Mails to a particular domain not delivered if size is above 1 Mb

Unanswered Question
Dec 22nd, 2009

Problem Statement : Mails to a particular domain 'B' not delivered if size is above 1 Mb. However the target domain 'B' receives mails from other domain without any problems

Our Network : Comprises of a sinlge 1700 Cisco Router. The network traffic includes SSL VPN tunnel also besides the regular FTP, http, SMTP.

Explanation : We noticed that mails to a particular domain 'B' was not getting delivered. On close scrutiny, we found that the window size was reducing as the mail was getting delivered. In all probability, this was attributed to a rougue router which was in the mail path.

MTU for our router happens to be about 1472, while the same is 1412 for the target domain 'B'.

Further, there were no rules in the content filtering tools at either end that was blocking the mail

One of the research led to a link http://www.postfix.org/faq.html. (Mail fails consistently with timeout or lost connection) This points to "ICMP MUST FRAGMENT" to be set on the router.

My quesiton is how do we trace this rouge router to enable the setting ?

Response much appreciated.

Thanks in advance.

Regards

Jagdish

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jaggi1234 Wed, 12/23/2009 - 01:41

Tried the tcp adjust-mss on the router with value 1300. I have tried from my side. Did not work. The problem still remains. Should the same be done on the target side also ?

jaggi1234 Wed, 12/23/2009 - 02:01

Here is the configuratiuon :

Current configuration : 910 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname accord
!
ip subnet-zero
ip name-server 164.164.4.5
ip name-server 164.164.128.16
!
!
isdn switch-type basic-net3
!
!
!
interface BRI0
ip address negotiated
encapsulation ppp
shutdown
dialer-group 1
isdn switch-type basic-net3
ppp authentication pap chap callin
!
interface FastEthernet0
description link to local LAN
ip address 164.164.96.177 255.255.255.240
speed auto
!
interface Serial0
ip address 164.164.100.54 255.255.255.252
!
interface Dialer1
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 164.164.100.53
no ip http server
!
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
line aux 0
line vty 0 4
  login
!
end

_____________________

Hope this helps...

Eugene Khabarov Wed, 12/23/2009 - 02:15

So this had no effect?

int F0

ip tcp adjust-mss 1300

end

try to use tracertoute and ping each hop with maximum allowed mtu and df bit set.

jaggi1234 Wed, 12/23/2009 - 02:44

Tracert results :

tracert 164.164.96.1

Tracing route to 164.164.96.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  kaveri.appsoft.accord.com [192.168.1.240]
  2     1 ms     1 ms     1 ms  164.164.96.177
  3    99 ms   104 ms   167 ms  164.164.100.53
  4   137 ms    67 ms    39 ms  164.164.96.1

Trace complete.

______________________

Ping Results :

ping -l 1472 -f 164.164.96.177

Pinging 164.164.96.177 with 1472 bytes of data:

Reply from 164.164.96.177: bytes=1472 time=2ms TTL=254
Reply from 164.164.96.177: bytes=1472 time=2ms TTL=254
Reply from 164.164.96.177: bytes=1472 time=2ms TTL=254
Reply from 164.164.96.177: bytes=1472 time=2ms TTL=254

Ping statistics for 164.164.96.177:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 2ms, Average = 2ms

------------------------------------------------------------------------------------------

ping -l 1472 -f 164.164.100.53

Pinging 164.164.100.53 with 1472 bytes of data:

Reply from 164.164.100.53: bytes=1472 time=60ms TTL=253
Reply from 164.164.100.53: bytes=1472 time=30ms TTL=253
Reply from 164.164.100.53: bytes=1472 time=25ms TTL=253
Reply from 164.164.100.53: bytes=1472 time=25ms TTL=253

Ping statistics for 164.164.100.53:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 25ms, Maximum = 60ms, Average = 35ms

-------------------------------------------------------------------------------------------

ping -l 1472 -f 164.164.96.1

Pinging 164.164.96.1 with 1472 bytes of data:

Reply from 164.164.96.1: bytes=1472 time=247ms TTL=252
Reply from 164.164.96.1: bytes=1472 time=223ms TTL=252
Reply from 164.164.96.1: bytes=1472 time=277ms TTL=252
Reply from 164.164.96.1: bytes=1472 time=223ms TTL=252

Ping statistics for 164.164.96.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 223ms, Maximum = 277ms, Average = 242ms

-------------------------------------------------------------------------------------------

ping -l 1500 -f 164.164.96.

Pinging 164.164.96.1 with 1500 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 164.164.96.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

-------------------------------------------------------------------------------------------------

jaggi1234 Thu, 01/07/2010 - 03:27

Hi,

Any updates on this ....?

Thanks in advance.

Regards

Jagdish

Actions

This Discussion

Related Content