Need help troubleshooting mail server

As a workaround I’ve got it set up so that mail is received from my local WAN but still sent via the VPS. So far all the test e-mails are working, I’ll just have to wait and see if any of the missing e-mails start coming in… never mind I just got one.

But yeah at least the problem is narrowed down and I have a way to test it. I think I’m going to leave it for now and come back to it when I have more time, I’ve already spent most of the week on this.

Thanks for the help, I’ll get back to this soon

1 Like

You could try mss clamping as a workaround to pmtud being broken.

That’s what I plan on trying, at least it may help figure out if this really is an MTU problem. I don’t really understand why, if it is, that it can handle e-mail around 40kb but not 50kb.

I was hoping I’d come up with some more ideas to try before going back to it but so far adjusting the mss of the VPN is all I’ve got. It’s just weird that it’s worked fine for years and now is having problems.

is it up to date?

The VPS was on Ubuntu server 16.04, that’s been updated now but it didn’t seem to change anything, but I haven’t spent much time with it since updating.

Still no luck getting it working.

I’ve messed around with the MTU settings in openvpn and haven’t been able to make any difference at all. If i send myself a large e-mail from outside my network then it will timeout, but if I connect to the same VPN running on the VPS then it works. So I’m not sure if that proves anything but it would seem that it’s not the VPN which is causing this problem. So maybe it’s something going on with the internet connection for the VPS.

Just spent a part of the morning troubleshooting MTUs, and ended up doing MSS clamping. (Somehow I ended up with a tunnel over WiFi and misconfigured MTU for VLAN bridges).
I remembered this thread so I thought I’d report on what got things working better for me.

My ISP gives me 1500MTU, I tested this by doing ping -c1 -M do 1.1.1.1 -s 1472 from Linux, and saw it return. ICMP header is 8 bytes, IPv4 header is 20, this makes it up to a 1500byte MTU ethernet payload.

One thing I noticed was that MTU might not be symmetrical, you can run e.g. tcpdump -envi enp2s0f0 host 192.168.123.223 and greater 1400 for any large packets while you’re doing those pings, and it’ll show you packet lengths, but for pings you might notice a ping either 1) not go out 2) not come back.

This means you probably need to clamp (overwrite MSS) on both your syn as well as syn-ack packets in case of broken MTU discovery. In either case you never want to enlarge the already present MSS value.

I also need to think a little bit about RST packets, chances are they need to be taken care of as well.

I never figured out what the problem was but seems like the new pfsense update has fixed it :man_shrugging:

1 Like