On 2014-04-02 10:38, Benny Kurniawan C wrote: > Customer kami ada problem untuk kirim email ke kami sejak minggu kemarin > dan setelah saya tanya ke customer mengenai hal tersebut didapatkan > bahwa ada return mail ke email mereka seperti dibawah ini
> The original message was received at Wed, 02 Apr 2014 10:11:57 +0900 (JST) > from [email protected] > > ---The following addresses had delivery errors--- > > [email protected] [Connection timed out] > [email protected] [Connection timed out] > Tue 2014-04-01 16:56:16: [772696] --> 250 <[email protected]>, > Sender ok > Tue 2014-04-01 16:56:16: [772696] Connection closed > Tue 2014-04-01 16:56:16: [772696] SMTP session terminated (Bytes in/out: > 68/251) Kirim mail dari server yang run dibelakang firewall ke server yang juga run dibelakang firewall dan keduannya memblock icmp protocol (PING) hampir selalu gagal dengan error connection time out. $ ping mg03.cybermail.jp PING mg03.cybermail.jp (120.137.171.70) 56(84) bytes of data. ^C --- mg03.cybermail.jp ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4030ms $ ping mail.jkt.itochu.co.id PING mail.jkt.itochu.co.id (202.171.22.3) 56(84) bytes of data. ^C --- mail.jkt.itochu.co.id ping statistics --- 7 packets transmitted, 0 received, 100% packet loss, time 6047ms Salah satu harus mengalah, entah sendernya relay mail lewat smarthost atau receiver memperbaiki setting firewallnya untuk tidak memblock icmp (ping) protocol agar MTU discovery berjalan normal, atau perbaikkan dalam MSS (maximum segment size) clamping di firewall/routernya. http://en.wikipedia.org/wiki/Path_MTU_Discovery --- Many network security devices block all ICMP messages for perceived security benefits,[6] including the errors that are necessary for the proper operation of PMTUD. This can result in connections that complete the TCP three-way handshake correctly, but then hang when data is transferred. This state is referred to as a black hole connection.[7] Some implementations of PMTUD attempt to prevent this problem by inferring that large payload packets have been dropped due to MTU rather than because of link congestion. However, in order for the Transmission Control Protocol (TCP) to operate most efficiently, ICMP Unreachable messages (type 3) should be permitted. A robust method for PMTUD that relies on TCP or another protocol to probe the path with progressively larger packets has been standardized in RFC 4821.[8] A workaround used by some routers is to change the maximum segment size (MSS) of all TCP connections passing through links with MTU lower than the Ethernet default of 1500. This is known as MSS clamping.[9] --- -- syafril ------- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 14.0 SecurityPlus 4.1.5 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 13.6.2, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 2.1.2, PP 2.0.1
