Dear everyone,
It's my first posting on mailing list so please accept my apologies for any
"gaps" that may appear until I get the hang of the "way things should be
said"
Case Scenario
Esxi implementation hosting the following
Zone OS ( url of implementation if any)
==== ==============================================================
net
fw Ubuntu 9.10 x64 running shorewall as a three interface firewall
( http://www.shorewall.net/three-interface.htm )
dmz Ubuntu 9.10 x64 running shorewall and a postfix mail server with
spamassasin and amavis
( http://flurdy.com/docs/postfix/ )
loc Windows SBS 2008 running exchange 2007 using postfix as a smart
host.
All the systems are using the vmxnet3 NIC with 10Gb links (MTU on all
systems are set on 1500)
e-mail goes in and out like a charm, in most cases, in some cases we get the
following errors with mails getting stuck to be sent again and again without
delivery on the Postfix mail queue:
said: 451 Requested action aborted: local error in processing (in reply to
end of DATA command)
said: 451 Temporary local problem - please try later (in reply to end of
DATA command)
said: 421 4.4.1 Connection timed out (in reply to end of DATA command)
said: 421 4.4.2 mxfront39.mail.yandex.net Error: timeout exceeded (in reply
to end of DATA command)
(lost connection with mx1.mail.eu.yahoo.com[77.238.177.9] while sending end
of data -- message may be sent more than once)
E-mails that get stuck are mostly with attachments, but not all the
receiving mail servers have the same problem. (E.g. mail from the corporate
network to my own mail server with a 2mb attachment (gentoo - postfix)
arrive with no errors whatsoever.)
The interesting part, is that one of the errors is within the corporate
network, from postfix to exchange 2007. So far I disabled the window
scaling, in /etc/sysctl.conf, and I even disabled amavis. Still the problem
persists. It seems to be an issue with e-mails bigger than a simple text
message since in other occasions test messages has gone through without an
issue on the same destination, or on the same corporate network
(@acompanyname.com), but I wouldn't want to point you on the wrong
direction.
My guess so far is to go and lower the link speed between the Shorewall,
Postfix, and maybe even SBS2008, and that's because similar problems having
been encountered where the MTU is bigger than 1500. Now, the only reason I
haven't done it so far, is that the MTU is already set at 1500, and I'm not
sure if dropping the link to a lower speed or replacing the vmxnet3 with
vmxnet2 that supports lower speed, would do any good.
I'm all ears, hit me with suggestions, corrections, or by pointing out a
different way I should be saying things
Kind regards
Ioannis
__________ Information from ESET Smart Security, version of virus signature
database 5152 (20100528) __________
The message was checked by ESET Smart Security.
http://www.eset.com
