mail-iy0-f182.google.com.51101 > > >> tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, > >> options [mss 1430,sackOK,TS val 2972295960 ecr 0,nop,wscale 6], length 0 > > > > So, you are receiving connection attempts from a Google system > > mail-iy0-f182.google.com. This has IP address 209.85.210.182. > > > > I also notice that tuna.theoceanwindow-bv.com has an IP address > > of 209.160.65.133. > > > > What is the output of > > > > ifconfig -a | grep 209.160 > > inet 209.160.65.133 netmask 0xf800 broadcast 209.160.71.255 > > (this is the IP handling mail services) > > inet 209.160.68.112 netmask 0xff00 broadcast 209.255.255.255 > > > > > > If the netmask is mis-configured (say, 0xff00) then that explains > > why we see no responses to connection attempts from 209.85.210.182 > > (and other 209.* IP addresses). Wietse's amazing crystal ball strikes again! :) > > The reason is that your machine is sending out ARP requests to the > > local subnet for 209.85.210.182. Of course it gets no response, > > and therefore it never replies to connection attempts from that IP > > address. > > > > FYI this means that no-one in 209.* would be able to connect to > > your web server as well. > > > I am more then a little confused in that I have in fact received > mail from that google server > > an example from message header is > > "Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com > [74.125.83.54]) by tuna.theoceanwindow-bv.com (Postfix) with ESMTP mail-iy0-f182.google.com[209.85.210.182] is not the same as mail-gw0-f54.google.com[74.125.83.54] > id 11AB65C23 for ; Sat, 14 May 2011 22:37:41 > -0400 (EDT)" -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
Re: Google 7720 Error [thread resumed due to useful data]
On May 16, 2011, at 9:51 AM, Wietse Venema wrote: > jason hirsh: >> 08:40:31.036997 IP mail-iy0-f182.google.com.51101 > >> tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, >> options [mss 1430,sackOK,TS val 2972295960 ecr 0,nop,wscale 6], length 0 > > So, you are receiving connection attempts from a Google system > mail-iy0-f182.google.com. This has IP address 209.85.210.182. > > I also notice that tuna.theoceanwindow-bv.com has an IP address > of 209.160.65.133. > > What is the output of > > ifconfig -a | grep 209.160 inet 209.160.65.133 netmask 0xf800 broadcast 209.160.71.255 (this is the IP handling mail services) inet 209.160.68.112 netmask 0xff00 broadcast 209.255.255.255 > > If the netmask is mis-configured (say, 0xff00) then that explains > why we see no responses to connection attempts from 209.85.210.182 > (and other 209.* IP addresses). > > The reason is that your machine is sending out ARP requests to the > local subnet for 209.85.210.182. Of course it gets no response, > and therefore it never replies to connection attempts from that IP > address. > > FYI this means that no-one in 209.* would be able to connect to > your web server as well. I am more then a little confused in that I have in fact received mail from that google server an example from message header is "Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by tuna.theoceanwindow-bv.com (Postfix) with ESMTP id 11AB65C23 for ; Sat, 14 May 2011 22:37:41 -0400 (EDT)" > > Wietse
Re: Google 7720 Error [thread resumed due to useful data]
jason hirsh: > 08:40:31.036997 IP mail-iy0-f182.google.com.51101 > > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, > options [mss 1430,sackOK,TS val 2972295960 ecr 0,nop,wscale 6], length 0 So, you are receiving connection attempts from a Google system mail-iy0-f182.google.com. This has IP address 209.85.210.182. I also notice that tuna.theoceanwindow-bv.com has an IP address of 209.160.65.133. What is the output of ifconfig -a | grep 209.160 If the netmask is mis-configured (say, 0xff00) then that explains why we see no responses to connection attempts from 209.85.210.182 (and other 209.* IP addresses). The reason is that your machine is sending out ARP requests to the local subnet for 209.85.210.182. Of course it gets no response, and therefore it never replies to connection attempts from that IP address. FYI this means that no-one in 209.* would be able to connect to your web server as well. Wietse
Re: Google 7720 Error [thread resumed due to useful data]
