Send Mail with attachment fails only from Linux Clients
-
Hello
I'm testing a PFSense 2.1.4 on a AMD G series T40E Board. I have a bridged Zyxel VDSL Modem on WAN port and one LAN Iface working.
Everything works fine and fast, but sending Mails from different Clients over SMTP fails.
It fails…-
Only from Linux Clients with Tunderbird, Win Clients with thunderbird runs fine
-
Only if a Attachment or Hyperlink is in the Mail
-
I tested Attachments with 4.5kb / 150kb / 1Mb
-
If I change the PFSense with my old Router, no problems occur
For troubleshooting I switched all off exept DHCP, DDNS, WAN, LAN and use a easy Firewall rule "allow any LAN traffic to WAN"
I tried different MTU size, but no solution (my old Router work properly with 1492, so I use it also in PFSense)
I checked for In/Out Errors in Status:Interfaces = no problems reported 0/0 on all Ifaces
I tried to switch on "Disable hardware checksum offload" FeatureI see blocked traffic on the Firewall log wenn I send Mails from the Clients but I think this is the known Issue:
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
Any idea for a solution or further search… ?
Thanks -
-
Hi Stoeffel,
Some questions:
- What error message (if any) do you get in Thunderbird? And to clarify, it works when you don't have an attachment or link in the email?
- What extra packages have you installed on the firewall? (Squid, snort, antivirus etc.)
- Could you take a screenshot of your firewall log just after you have tried to send one of those emails that fails? Remember that, by default, the newest entries are at the bottom.
- Screenshot of your firewall rules on the LAN interface?
-
Hi vindenesen
Thanks for reply :)
1. I get a SMTP Server timeout Error
2. Only snort, but snort is not enabled yet
3. See attachment for Firewall.log, 192.168.1.14 is the Mail sending Linux Client
4. See attachment for Rules.png
-
Hmm. The rules are processed first-match, top-down, so it did not match the LAN Net rule and got blocked by the * rule. Can I ask for your LAN details, IP address & netmask?
-
The IP address 173.194.70.104 belongs to Google. I've seen similar at my firewall also, mostly from my Android smartphone. Out-of-state traffic most likely, probably not related. Gmail uses port 465 for SMTP traffic.
I'm not that familiar with snort, but have you tried to remove the package? And you are sure of that it works when you don't have an attachment or a link in your email?
You could also perform packet capture (Diagnostics) on WAN, and filter the capture on the SMTP port and SMTP server IP address you are using, just to see if you even get any replies back when you try to send an email.
-
Running this command for pfctl will show the Rule Numbers where you can see which Rule caused the Block:
[ [b]pfctl -vv -sr ]
-
Hello together
@KOM: Lan is simple; 192.168.1.1/24, 255.255.255.0, Gateway 192.168.1.1 (PFSense), All IPs are fixed
@vindenesen: I use SMTP at bluewin.ch, Port is also 465. I removed now snort package completly without any positive effect. Yes it works without Attachments, but with huge text it will disapear.
If I ping the SMTP Server from a Linux Client then i get following output:
somebody@anylinux:~$ ping smtpauths.bluewin.ch
PING smtpauths.bluewin.ch (195.186.227.54) 56(84) bytes of data.
