Sean Durkin: > Meanwhile, I've managed to record a tcpdump of such a failed > session. What exactly am I looking for there?
- The receiving host's window announcement in the tcp handshake and in subsequent ACKs. - Whether there is a "gap" in the sender packet sequence numbers as seen by the receiving host. Such a gap means that a particular packet is being dropped. Just to bore you with a few examples of bad middleboxes: - Shortly after the first Postfix release there was a problem with traffic corruption due to a buggy middlebox (a Packeteer traffic shaper). The error had a very distinct signature. - For many years, there were problems with CISCO PIX "firewalls" that inspected SMTP traffic but failed to properly handle the case that <CR><LF>.<CR><LF> happened to fall on a packet boundary. - http://www.arschkrebs.de/postfix/postfix_cisco_pix_bugs.shtml has other examples where CISCO PIX/ASA "firewalls" will mis-handle SMTP traffic in various ways. In your case, you may have to collaborate with someone who is willing to send large amounts of random email; hopefully some messages will trigger the bug, and then the sender and receiver can compare tcpdump recordings. Wietse
