[CentOS] Re: Sendmail and pmtu discovery

Wed Oct 15 01:50:07 UTC 2008
Chris Boyd <cboyd at gizmopartners.com>

On Oct 14, 2008, at 1:59 PM, Sean Carolan wrote:

> If you've ever dealt with with one of these paranoid Mordac-type
> security managers you know exactly what I'm talking about.  In our
> case the path of least resistance was to disable pmtu discovery, and
> tell the customer that we've done all we possibly can to alleviate the
> issue on our end.  Hopefully they come to their senses and allow ICMP
> packets like every major ISP and mail provider on the Internet.

Yes, but then you have broken your equipment, and possibly lost the  
ability to communicate with many more customers.

Yes, I've dealt with these people.  If they turn off all ICMP, they  
often drop fragments as well, making the problem even worse. You can  
sometimes get them to listen by asking them if their Internet access  
seems a little "weird" in that some sites work sometimes or downloads  
are slow or they can't get some email :-)

They'll usually say yes and then you might be able to get them to  
listen, and hopefully send them a bill.

--Chris