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=5 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=7 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=11 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=12 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=14 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=15 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=17 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=18 Packet filtered
^C
–- smtpauths.bluewin.ch ping statistics ---
18 packets transmitted, 0 received, +8 errors, 100% packet loss, time 17038msCaptured Packets on WAN Iface while sending Email from 192.168.1.7:
22:54:13.829064 IP 195.186.99.54.465 > 85.4.139.0.15357: tcp 37
22:54:13.829211 IP 195.186.99.54.465 > 85.4.139.0.15357: tcp 0
22:54:14.345066 IP 195.186.99.54.465 > 85.4.139.0.15357: tcp 37
22:54:15.374248 IP 195.186.99.54.465 > 85.4.139.0.15357: tcp 37
22:54:16.353540 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
22:54:16.377973 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 0
22:54:16.378221 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
22:54:16.378417 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 183
22:54:16.403148 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 0
22:54:16.403566 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 1460
22:54:16.403831 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
22:54:16.403860 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 1460
22:54:16.404000 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 591
22:54:16.404144 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
22:54:16.404169 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
22:54:16.405621 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 326
22:54:16.437979 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 59
22:54:16.438976 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 85
22:54:16.477533 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
22:54:16.486416 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 90
22:54:16.511420 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 181
22:54:16.511664 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
22:54:16.603680 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 90
22:54:16.628478 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 117
22:54:16.628878 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 0
22:54:16.629437 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 122
22:54:16.666661 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 69
22:54:16.667290 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 106
22:54:16.743410 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 69
22:54:16.745774 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 106
22:54:16.774880 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 85
22:54:16.777326 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 74
22:54:16.802202 IP 195.186.227.54.465 > 85.4.139.0.19164: tcp 85
22:54:16.804047 IP 85.4.139.0.19164 > 195.186.227.54.465: tcp 1250 -
If I ping the SMTP Server from a Linux Client then i get following output:
somebody@anylinux:~$ ping smtpauths.bluewin.ch
PING smtpauths.bluewin.ch (195.186.227.54) 56(84) bytes of data.
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=5 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=7 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=11 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=12 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=14 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=15 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=17 Packet filtered
From 2-227-186-195.bluewin.ch (195.186.227.2) icmp_seq=18 Packet filtered
^C
–- smtpauths.bluewin.ch ping statistics ---
18 packets transmitted, 0 received, +8 errors, 100% packet loss, time 17038msLooks like that site is Blocking you "Packet Filtered"
http://serverfault.com/questions/61161/how-does-ping-know-that-my-packets-are-filtered
I tried to ping that address and it seems they don't accept pings?
ping 195.186.227.54
PING 195.186.227.54 (195.186.227.54): 56 data bytes
^C
–- 195.186.227.54 ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet lossBut it does accept connection on port 25
telnet 195.186.227.54 25Trying 195.186.227.54…
Connected to 54-227-186-195.bluewin.ch.
Escape character is '^]'.
220 zhhdzmsp-smta14.bluewin.ch ESMTP Service readyand on Port 465
telnet 195.186.227.54 465Trying 195.186.227.54…
Connected to 54-227-186-195.bluewin.ch.
Escape character is '^]'. -
Googling "SMTP Server timeout Error thunderbird and attachments"
Seems like several possible issues:
https://support.mozilla.org/en-US/questions/988025
https://bugzilla.mozilla.org/show_bug.cgi?id=541367
http://forums.mozillazine.org/viewtopic.php?f=39&t=1971101 -
Hello BBcan177
..got little more expirience with ping ;)
I don't think it's a Thunderbird problem because it works well with Thunderbird on Windows in the same Network.
But I found an other interesting fact. Sending a post on this side is also not possible from Linux clients, windows clients
have no problem with that. I use FF in the same version on all PC's.
I did a Speedtest at http://hsi.bluewin.ch/speedtest/?language=en with the result that i got a uploadspeed of 0kBit/s, downloadspeed is normal with 41557kBit/s -
Seems like large outgoing traffic is blocked somewhere. Could it be a problem with packet fragmentation? Have your tried to lower the MTU on one of your Linux-based clients?
-
Hello vindenesen
Yes you got right. An MTU Size of 1500 on the WAN Iface solved the problem. As I configured the WAN Iface of my PFSense I read on several forums that the MTU size over the Bluewin VDSL line must be less than 1492 bit. So I put this value in. Now I checked the max. Transmission unit size with my old router (MTU Size is not visible in settings) with ping and I figured out that a package until 1472 data bits go thru without fragmentation. I read on Wikipedia that the Headers are together 28bit. So 1500 shut be possible. On my Linux clients the MTU Value is 1500 and this wasn't a problem befor. Dear vindenesen, thanks a lot to push me to the solution.