Whit Blauvelt: > Given that it's not the well-known TCP window scaling problem, and that it > is a problem specific to just the one ISP's routers, what is the list of how > they can have those configured wrong? SYN flood protection? Anything else? I > have Postfix servers on other ISPs too, all configured similarly, none of > the others having this problem. It's most certainly a Megapath problem. To > get them to fix whatever it is, I expect I need to identify it precisely.
Maybe a pointer to RFC 4987 will lead the horse to the water. 3.8. Firewalls and Proxies Firewall-based tactics may also be used to defend end hosts from SYN flooding attacks. The basic concept is to offload the connection establishment procedures onto a firewall that screens connection attempts until they are completed and then proxies them back to protected end hosts. https://tools.ietf.org/html/rfc4987 In your case, it waits until the client speaks first. SMTP does not work that way. With SMTP, the server speaks first. Wietse
