Postfix pix解决方法对于短邮件可以正常工作,但是对于长邮件则不起作用

时间:2019-07-15 22:16:05

标签: email postfix-mta mail-server

我的postfix发送电子邮件没有问题。但是一个客户端域启用了PIX解决方法。如果邮件是短邮件,则发送没有问题。但是,如果邮件很长-在日志文件中,我会看到“与clientdomain.ltd [xxx.xxx.xxx.xxx]的对话在发送数据结束时超时-消息可能会发送多次”

我的main.cf:

soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix

myhostname = mail.domain.ltd
mydomain = domain.ltd
myorigin = $myhostname

inet_interfaces = all
inet_protocols = ipv4

mydestination = localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8


alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

smtpd_banner = $myhostname ESMTP $mail_name

debug_peer_level = 2

debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
 mysql:/etc/postfix/mysql/virtual_alias_domain_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes

smtpd_helo_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_helo_hostname,
 reject_invalid_helo_hostname

smtpd_data_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_pipelining,
 reject_multi_recipient_bounce,

smtpd_sender_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_sender,
 reject_unknown_sender_domain

smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_multi_recipient_bounce permit_mynetworks permit_sasl_authenticated reject_unauth_destination

smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
smtpd_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
smtpd_tls_key_file = /etc/postfix/certs/privatekey.key
smtpd_tls_cert_file = /etc/postfix/certs/domain.crt


tls_random_source = dev:/dev/urandom

message_size_limit = 52428800
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 15
smtpd_error_sleep_time = 20
anvil_rate_time_unit = 60s
smtpd_client_connection_count_limit = 2000
smtpd_client_connection_rate_limit = 3000
smtpd_client_message_rate_limit = 3000
smtpd_client_event_limit_exceptions = 127.0.0.0/8
smtpd_client_connection_limit_exceptions = 127.0.0.0/8

smtp_data_xfer_timeout = 600s

smtp_pix_workaround_threshold_time = 0
smtp_pix_workaround_delay_time = 60s
smtp_pix_workarounds = disable_esmtp, delay_dotcrlf 
smtp_pix_workaround_maps =

maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth

virtual_mailbox_base = /mnt/mail
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = lmtp:unix:private/dovecot-lmtp
dovecot_destination_recipient_limit = 1

smtpd_relay_restrictions = permit

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
#smtpd_milters = unix:/var/run/opendkim/opendkim.sock
#non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
smtputf8_enable = no
compatibility_level = 2

在邮件日志中发送邮件之后:

from=<editor@domain.ltd>, size=251469, nrcpt=1 (queue active)
Jul 15 17:48:01 ml postfix/smtp[8619]: DC1D82094D36: enabling PIX workarounds: delay_dotcrlf for mail2.clientdomain.ltd[xxx.xxx.xxx.xxx]:25

Jul 15 17:59:01 ml postfix/smtp[8619]: DC1D82094D36: conversation with mail2.clientdomain.ltd[xxx.xxx.xxx.xxx] timed out while sending end of data -- message may be sent more than once

tcpdump的回显:

00:48:01.123738 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [.], seq 250447:251815, ack 244, win 65077, options [nop,nop,TS val 1117894080 ecr 2660205030], length 1368: SMTP: 
00:48:01.123854 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 251815:252087, ack 244, win 65077, options [nop,nop,TS val 1117894080 ecr 2660205030], length 272: SMTP: 21hcmtldC5tZCI+ZWRpdG9yQGluZm9tYXJr
00:49:01.118827 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 252087:252090, ack 244, win 65077, options [nop,nop,TS val 1117954075 ecr 2660205040], length 3: SMTP: .
00:59:01.128640 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118554085 ecr 2660265130], length 0
00:59:01.349462 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118554306 ecr 2660265130], length 0
00:59:01.573467 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118554530 ecr 2660265130], length 0
00:59:02.013475 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118554970 ecr 2660265130], length 0
00:59:02.949495 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118555906 ecr 2660265130], length 0
00:59:04.741485 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118557698 ecr 2660265130], length 0
00:59:08.261475 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118561218 ecr 2660265130], length 0
00:59:15.493503 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118568450 ecr 2660265130], length 0
00:59:29.829503 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118582786 ecr 2660265130], length 0
00:59:57.989510 IP ml.domain.ltd.56802 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 252090, ack 244, win 65077, options [nop,nop,TS val 1118610946 ecr 2660265130], length 0

此后,我收到消息“发送数据结束时超时”。

我将smtp_pix_workaround_threshold_time和smtp_pix_workaround_delay_time更改为许多值,但没有结果。

有什么想法吗? 谢谢。

0 个答案:

没有答案
相关问题
最新问题