Hello,
I have a small mail server, with ipv6 and i relay the email to my ISP
mail server. Their mail server have now ipv6, yet every time my
postfix tries to connect to their server it gives timeout:
Aug 13 12:51:27 paquete postfix/smtp[25083]: SSL_connect error to
smtp.sapo.pt[2001:8a0:2104:ff:212:55:154:44]:25: Connection timed
out
i tried to up the debug but i see nothing special:
http://pastebin.com/tz5LgYLW
postfix will they fallback to ipv4 and connects and deliver the
emails perfectly.
From the log i can see that postfix connects fine until it runs the
starttls, then it timeout. I tried to use the gnutls to simulate the
starttls in ipv6 and have no problem... i unable to find any problem
neither on my end, nor on theirs. I cant use openssl to test the
startssl, because it still dont support well ipv6 on the s_client.
Does sending without STARTTLS work?
Your description sounds suspiciously like a Path-MTU discovery issue.
Without TLS the server will never send a large packet towards you, but
when you enable TLS it has to send its certificate, which is often
larger than 1500 Bytes. So pMTU happens. Either pMTU discovery towards
your host is generally broken (which I doubt since you said you were
able to contact other hosts), or they broke pMTU discovery on their
side, i.e. by filtering ICMP.
Try adding a static route to the host with a low MTU. On Linux
ip -6 route add 2001:8a0:2104:ff:212:55:154:44/128 via <gateway> dev
<dev> mtu 1280
gateway and dev from your normal routing table. This will force your
host to send a small MSS in the TCP SYN, which prevents them from
sending something >1280 Bytes in return.
Bernhard
