sending email to Postfix SMTP: connection lost in middle of transaction without VPN - IPv6

Question

I connected an Postfix/Dovecot smtp server through an OpenVPN tunnel to an VPS to the Internet. When i send short (like 3-4 sentences) emails using my regular internet connection to it (Port 587), it works fine. But if my emails are longer, Thunderbird throws an connection lost in middle of transaction error. If i connect my machine to the same VPN&VPS, sending works just fine. All machines are running Dual Stack, also the the VPS & OpenVPN tunnel (using tun, no tap). Receiving long emails from other email-servers works just fine. How can i fix the issue? All servers are running on Debian 9, Client is running Win10.
Thi issue arises on IPv6 only. So far i've only tested it from my home network. tun-mtu is set to 1280 now. tracepath correctly recognizes the set MTU.
Here are my ip6tables:

# Generated by ip6tables-save v1.6.0 on Tue Mar 27 23:51:39 2018
*filter
:INPUT ACCEPT [5:608]
:FORWARD ACCEPT [1217:402964]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun+ -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o tun+ -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p ipv6-icmp -j ACCEPT
-A FORWARD -s [MYSUBNET]/64 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p ipv6-icmp -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT

Answer 1

I'm with @CraigMiskell on this: if P-MTU is broken in your network (due to inherent "anisotropy" of IP network, it may be broken in one direction but not the other), this may result in big IP segments being dropped somewhere in the middle with ICMP messages about that not reaching your stack back. Try starting here.

Another possibility may be that you are overly defensive in the settings of whatever thing firewalls your private network. Say, with the Linux's Netfilter people tend to have something like

iptables -L INPUT -P DROP
iptables -L INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT

(and ditto for FORWARD) — forgetting to also mention state RELATED in that "enabling" rule — and hence forbidding for ICMP messages related to a TCP connection to reach the local network stack.

Check you wasn't overly restrictive on this front.

Things to learn about: P-MTU, P-MTU discovery, ICMP "can't fragment" message, TCP MSS.