Wietse Venema: > fhare: > > Hello list, > > > > Bit of a weird one here. I have hosts at AWS sending mail across a > > Checkpoint VPN to my main private relay server (it basically serves to relay > > mail to O365 for in house applications). The problem is that the sending > > client never receives BYE from server after QUIT. The mail goes through and > > is delivered ok. This is bad because our timeout is 300s and if you have > > anything more than a small amount of mail to send, your connections waiting > > to timeout build up at the client and cause problems with applications. Mail > > from non-AWS sources does not have this problem across other legs of our > > Checkpoint VPN.
There was one typo: 128 instead of 138. I fixed it below. > If you look at the non-VPN captures, then you will see the following: > > - In one trace, we see a client ACK 138, followed by a client packet > with ".<CR><LF>" (data 443:446, ACK 138, and a timestamp field > tht is unlike those of al other packets in the stream). > > - In the other trace, we see that the ACK and ".<CR><LF>" packets > are sent as one packet, with a normal timestamp field. > > - After this, the TCP connection is messed up, the server keeps > transmitting "Queued as xxx", and the client keeps transmitting > QUIT. > > This looks like the VPN mucks with TCP and screws up the protocol. > > Get a better VPN. If yiu must use the VPN, maybe sending SMTP over TLS > will change the problem. > > Wietse >