On 2022-01-13, Crystal Kolipe <[email protected]> wrote: > On Thu, Jan 13, 2022 at 05:25:41PM +0000, Stuart Henderson wrote: >> On 2022/01/13 18:05, Leo Unglaub wrote: >> > Hey, >> > >> > On 11/01/2022 21:28, Stuart Henderson wrote: >> > > I bet it is MTU related. Try lowering MTU on that interface (you >> > > cannot do it separately for IPv4 and IPv6 so it will change both, >> > > but that's not likely to be a problem) and get someone who has >> > > seen the problems to re-test. >> > >> > thank you so much for your answer. I would have never ever thought about >> > the >> > MTU in this case. I used the default 1500. I talked to the technical >> > support >> > from the datacenter (Hetzner Online) and they asured me that 1500 is >> > correct. >> > >> > However, i have set the value to 1400 and asked some people who had the >> > issue to re-test it. I will post the results of the test here so other >> > people can find them via a search engine. >> > >> > Thank you so much, very kind of you! >> >> The possible issue is that many people (especially people connecting >> over tunnels, but also those on pppoe) are on lower MTUs than this. >> Normally this is OK as fragmentation-needed messages will sort things >> out but sometimes firewalls are not be configured to pass these which >> will cause problems. If that _is_ what's happening then there are >> other ways to fix it but changing MTU is often the easiest one that >> you can do yourself. > > Well, I can connect to his server using: > > openssl s_client -starttls smtp -connect mail.unglaub.at:25 > > The handshake completes and I'm able to issue smtp commands. > > However smtpd always reports that opportunistic TLS failed, and > downgrades to plaintext.
That hostname doesn't match the certificate, it should validate ok for storm-peaks.northrend.azeroth.wow-data.net (I also checked with -servername to send SNI). There's no difference between v4 and v6 for that though.
