Hi, At times, my sendmail servers produce the following errors:
Aug 4 23:45:14 mailserver sendmail[30701]: o74DYEfr030701: SYSERR(root): collect: I/O error on connection from mail.somedomain.com, from=<[email protected]> I've read up on this error extensively and based on what various people say, it's network related as discussed here: http://www.experts-exchange.com/OS/Unix/Q_24484577.html (The expert comment right at the bottom of the page). I just need to verify a bit discussed in the link above, specifically this bit here: * A firewall/router which is blocking ICMP packets which are used to tell a remote host that it's hit a smaller MTU and will need to send smaller packets. ("Fragmentation Required but DF bit set") I'm using shorewall 4.0.10. In my shorewall rules, I have this set: AllowICMPs/ACCEPT net $FW AllowICMPs/ACCEPT net loc All my mail servers exist in the "loc" zone. The AllowICMPs macro contains: # cat macro.AllowICMPs # # Shorewall version 4 - AllowICMPs Macro # # /usr/share/shorewall/macro.AllowICMPs # # This macro ACCEPTs needed ICMP types # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ACCEPT - - icmp fragmentation-needed ACCEPT - - icmp time-exceeded #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE So is this enough to guarantee that the MTU discovery process that is meant to take place between source (them) and destination (me) is actually working? This sendmail SYSERR is annoying as it will show up for a week (from one particular source where no mail will ever come from them - while most other sources remain fine) and then go away for months while it works fine, then come back for no apparent reason from the same sending source for another few days or a week, then go away again. Thanks. Michael. ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
