https://bugs.exim.org/show_bug.cgi?id=2665
--- Comment #14 from Joseph Diffin <[email protected]> --- (In reply to Phil Pennock from comment #10) > Decoding RTF files and puzzling a lot, is this a correct summarisation? > > 1. You are running Exim 4.94 > 2. For the domain gloucestershire.pnn.police.uk the MX is Message Labs, for > filtering, and they then forward onto you > 3. You are running the service mailgate.gsi.gov.uk > 4. For some mails, predominantly those from Amazon SES originally, when > Message Labs sends onto your server those mails, you see long timeouts > 5. These GSI servers are in Vodafone hosting, so not on your premises > > In addition: > > 6. Is it fair to say that these messages from SES are a bit larger than many > of the other external-sender inbound messages received through this filter? > 7. Please confirm that the firewalls in your hosting environment are > configured to allow ICMP 3/4 ("Destination Unreachable", "fragmentation > needed and DF set") to pass through. > > An unfortunate pattern is for firewalls to block all ICMP, claiming that > this improves security, while ignoring that Path MTU Discovery requires that > certain ICMP pass through. For "large packets seen first from TCP > connection initiator" (as opposed to "small request, big response" patterns > such as most HTTP), this causes connections to hang, but only when the > packet sizes go up and the sender and recipient are trying to figure out the > correct MTU size to use for packets. The email flow is eu-west-1.amazonses.com {a wrapper for eeperks for example to messagelabs - to us {GCF Core Relays fujitsu/vodafone} to gloucester pnn I've asked our Firewall team to look at these settings hopefully they'll get back to me quickly -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
