Hello,
I picked something up in the news lately, google said with "ip data packet size
russian capped":
In Russia, Internet access for users connecting to websites protected by
Cloudflare is currently being throttled by local ISPs, limiting users to the
first 16 KB of web assets, effectively hindering navigation. This throttling is
happening because of actions taken by Russian ISPs, not Cloudflare, and is
outside of their control.
Here's a more detailed breakdown:
Throttling:
Russian ISPs are intentionally slowing down internet speeds for users
accessing certain websites, notably those protected by Cloudflare.
Data Packet Size Limitation:
This throttling effectively limits the size of data packets that can be
loaded to just 16 KB.
Consequences:
This restriction significantly impairs the ability to load and interact
with most web pages, as they often exceed this 16 KB limit.
External Control:
The throttling is occurring on the ISP level, meaning Cloudflare has no
control over it.
So perhaps this has been extended beyond 80/443 traffic? The mail sizes exceed
this tcp 16kb cap? A telnet test is small in size.
Am 15.07.2025 um 17:37 schrieb Curtis Vaughan via Postfix-users:
We've been postfix pretty much forever, but suddenly a new problem has arisen,
for which I haven't been able to find a solution. The postfix server is located
in the USA. A lot of mail goes to Russian addresses and it is to those
addresses that the issue is arising. The biggest problem is to a mail server at
83.222.5.141, which may actually be in Uzbekistan, although it is for a Russian
company.
Here's the error, which started about a week ago. This is for outgoing mail,
btw.
status=deferred (conversation with satcomdv.ru[83.222.5.141] timed out while
receiving the initial server greeting)
However, if I telnet on port 25 from the postfix server I can send a message.
The responses are quite slow, but works.
In case this helps:
postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 3.6
content_filter = smtp-amavis:[127.0.0.1]:10024
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m
"${EXTENSION}"
mailbox_size_limit = 20971520000
mailq_path = /usr/bin/mailq.postfix
message_size_limit = 10737418240
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
mydomain = ******.com
myhostname = mail.******.com
mynetworks = 10.0.1.0/24, 127.0.0.1/32, [::1]/128
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
relay_domains = $mydomain, $mydestination, $virtual_alias_maps
setgid_group = postdrop
smtp_connect_timeout = 120s
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_discard_ehlo_keywords = chunking
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
smtpd_milters = inet:localhost:8891
smtpd_recipient_limit = 1000
smtpd_recipient_restrictions = check_sender_access
hash:/etc/postfix/sender_access, check_sender_access
regexp:/etc/postfix/sender_access_regexp, permit_mynetworks,
check_client_access hash:/etc/postfix/blacklist_malware_patrol,
check_client_access cidr:/etc/postfix/client_checks, reject_unauth_pipelining,
permit_sasl_authenticated, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unauth_destination, reject_rhsbl_helo
dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, check_policy_service
inet:127.0.0.1:10023, check_policy_service unix:private/policyd-spf, permit
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unknown_sender_domain, reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname
smtpd_timeout = 900
smtpd_tls_CAfile = /etc/ssl/certs/smtp.*****.com.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/server.pem
smtpd_tls_key_file = /etc/ssl/private/domain.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
Curtis Vaughan
IT Administrator/Director of Communications & Purchasing
North Pacific Corporation
Phone: 206-423-6979 ▪ Web: www.npc-usa.com
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
