https://bugs.exim.org/show_bug.cgi?id=2665
--- Comment #14 from Joseph Diffin <Joseph.diffin@???> ---
(In reply to Phil Pennock from comment #10)
> Decoding RTF files and puzzling a lot, is this a correct summarisation?
>
> 1. You are running Exim 4.94
> 2. For the domain gloucestershire.pnn.police.uk the MX is Message Labs, for
> filtering, and they then forward onto you
> 3. You are running the service mailgate.gsi.gov.uk
> 4. For some mails, predominantly those from Amazon SES originally, when
> Message Labs sends onto your server those mails, you see long timeouts
> 5. These GSI servers are in Vodafone hosting, so not on your premises
>
> In addition:
>
> 6. Is it fair to say that these messages from SES are a bit larger than many
> of the other external-sender inbound messages received through this filter?
> 7. Please confirm that the firewalls in your hosting environment are
> configured to allow ICMP 3/4 ("Destination Unreachable", "fragmentation
> needed and DF set") to pass through.
>
> An unfortunate pattern is for firewalls to block all ICMP, claiming that
> this improves security, while ignoring that Path MTU Discovery requires that
> certain ICMP pass through. For "large packets seen first from TCP
> connection initiator" (as opposed to "small request, big response" patterns
> such as most HTTP), this causes connections to hang, but only when the
> packet sizes go up and the sender and recipient are trying to figure out the
> correct MTU size to use for packets.
The email flow is
eu-west-1.amazonses.com {a wrapper for eeperks for example to messagelabs - to
us {GCF Core Relays fujitsu/vodafone} to gloucester pnn
I've asked our Firewall team to look at these settings hopefully they'll get
back to me quickly
--
You are receiving this mail because:
You are on the CC list for the bug.