no help for this issue? Same problem with cvs RELENG_7 from Jan, 29th. Oskar Eyb schrieb am 24.01.2008 10:31: > Hello! > I#m not sure if this is a issue belonging to -current, but maybe.. > > > A remote MTA cannot deliver me any email. the admin gets the following > errors: > > "retry time not reached for any host after a long failure period" > and "retry timeout exceeded". > > After I cant find anything related to this server in my postfix log, I > grep'ed for <ip> in /var/log/* and got the following hits: > > [...] > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25 tcpflags > 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and > retransmitting SYN|ACK > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; > syncache_timer: Response timeout, retransmitting (1) SYN|ACK > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; > syncache_timer: Response timeout, retransmitting (2) SYN|ACK > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; > syncache_timer: Response timeout, retransmitting (3) SYN|ACK > dmesg.yesterday:TCP: [85.214.42.62]:43127 to [172.16.0.2]:25; > syncache_timer: Retransmits exhausted, giving up and removing syncache > entry > > 85.214.42.62 is the other MTA, 172.16.0.2 is my jail. > I use PF with rdr/nat on FreeBSD 7 RC4. > > > in the daily security email I get dozens of messages like this, also to > other tcp ports. > > > default-values for: > net.inet.tcp.syncache.rst_on_sock_fail: 1 > net.inet.tcp.syncache.rexmtlimit: 3 > net.inet.tcp.syncache.hashsize: 512 > net.inet.tcp.syncache.count: 0 > net.inet.tcp.syncache.cachelimit: 15360 > net.inet.tcp.syncache.bucketlimit: 30 > > > Can anybody help me out of this? > > > Greets, > Oskar > > > > > > +TCP: [58.182.131.11]:4216 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4216 to [172.16.0.2]:25 tcpflags 0x10<ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4216 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4217 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4217 to [172.16.0.2]:25 tcpflags 0x10<ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4217 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4218 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4218 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4219 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4219 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4220 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4220 to [172.16.0.2]:25 tcpflags 0x10<ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4220 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4221 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4221 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4222 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4222 to [172.16.0.2]:25 tcpflags 0x10<ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4222 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4223 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4223 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4224 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4224 to [172.16.0.2]:25 tcpflags 0x10<ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4224 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4225 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4225 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4226 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4226 to [172.16.0.2]:25 tcpflags 0x10<ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4226 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4227 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4227 to [172.16.0.2]:25 tcpflags 0x10<ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4227 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4228 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4228 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4229 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4230 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4231 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4232 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4230 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4231 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4234 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4234 to [172.16.0.2]:25 tcpflags 0x10<ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4234 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4235 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4235 to [172.16.0.2]:25 tcpflags 0x10<ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4235 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4236 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4236 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [58.182.131.11]:4233 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [58.182.131.11]:4233 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 6 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [58.182.131.11]:4233 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +Connection attempt to UDP 172.16.0.2:57897 from 85.214.103.56:53 > +Connection attempt to UDP 172.16.0.2:60521 from 85.214.103.56:53 > +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (2) SYN|ACK > +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (3) SYN|ACK > +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [59.189.18.5]:1332 to [172.16.0.2]:25; syncache_timer: Retransmits > exhausted, giving up and removing syncache entry > +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (2) SYN|ACK > +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (3) SYN|ACK > +Connection attempt to UDP 85.214.103.56:57111 from 88.191.254.7:53 > +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [83.40.210.36]:27836 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [59.189.18.5]:1700 to [172.16.0.2]:25; syncache_timer: Retransmits > exhausted, giving up and removing syncache entry > +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (2) SYN|ACK > +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (3) SYN|ACK > +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [59.189.18.5]:2189 to [172.16.0.2]:25; syncache_timer: Retransmits > exhausted, giving up and removing syncache entry > +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (2) SYN|ACK > +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (3) SYN|ACK > +TCP: [193.43.150.242]:60772 to [85.214.103.56]:22 tcpflags 0x2<SYN>; > tcp_input: Connection attempt to closed port > +Connection attempt to UDP 172.16.0.2:59259 from 85.214.103.56:53 > +Connection attempt to UDP 172.16.0.2:52025 from 85.214.103.56:53 > +TCP: [213.5.169.184]:62636 to [172.16.0.2]:25; syncache_timer: > Retransmits exhausted, giving up and removing syncache entry > +TCP: [64.237.204.59]:64347 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +Connection attempt to UDP 172.16.0.2:49575 from 85.214.103.56:53 > +Connection attempt to UDP 172.16.0.2:49201 from 85.214.103.56:53 > +Connection attempt to UDP 172.16.0.2:53140 from 85.214.103.56:53 > +Connection attempt to UDP 172.16.0.2:60597 from 85.214.103.56:53 > +TCP: [209.223.48.146]:36342 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +TCP: [189.132.247.46]:3006 to [172.16.0.2]:25 tcpflags 0x14<RST,ACK>; > syncache_chkrst: Spurious RST with ACK, SYN or FIN flag set, segment > ignored > +TCP: [190.142.56.104]:1990 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [190.142.56.104]:1990 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [190.142.56.104]:2350 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [72.52.143.18]:38333 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +TCP: [65.19.179.9]:1973 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +TCP: [88.67.29.27]:62531 to [172.16.0.2]:25 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_2: Received 37 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [88.67.29.27]:62531 to [172.16.0.2]:25 tcpflags 0x11<FIN,ACK>; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > +TCP: [195.4.92.9]:25 to [172.16.0.2]:57654 tcpflags 0x18<PUSH,ACK>; > tcp_do_segment: FIN_WAIT_1: Received 69 bytes of data after socket was > closed, sending RST and removing tcpcb > +TCP: [213.133.109.71]:47054 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +TCP: [202.164.234.72]:3775 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +TCP: [207.217.120.84]:54387 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +TCP: [207.217.120.84]:54387 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +TCP: [220.226.52.141]:3655 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [220.226.52.141]:3655 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [220.226.52.141]:3655 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACK > +TCP: [220.226.52.141]:3655 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [217.255.195.182]:61347 to [172.16.0.2]:25 tcpflags 0x4<RST>; > syncache_chkrst: Spurious RST without matching syncache entry (possibly > syncookie only), segment ignored > +TCP: [220.226.52.141]:4446 to [172.16.0.2]:25; syncache_timer: Response > timeout, retransmitting (1) SYN|ACK > +TCP: [220.226.52.141]:4446 to [172.16.0.2]:25 tcpflags 0x2<SYN>; > syncache_add: Received duplicate SYN, resetting timer and retransmitting > SYN|ACKReceived on Sat Feb 02 2008 - 19:48:04 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:26 UTC