<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Don’t suppose your client has a spam filtering appliance/device/product that is performing packet/protocol inspection on smtp?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">If so, try turning it off temporarily (the packet inspection, not the whole service). Ive seen some nasty issues which sound very similar
to your description caused by smtp protocol inspection. Seems to do more harm than good.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Seamus<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> AusNOG [mailto:ausnog-bounces@lists.ausnog.net]
<b>On Behalf Of </b>Damien Gardner Jnr<br>
<b>Sent:</b> Wednesday, 3 June 2015 8:44 AM<br>
<b>To:</b> ausnog@lists.ausnog.net<br>
<b>Subject:</b> [AusNOG] MTU debugging? (Or possibly just a fault with Amazon SES?)<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi Folks,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">This one is doing my head in somewhat. I have a customer who needs to receive emails from a body who use Amazon SES in the US to send emails. I can see the connections coming into the customer mailserver, however they then timeout with
no data after connecting.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If I send various sized pings from amazon and linode instances in the US, they work perfectly up until the point where they hit the MTU of our US->AU tunnel, and then get back a Frag-Needed packet, so that's all working perfectly as expected.
e.g.:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">ubuntu@ip-172-31-4-204:~$ ping -M do -s 1425 <a href="http://plesk03.rendrag.net.au">
plesk03.rendrag.net.au</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">PING <a href="http://plesk03.rendrag.net.au">plesk03.rendrag.net.au</a> (103.235.52.251) 1425(1453) bytes of data.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">From <a href="http://rtr01-e0.lax01.ca.rendrag.net.au">rtr01-e0.lax01.ca.rendrag.net.au</a> (174.136.108.50) icmp_seq=1 Frag needed and DF set (mtu = 1452)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">ping: local error: Message too long, mtu=1452<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">ping: local error: Message too long, mtu=1452<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">ubuntu@ip-172-31-4-204:~$ ping -M do -s 1424 <a href="http://plesk03.rendrag.net.au">
plesk03.rendrag.net.au</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">PING <a href="http://plesk03.rendrag.net.au">plesk03.rendrag.net.au</a> (103.235.52.251) 1424(1452) bytes of data.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">1432 bytes from <a href="http://plesk03.rendrag.net.au">plesk03.rendrag.net.au</a> (103.235.52.251): icmp_seq=1 ttl=111 time=167 ms<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">1432 bytes from <a href="http://plesk03.rendrag.net.au">plesk03.rendrag.net.au</a> (103.235.52.251): icmp_seq=2 ttl=111 time=170 ms<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">As as far as I can see, things are working as they should. However the body using Amazon SES has contacted Amazon support and received a 'This usually signifies an MTU misconfiguration on the remote end, we cannot help with this' reply.
Which leaves me at something of a stalemate..<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Are there any other tests I can run to make sure it's not my issue?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I can pull down files no problems at all with http, torrents, etc. Although one interesting exception is that speedtest does not work - https requests to
<a href="http://c.speedtest.net">c.speedtest.net</a> just block after the initial request with no response until the connection is brought down by RST. (Although that happens in multiple regions in my upstreams' network as well, so I've been assuming it was
a problem with speedtest for the last 6 months..)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Any ideas?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<p>Damien Gardner Jnr<br>
VK2TDG. Dip EE. GradIEAust<br>
<a href="mailto:rendrag@rendrag.net" target="_blank">rendrag@rendrag.net</a> - <a href="http://www.rendrag.net/" target="_blank">http://www.rendrag.net/</a><u><br>
</u>--<br>
We rode on the winds of the rising storm,<br>
We ran to the sounds of thunder.<br>
We danced among the lightning bolts,<br>
and tore the world asunder<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>