Send Mail with attachment fails only from Linux Clients



  • Hello

    I'm testing a PFSense 2.1.4 on a AMD G series T40E Board. I have a bridged Zyxel VDSL Modem on WAN port and one LAN Iface working.
    Everything works fine and fast, but sending Mails from different Clients over SMTP fails.
    It fails…

    • Only from Linux Clients with Tunderbird, Win Clients with thunderbird runs fine

    • Only if a Attachment or Hyperlink is in the Mail

    • I tested Attachments with 4.5kb / 150kb / 1Mb

    • If I change the PFSense with my old Router, no problems occur

    For troubleshooting I switched all off exept DHCP, DDNS, WAN, LAN and use a easy Firewall rule "allow any LAN traffic to WAN"
    I tried different MTU size, but no solution (my old Router work properly with 1492, so I use it also in PFSense)
    I checked for In/Out Errors in Status:Interfaces = no problems reported 0/0 on all Ifaces
    I tried to switch on "Disable hardware checksum offload" Feature

    I see blocked traffic on the Firewall log wenn I send Mails from the Clients but I think this is the known Issue:
    https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
    Any idea for a solution or further search… ?
    Thanks



  • Hi Stoeffel,

    Some questions:

    1. What error message (if any) do you get in Thunderbird? And to clarify, it works when you don't have an attachment or link in the email?
    2. What extra packages have you installed on the firewall? (Squid, snort, antivirus etc.)
    3. Could you take a screenshot of your firewall log just after you have tried to send one of those emails that fails? Remember that, by default, the newest entries are at the bottom.
    4. Screenshot of your firewall rules on the LAN interface?


  • Hi vindenesen

    Thanks for reply  :)

    1. I get a SMTP Server timeout Error
    2. Only snort, but snort is not enabled yet
    3. See attachment for Firewall.log, 192.168.1.14 is the Mail sending Linux Client
    4. See attachment for Rules.png






  • Hmm.  The rules are processed first-match, top-down, so it did not match the LAN Net rule and got blocked by the * rule.  Can I ask for your LAN details, IP address & netmask?



  • The IP address 173.194.70.104 belongs to Google. I've seen similar at my firewall also, mostly from my Android smartphone. Out-of-state traffic most likely, probably not related. Gmail uses port 465 for SMTP traffic.

    I'm not that familiar with snort, but have you tried to remove the package? And you are sure of that it works when you don't have an attachment or a link in your email?

    You could also perform packet capture (Diagnostics) on WAN, and filter the capture on the SMTP port and SMTP server IP address you are using, just to see if you even get any replies back when you try to send an email.


  • Moderator

    Running this command for pfctl will show the Rule Numbers where you can see which Rule caused the Block:

    [  [b]pfctl -vv -sr  ]



  • Hello together

    @KOM: Lan is simple; 192.168.1.1/24, 255.255.255.0, Gateway 192.168.1.1 (PFSense), All IPs are fixed

    @vindenesen: I use SMTP at bluewin.ch, Port is also 465. I removed now snort package completly without any positive effect. Yes it works without Attachments, but with huge text it will disapear.

    If I ping the SMTP Server from a Linux Client then i get following output:
    somebody@anylinux:~$ ping smtpauths.bluewin.ch
    PING smtpauths.bluewin.ch (195.186.227.54) 56(84) bytes of data.
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=5 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=7 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=11 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=12 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=14 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=15 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=17 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=18 Packet filtered
    ^C
    –- smtpauths.bluewin.ch ping statistics ---
    18 packets transmitted, 0 received, +8 errors, 100% packet loss, time 17038ms

    Captured Packets on WAN Iface while sending Email from 192.168.1.7:

