Topic: POP3 mail downloads

[ivan]

Hi all



I wonder if you could assist:

I have a funny problem on an SME7.3 server in server gateway mode and in private server gateway mode.

Problem:
I need my client to download POP3 mail from an ISP directly that is not using SME as the mail server but the client times out and the mail
is not downloaded.
I can browse the web and do a telnet to the target ISP server,  so connection is fine.
A packet capture reveals that the client auth's with the mail server and gets a mail list but gets no reply when when requesting a mail download (POP RETR command). This problems does not exist if I remove the SME server and connect directly with the client to the ISP.

Does any one have some insight into this?

Thanks advance.
Regards Ivan

[CharlieBrady]

A packet capture reveals that the client auth's with the mail server and gets a mail list but gets no reply when when requesting a mail download (POP RETR command). This problems does not exist if I remove the SME server and connect directly with the client to the ISP.

Does any one have some insight into this?

My guess is that somewhere between the client and the ISP's pop server ICMP fragmentation required messages are being dropped, the pop server is sending data in packets too large to get through to the client without fragmentation, and isn't getting the message to try again with smaller packets. Google for PMTU discovery and ICMP for more details.

[ivan]

Thanks Charlie Brady

I will research this, seem most likely to be the issue.
I Think SME is filtering the ICMP fragment messages out. I will look for a fix and drop it back here when it works.
 
Thanks for the help. 

[ivan]

The issue was that the SME iptables firewall filter ICMP this prevents the MTU negotiation for packet fragmentation (PMTU) from reaching the client here is a link that tells the full story.
http://tldp.org/HOWTO/IP-Masquerade-HOWTO/mtu-issues.html

This line for iptables sorts out the issuse
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

On SME you will need to do this addition via the custom templates.

Thanks
Charlie

[CharlieBrady]

The issue was that the SME iptables firewall filter ICMP this prevents the MTU negotiation for packet fragmentation

No, SME does not filter outbound fragmentation required ICMP. The problem is further upstream.

(PMTU) from reaching the client here is a link that tells the full story.
http://tldp.org/HOWTO/IP-Masquerade-HOWTO/mtu-issues.html

This line for iptables sorts out the issuse
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

On SME you will need to do this addition via the custom templates.

Please open a bug report (via the BUGS link, above) with full detail of this problem. Thanks.

[ivan]

Thanks Charlie will do.
Sorry for pre-empting things.