fhare:
> Hello list,
>
> Bit of a weird one here. I have hosts at AWS sending mail across a
> Checkpoint VPN to my main private relay server (it basically serves to relay
> mail to O365 for in house applications). The problem is that the sending
> client never receives BYE from server after QUIT. The mail goes through and
> is delivered ok. This is bad because our timeout is 300s and if you have
> anything more than a small amount of mail to send, your connections waiting
> to timeout build up at the client and cause problems with applications. Mail
> from non-AWS sources does not have this problem across other legs of our
> Checkpoint VPN.
If you look at the non-VPN captures, then you will see the following:
- In one trace, we see a client ACK 138, followed by a client packet
with ".<CR><LF>" (data 443:446, ACK 128, and a timestamp field
tht is unlike those of al other packets in the stream).
- In the other trace, we see that the ACK and ".<CR><LF>" packets
are sent as one packet, with a normal timestamp field.
- After this, the TCP connection is messed up, the server keeps
transmitting "Queued as xxx", and the client keeps transmitting
QUIT.
This looks like the VPN mucks with TCP and screws up the protocol.
Get a better VPN. If yiu must use the VPN, maybe sending SMTP over TLS
will change the problem.
Wietse
