Re: [Exim] SMTP data timeout (message abandoned) on connecti…

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: exim-users
CC: Jeremy C. Reed
Subject: Re: [Exim] SMTP data timeout (message abandoned) on connection from ...
ph10@??? said:
> I'm not adept at reading TCP dumps, but I see "80 win" there, and I
> see that the data ends just after 80 characters. Significant?


Ignore the line wrap. It says '230:286(56) ack 80 win 5840'. Meaning 'Here
are 56 bytes, from byte number 230 to byte number 286 in the stream. I've
seen up to character 80 of what you sent me, you can send me 5840 more
characters at the moment'.

The next message we receive from the other client, however, seems to imply
that it thinks it's sent 5920 bytes already, not just the 80 we admit to
having seen:
> 5920:5920(0) ack 286 win 1859 (DF) (ttl 126, id 33820, len 40)


It looks like the packets containing the missing 5840 bytes of data have got
lost in transmission, and repeatedly so. Jeremy, can you get a full tcpdump
from the initial SYN to the final FIN? Can you reproduce this with a client
on which you can also tcpdump to see what's on the wire at that end?

This kind of thing can often happen with broken firewalls. The client sends
a large message which needs to be fragmented, but it has the 'DF' (Don't
Fragment) bit set, because the client wants to _know_ the maximum packet
size that can get to the destination and send packets that size itself,
rather than having them fragmented. So whichever router decides it would
have to fragment the packet to get it to the destination just drops it and
instead sends an ICMP 'fragmentation needed but DF set' message back to the
client. Couple that with a broken firewall which stops ICMP, and you have
precisely these symptoms.

--
dwmw2