On 2026/02/26 11:04, Fehlauer, Norbert via mailop wrote:
>
> I’m having a problem receiving mails from some sending servers. The logfile
> shows, that the
> sending server won’t send after the tls session is started:
This is often due to problems where part of the path between machines
cannot accept full ethernet sized MTUs and some other part of the
path drops the required fragmentation-needed messages ("path MTU
blackhole").
> testing with this tool seems to be different handling when using the server
> with ecc
> certificate (edge02) instead of RSA based certificate.
This could also fit with the above; RSA keys are much larger than EC,
so you might be able to fit a TLS handshake through if it's with an
EC key but not RSA. (After handshake you may still run into problems
especially with larger emails).
Use of traceroute with different packet sizes may give clues about
where the problem lies.
For starters, if you have firewalls near you which block ICMP
fragmentation-needed messages, they need fixing.
You may also be able to workaround by lowering MTU on your server or
rewriting MSS to be lower on a firewall near your server.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
