Peter, > > ICMP type 3 must not be blocked by a firewall!
> Are talking about outbound or inbound ICMP? I allow all outbound > traffic to exit unmolested. My f/w is blocking *occasional* inbound > ICMP type 3 code 1. Meanwhile, disconnections are occurring like this: This is probably unrelated to your immedate problem, although it deserves to be put right nevertheless. I'm talking about both incoming and outgoing ICMP type 3 packets. Blocked incoming type 3 code 0..3,9..13 packet would cause your client (Postfix smtp service or any other tcp client such as www, ssh) to linger waiting for a connection establishment and eventually timing out, while it could otherwise terminate immediately and notify user (or log) the actual reason for a reject. Blocked incoming or outgoing type 3 code 4 packet (Fragmentation Needed and Don't Fragment was Set) makes max fragment size negotiation impossible, which manifests in some mail or some web pages being partly or fully inaccessible, while others would work normally. Blocking ICMP type 3 is evil! Mark _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
