Victor Duchovni:
> On Sat, Nov 15, 2008 at 09:14:07AM +1100, Petr Janda wrote:
>
> > Hi all,
> > I have got reports about lost mail(not received, im the receiver not the
> > sender) recently and trying to find out whats going on seems to be beyond
> > me.
> >
> > Basically a lot of email is lost with "timeout after DATA"
> >
> > For example:
> > timeout after DATA (0 bytes) from mail.securepay.com.au[203.89.212.166]
> >
> > . Supposedly the problem here is that the sending machine has got a firewall
> > in front of it thats blocking ICMP MUST FRAGMENT. I somewhat could verify
> > this by trying to ping those machines and indeed pinging them does not
> > work(so at least ICMP ECHO is blocked).
>
> Or botching window scaling, or getting confused by selectiv ACKs, or ...
> Consider disabling window scaling support (not just setting the default
> scale to zero). Consider capturing the packet stream outside your
> outermost firewall.
The Postfix wishlist has an entry to force window scaling off
(by requesting a small TCP send buffer before creating the
listener endpoint). If this works without creating more trouble
than it solves, then I might make it available as a patch for
legacy releases, just like the stress-adaptive behavior patch.
Until then, sysctl is your friend.
*BSD: sysctl -w net.inet.tcp.sack.enable=0
L*n*x: sysctl -w net.ipv4.tcp_sack=0 (and I suppose something
equivalent if you use Linux IPv6 support).
Wietse