On May 15, 2011, at 10:09 AM, Wietse Venema wrote: > jason hirsh: >> 08:40:31.036997 IP mail-iy0-f182.google.com.51101 > >> tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, >> options [mss 1430,sackOK,TS val 2972295960 ecr 0,nop,wscale 6], length 0 > > SYN from google.com -> theoceanwindow-bv.com > >> 08:40:34.037857 IP mail-iy0-f182.google.com.51101 > >> tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, >> options [mss 1430,sackOK,TS val 2972298960 ecr 0,nop,wscale 6], length 0 > > Retransmission: SYN from google.com -> theoceanwindow-bv.com > >> 08:40:40.036791 IP mail-iy0-f182.google.com.51101 > >> tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, >> options [mss 1430,sackOK,TS val 2972304960 ecr 0,nop,wscale 6], length 0 > > Retransmission: SYN from google.com -> theoceanwindow-bv.com > >> 08:40:50.037758 IP mail-iy0-f182.google.com.51101 > >> tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, >> options [mss 1430,sackOK,TS val 2972314960 ecr 0,nop,wscale 6], length 0 > > and so on. > > The packet arrives on the network interface, but it is dropped > (by firewall rule) before it reaches your TCP protocol engine, > and therefore your machine does not respond. > > Show your IPFW rules (or whatever the packet filter). I suspect > a malformed net/mask rule. > IPFW show as follows 00010 10199 16170990 allow ip from any to any via lo0 00015 2038374094 allow ip from any to any via tap0 00035 0 0 allow ip from any to 10.8.0.0/24 keep-state 00037 0 0 allow ip from 10.8.0.0/24 to any keep-state 00040 0 0 deny tcp from any to any frag 00041 0 0 deny log ip from 221.192.199.49 to any 00050 0 0 check-state 00060 189242 105467724 allow tcp from any to any established 00070 32719 3680271 allow ip from any to any out keep-state 00080324 27140 allow icmp from any to any 00100 3825245465 allow log tcp from any to me dst-port 21 in setup keep-state 00105 0 0 allow log tcp from me 20,21 to any out keep-state 00120 0 0 allow log tcp from any to any dst-port 21 out 00130 13 676 allow tcp from any to any dst-port 22 in 00140 0 0 allow tcp from any to any dst-port 22 out 00150261 15020 allow tcp from any to any dst-port 25 in 00160 0 0 allow tcp from any to any dst-port 25 out 00170 2625197570 allow udp from any to any dst-port 53 in 00175 0 0 allow tcp from any to any dst-port 53 in 00180 0 0 allow udp from any to any dst-port 53 out 00185 0 0 allow tcp from any to any dst-port 53 out 00190552 32580 allow tcp from any to any dst-port 80 in 00192 0 0 allow tcp from any to any dst-port 8010 in 00193 0 0 allow tcp from any to any dst-port 8010 out 00195 0 0 allow tcp from any to any dst-port 80 out 00196 0 0 allow tcp from any to any dst-port 81 in 00197 0 0 allow tcp from any to any dst-port 81 out 00198 0 0 allow udp from any to any dst-port 81 in 00199 0 0 allow udp from any to any dst-port 81 out 00209156 9696 allow tcp from any to any dst-port 110 in 00210 0 0 allow tcp from any to any dst-port 110 out 00211 218000 17030046 allow udp from any to any dst-port 137 in 00212 0 0 allow tcp from any to any dst-port 137 in 00213 0 0 allow udp from any to any dst-port 137 out 00214 0 0 allow tcp from any to any dst-port 137 out 00215 24493 5357641 allow udp from any to any dst-port 138 in 00216 0 0 allow tcp from any to any dst-port 138 in 00217 0 0 allow udp from any to any dst-port 138 out 00218 0 0 allow tcp from any to any dst-port 138 out 00223 0 0 allow udp from any to any dst-port 139 in 00224 0 0 allow udp from any to any dst-port 139 out 00225 5 288 allow tcp from any to any dst-port 139 in 00226 0 0 allow tcp from any to any dst-port 139 out 00227 0 0 allow tcp from any to any dst-port 445 in 00228 0 0 allow tcp from any to any dst-port 445 out 00229 0 0 allow udp from any to any dst-port 445 in 00230 0 0 allow udp from any to any dst-port 445 out 00231118 7264 allow ip from any to any dst-port 465 in 00232 0 0 allow ip from any to any dst-port 465 out 00240 0 0 allow ip from any to any dst-port 587 in 00242 0 0 allow ip from any to any dst-port 587 out 00250 57 3544 allow tcp from any to any dst-port 993 in 00251 0 0 allow tcp from any to any dst-port 993 out 00260 1714108268 allow tcp from any to any dst-port 995 in 00261 0 0 allow tcp from any to any dst-port 995 out 00270 0 0 allow ip from any to any dst-port 11
Re: Google 7720 Error [thread resumed due to useful data]
jason hirsh: > 08:40:31.036997 IP mail-iy0-f182.google.com.51101 > > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, > options [mss 1430,sackOK,TS val 2972295960 ecr 0,nop,wscale 6], length 0 SYN from google.com -> theoceanwindow-bv.com > 08:40:34.037857 IP mail-iy0-f182.google.com.51101 > > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, > options [mss 1430,sackOK,TS val 2972298960 ecr 0,nop,wscale 6], length 0 Retransmission: SYN from google.com -> theoceanwindow-bv.com > 08:40:40.036791 IP mail-iy0-f182.google.com.51101 > > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, > options [mss 1430,sackOK,TS val 2972304960 ecr 0,nop,wscale 6], length 0 Retransmission: SYN from google.com -> theoceanwindow-bv.com > 08:40:50.037758 IP mail-iy0-f182.google.com.51101 > > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, > options [mss 1430,sackOK,TS val 2972314960 ecr 0,nop,wscale 6], length 0 and so on. The packet arrives on the network interface, but it is dropped (by firewall rule) before it reaches your TCP protocol engine, and therefore your machine does not respond. Show your IPFW rules (or whatever the packet filter). I suspect a malformed net/mask rule. Wietse