On 18. 05. 2017 21:14, Tomaž Šolc wrote: > after upgrading a mail server to the recent 8.8 Jessie point release > my monitoring showed a significantly decreased amount of inbound > SMTP traffic. Specifically, after rebooting for kernel upgrade from > linux-image-3.16.0-4-686-pae 3.16.39-1+deb8u2 to 3.16.43-2 Just a quick follow-up regarding this issue, in case someone encounters something similar. After some more testing I upgraded the kernel on the server back to 3.16.43-2 (with no changes to iptables) and after two days there is no sign of dropped SYN-ACK packets. I was previously seeing ~5000 dropped packets per day. A review of the log files showed that in fact no incoming IPv4 TCP connections succeeded while the bug was in effect. All mail that was delivered during that time was delivered over IPv6. I was wrong in thinking that some IPv4 connections worked. Since I can't reproduce it, my only theory at this point is that this was a bug somewhere triggered by some rare condition at boot. Either in my iptables setup or netfilter. It's likely that a simple reboot would help. Best regards Tomaž
Attachment:
signature.asc
Description: OpenPGP digital signature