Well, thank you for tip but looks like ECN wasn't enabled on that host
#sysctl -A | grep ecn
net.ipv4.tcp_ecn = 0
By the way, I was able to make a TCP dump of incoming SMTP session.
I don't want to put lots of text here, so I will describe how it looks
like.
Servers negotiate TCP session with MSS 1360. Then they start SMTP session,
which goes normal during HELO. But when the sending server sends me
message
headers, I receive:
MAIL FROM: <someuser@???>
RCPT T
And that's all. Then there come no packets at all, for 65 seconds each
time
(I was able to dump 3 sessions). And after 65 seconds _sending_ server
sends me
a FIN flagged packet. We exchange FIN_ACKs and the session is dropped.
Now I'm pretty sure there is something blocking our conversation, so I
guess I'll
ask my ISP to look what they can see from their side.
On Mon, 09 Aug 2010 21:30:29 +0100, "Michael J. Tubby B.Sc. G8TIC"
<mike.tubby@???> wrote:
> Just a thought... I had a problem like this several years ago when I
> have TCP Explicit Congestion Notification:
>
> http://en.wikipedia.org/wiki/Explicit_Congestion_Notification
>
> turned on on a Linux host running Exim and the remote end was a Sun
> Solaris box that didn't understand ECN properly... there also used to
> be problems with some routers (with old firmware) not handling ECN
> properly...
>
> Mike
>
>
>
> On 09/08/2010 13:04, r00f wrote:
>> Hi there.
>>
>> I constantly receive errors with some servers and can't accept or send
>> mail to them.
>> In log this looks like:
>>
>> SMTP connection from forward14.mail.yandex.net [95.108.130.92] lost
while
>> reading message data (header)
>>
>> This results in two porblems (maybe more):
>> 1) I cannot send to servers, who have sender callout verification
enabled
>> (if they are in problem group)
>> 2) I cannot receive messages from servers in problem group
>>
>> I've read lots of forums about that problem.
>> First, I must say that lots of logs posted to forums contatin that same
>> Yandex servers.
>> Second, I've tried to change my MTU and disable DNS checks - still no
>> success.
>> Third, the traceroute to the server mentioned looks quite strange - it
is
>> not traceable form my server, but it's ok from my home PC.
>> It seems to be blocking ICMP from some network, and AFAIK this can
cause
>> MTU traceback not working. But, is Exim trying to make MTU trace?
>> If it is, is there any way to avoid that for some hostlist?
>>
>> Any thoughts about this would be much appreciated.
>>
>> P.S. atm I don't have any tcpdump log, but as soon as Yandex' MTA
retries
>> I'll get it and post here if needed.
>>