Whit Blauvelt:
> Given that it's not the well-known TCP window scaling problem, and that it
> is a problem specific to just the one ISP's routers, what is the list of how
> they can have those configured wrong? SYN flood protection? Anything else? I
> have Postfix servers on other ISPs too, all configured similarly, none of
> the others having this problem. It's most certainly a Megapath problem. To
> get them to fix whatever it is, I expect I need to identify it precisely.

Maybe a pointer to RFC 4987 will lead the horse to the water.

3.8. Firewalls and Proxies


   Firewall-based tactics may also be used to defend end hosts from SYN
   flooding attacks.  The basic concept is to offload the connection
   establishment procedures onto a firewall that screens connection
   attempts until they are completed and then proxies them back to
   protected end hosts.  

https://tools.ietf.org/html/rfc4987

In your case, it waits until the client speaks first.  SMTP does
not work that way. With SMTP, the server speaks first.

        Wietse

Reply via email to