[CentOS] Sendmail and pmtu discovery

Tue Oct 14 21:18:27 UTC 2008
mouss <mouss at netoyen.net>

Sean Carolan a écrit :
> We have an issue with some customers who refuse to accept ICMP traffic
> to their mail servers.  It seems that they have put Mordac, preventer
> of information services in charge of their firewall policy
> (http://en.wikipedia.org/wiki/List_of_minor_characters_in_Dilbert#Mordac).
> 
> My mail logs are showing that customers who specifically disallow ICMP
> traffic have many "Connection Reset" entries in our logs:
> 
> Oct 14 08:00:50 mailsrv sendmail[2024]: m9ED0Yf5002021:
> to=<customername at customer.org>, delay=00:00:16, xdelay=00:00:16,
> mailer=esmtp, pri=42476, relay=mail.customer.org. [XX.XX.XX.XX],
> dsn=4.0.0, stat=Deferred: Connection reset by mail.customer.org.
> 
> I have disabled pmtu discovery on our routers as well as on all our
> outbound mail servers.  Is there anything else I can do on our side to
> help the situation?


Consider setting a small MTU (or MSS, ....) for the borked networks
instead of changing your setup globally. something like

ip route add 192.0.2.0/24 via 10.0.0.1 mtu 1000