Topic: qpsmtpd: many mail are timing out

[soprom]

Many mails are not reaching the inbox. They are mainly originating from Bell's servers (bellnexxia.net)
I've not no clue of the cause besides a wrong MTU setting.

1188058410 1875 1202    2007-08-25 12:13:30     Connection Timed Out
1188058500 1898 1208    2007-08-25 12:15:00     Connection Timed Out
1188058690 1971 1203    2007-08-25 12:18:10     Connection Timed Out
1188058772 1979 1203    2007-08-25 12:19:32     Connection Timed Out
1188058955 2066 1201    2007-08-25 12:22:35     Connection Timed Out
1188059376 2167 1204    2007-08-25 12:29:36     Connection Timed Out
1188059804 2327 1203    2007-08-25 12:36:44     Connection Timed Out
1188059964 2346 1202    2007-08-25 12:39:24     Connection Timed Out
1188060147 2433 1203    2007-08-25 12:42:27     Connection Timed Out
1188060272 2458 1204    2007-08-25 12:44:32     Connection Timed Out
1188061176 2803 1206    2007-08-25 12:59:36     Connection Timed Out
1188061621 3001 1202    2007-08-25 13:07:01     Connection Timed Out
1188061803 3059 1205    2007-08-25 13:10:03     Connection Timed Out
1188061870 3092 1203    2007-08-25 13:11:10     Connection Timed Out
1188061876 3095 1202    2007-08-25 13:11:16     Connection Timed Out
1188061931 3108 1202    2007-08-25 13:12:11     Connection Timed Out
1188062005 3124 1202    2007-08-25 13:13:25     Connection Timed Out
1188062413 3281 1201    2007-08-25 13:20:13     Connection Timed Out
1188062605 3309 1203    2007-08-25 13:23:25     Connection Timed Out
1188062733 3380 1202    2007-08-25 13:25:33     Connection Timed Out
1188063222 3495 1203    2007-08-25 13:33:42     Connection Timed Out
1188063714 3678 1207    2007-08-25 13:41:54     Connection Timed Out
1188063976 3784 1202    2007-08-25 13:46:16     Connection Timed Out
1188064108 3833 1203    2007-08-25 13:48:28     Connection Timed Out
1188064341 3945 1202    2007-08-25 13:52:21     Connection Timed Out
1188064354 3949 1202    2007-08-25 13:52:34     Connection Timed Out
1188064395 3954 1202    2007-08-25 13:53:15     Connection Timed Out
1188064515 4054 1204    2007-08-25 13:55:15     Connection Timed Out
1188064843 4162 1202    2007-08-25 14:00:43     Connection Timed Out
1188065129 4265 1202    2007-08-25 14:05:29     Connection Timed Out
1188065300 4287 1202    2007-08-25 14:08:20     Connection Timed Out
1188065335 4297 1202    2007-08-25 14:08:55     Connection Timed Out
1188065440 4375 1203    2007-08-25 14:10:40     Connection Timed Out
1188065596 4391 1202    2007-08-25 14:13:16     Connection Timed Out
1188065761 4466 1202    2007-08-25 14:16:01     Connection Timed Out
1188065930 4491 1202    2007-08-25 14:18:50     Connection Timed Out
1188066154 4583 1202    2007-08-25 14:22:34     Connection Timed Out
1188066315 4677 1202    2007-08-25 14:25:15     Connection Timed Out
1188068693 5721 1223    2007-08-25 15:04:53     Connection Timed Out
1188069282 6268 1202    2007-08-25 15:14:42     Connection Timed Out
1188069324 6304 1203    2007-08-25 15:15:24     Connection Timed Out
1188069521 6384 1202    2007-08-25 15:18:41     Connection Timed Out

Can someone tell me where to start looking for?

Thanks!

[CharlieBrady]

Many mails are not reaching the inbox. They are mainly originating from Bell's servers (bellnexxia.net)
I've not no clue of the cause besides a wrong MTU setting.

Read http://www.phildev.net/mss/mss-talk.pdf and google for terms such as PMTU, DF, ICMP, "fragmentation required" and "mss clamping".

[soprom]

Thanks Charly... I'm reading but it's well above my head...
I noted in the reading you suggested that some of the problems can be caused by filtering and router. So I'll start there.

The firewall (ipcop) is behind a modem/router (with a "/29 subnet"), and SME7 servers have their external NIC in the DMZ.

As I can see, the MTU is seen from the outside as 1300 with this test:

« SpeedGuide.net TCP Analyzer Results »
Tested on: 08.26.2007 00:48
IP address: 216.252.xx.xxx
 
TCP options string: 020404ec01010402
MSS: 1260
MTU: 1300
TCP Window: 17640 (multiple of MSS)
RWIN Scaling: 0
Unscaled RWIN : 17640
Reccomended RWINs: 65520, 131040, 262080, 524160
BDP limit (200ms): 706kbps (88KBytes/s)
BDP limit (500ms): 282kbps (35KBytes/s)
MTU Discovery: OFF
TTL: 112
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)

The PPPoE mtu setting is 1492 on the modem/router.

The firewall has these lines:

# Fix for braindead ISP's
/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

I'll be testing without "intrusion detection" service on the firewall.

[sonoracomm]

I was having this same issue as well as a substantially similar issue at another customer site where they had a Windows server running Exchange.

I found that changing the DSL router from PPPoE to PPPoA authentication protocol (the ISP supported both) fixed this for both my customers.  Evidently, the use of PPPoE was causing packet fragmentation to which certain third-party mail servers were sensitive.

I switched both customers' DSL routers to PPPoA, with no other changes and it fixed the problems on both servers. 

Perhaps there was another way to do this, such as setting the MTU on the DSL links, but I didn't go any farther.  However, I'd be interested to know the proper solution to this issue...maybe next time the ISP won't support PPPoA...

G