Re: [Exim] can't send large email messages

Top Page
Delete this message
Reply to this message
Author: Tabor J. Wells
Date:  
To: steve
CC: exim-users, Don Rude, Mike Antro
Subject: Re: [Exim] can't send large email messages
On Wed, Aug 01, 2001 at 04:18:50PM -0400,
steve@??? <steve@???> is thought to have said:

> > The short answer is that the PIX is probably blocking ICMP including
> > useful things like fragmentation requests. Since your server doesn't know
> > to fragment the packets into smaller chunks and the remote side's requests
> > to do so don't get to you, you'll continue to have mail which won't pass
> > until one of two things happens. The site with the PIX changes their
> > filters to allow the useful bits of ICMP to pass or you recompile exim
> > setting "DELIVER_OUT_BUFFER_SIZE = 1024" (or some other suitably low
> > number) in your Local/Makefile.
> >
>
> So is there a way to make my server split packets into smaller chunks?


Re-read what I sent above. Rebuild your copy of Exim. Set
DELIVER_OUT_BUFFER_SIZE=1024 in your Local/Makefile.

> I'm currently running Debian (potato/stable) and 2.2.19 kernel, would
> upgrading to woody/2.4.7 kernel solve my problem possibly? So it's just
> a case that our server doesn't understand the PIX's request to split
> up the packets? Or are the packets simply not getting to me for some
> reason or another (firewall misconfiguration, etc)?


No, the requests to fragment are not getting to you. They are probably
being blocked by the PIX with some sort of global deny of all ICMP rather
than passing the types that tell you what size packets to send and
blocking things like ICMP echo response traffic.

You can work around this by building exim with a smaller
DELIVER_OUT_BUFFER_SIZE as listed above. Or you can convince every
misconfigured PIX admin that exhibits this problem with mail from your
site to adjust their firewall configs. I went with the former because the
latter was just becoming ridiculously hard to do.

Tabor

-- 
--------------------------------------------------------------------
Tabor J. Wells                                     twells@???
Fsck It!                 Just another victim of the ambient morality