    22:54:13.829064 IP 195.186.99.54.465 > 85.4.139.0.15357: tcp 37
    22:54:13.829211 IP 195.186.99.54.465 > 85.4.139.0.15357: tcp 0
    22:54:14.345066 IP 195.186.99.54.465 > 85.4.139.0.15357: tcp 37
    22:54:15.374248 IP 195.186.99.54.465 > 85.4.139.0.15357: tcp 37
    22:54:16.353540 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
    22:54:16.377973 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 0
    22:54:16.378221 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
    22:54:16.378417 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 183
    22:54:16.403148 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 0
    22:54:16.403566 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 1460
    22:54:16.403831 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
    22:54:16.403860 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 1460
    22:54:16.404000 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 591
    22:54:16.404144 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
    22:54:16.404169 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
    22:54:16.405621 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 326
    22:54:16.437979 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 59
    22:54:16.438976 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 85
    22:54:16.477533 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
    22:54:16.486416 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 90
    22:54:16.511420 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 181
    22:54:16.511664 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
    22:54:16.603680 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 90
    22:54:16.628478 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 117
    22:54:16.628878 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
    22:54:16.629437 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 122
    22:54:16.666661 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 69
    22:54:16.667290 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 106
    22:54:16.743410 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 69
    22:54:16.745774 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 106
    22:54:16.774880 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 85
    22:54:16.777326 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 74
    22:54:16.802202 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 85
    22:54:16.804047 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 1250


  • Moderator

    @Stoeffel:

    If I ping the SMTP Server from a Linux Client then i get following output:
    somebody@anylinux:~$ ping smtpauths.bluewin.ch
    PING smtpauths.bluewin.ch (195.186.227.54) 56(84) bytes of data.
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=5 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=7 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=11 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=12 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=14 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=15 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=17 Packet filtered
    From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=18 Packet filtered
    ^C
    –- smtpauths.bluewin.ch ping statistics ---
    18 packets transmitted, 0 received, +8 errors, 100% packet loss, time 17038ms

    Looks like that site is Blocking you "Packet Filtered"

    http://serverfault.com/questions/61161/how-does-ping-know-that-my-packets-are-filtered

    I tried to ping that address and it seems they don't accept pings?
    ping 195.186.227.54
    PING 195.186.227.54 (195.186.227.54): 56 data bytes
    ^C
    –- 195.186.227.54 ping statistics ---
    8 packets transmitted, 0 packets received, 100.0% packet loss

    But it does accept connection on port 25
    telnet 195.186.227.54 25

    Trying 195.186.227.54…
    Connected to 54-227-186-195.bluewin.ch.
    Escape character is '^]'.
    220 zhhdzmsp-smta14.bluewin.ch ESMTP Service ready

    and on Port 465
    telnet 195.186.227.54 465

    Trying 195.186.227.54…
    Connected to 54-227-186-195.bluewin.ch.
    Escape character is '^]'.


  • Moderator



  • Hello BBcan177

    ..got little more expirience with ping  ;)

    I don't think it's a Thunderbird problem because it works well with Thunderbird on Windows in the same Network.
    But I found an other interesting fact. Sending a post on this side is also not possible from Linux clients, windows clients
    have no problem with that. I use FF in the same version on all PC's.
    I did a Speedtest at http://hsi.bluewin.ch/speedtest/?language=en with the result that i got a uploadspeed of 0kBit/s, downloadspeed is normal with 41557kBit/s



  • Seems like large outgoing traffic is blocked somewhere. Could it be a problem with packet fragmentation? Have your tried to lower the MTU on one of your Linux-based clients?



  • Hello vindenesen

    Yes you got right.  An MTU Size of 1500 on the WAN Iface solved the problem. As I configured the WAN Iface of my PFSense I read on several forums that the MTU size over the Bluewin VDSL line must be less than 1492 bit. So I put this value in. Now I checked the max. Transmission unit size with my old router (MTU Size is not visible in settings) with ping and I figured out that a package until 1472 data bits go thru without fragmentation. I read on Wikipedia that the Headers are together 28bit. So 1500 shut be possible. On my Linux clients the MTU Value is 1500 and this wasn't a problem befor. Dear vindenesen, thanks a lot to push me to the solution.