我正在运行 postfix/dovecot 电子邮件服务器。操作系统是 Ubuntu 18.04。我还使用 aws 作为中继主机来发送电子邮件,因为端口 25 被阻止。它运行良好,但我无法从某些域(例如 amazon 或我的某个托管服务提供商)接收电子邮件。其他域(例如 gmail 或 outlook)运行良好。知道为什么会发生这种情况吗?
以下是我的 postfix 配置。
##
## Network settings
##
mynetworks = 127.0.0.0/8 192.168.1.0/24
inet_interfaces = all
inet_protocols = ipv4
myhostname = mail.example.com
mydestination = localhost.$mydomain, localhost, localhost.localdomain
# Enable auth
smtp_sasl_auth_enable = yes
# Set username and password
smtp_sasl_password_maps = static:aws-username:aws-password
smtp_sasl_security_options = noanonymous
# Turn on tls encryption
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
# Set external SMTP relay host here IP or hostname accepted along with a port number.
relayhost = email-smtp.us-west-2.amazonaws.com:587
##
## Mail queue settings
##
maximal_queue_lifetime = 1h
bounce_queue_lifetime = 1h
maximal_backoff_time = 15m
minimal_backoff_time = 5m
queue_run_delay = 5m
##
## TLS settings
###
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
### Outbound SMTP connections (Postfix as sender)
#smtp_tls_security_level = dane
smtp_dns_support_level = dnssec
smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
### Inbound SMTP connections
smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_ciphers = high
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
##
## Local mail delivery to Dovecot via LMTP
##
virtual_transport = lmtp:unix:private/dovecot-lmtp
##
## Spam filter and DKIM signatures via Rspamd
##
smtpd_milters = inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept
##
## Server Restrictions for clients, cecipients and relaying
## (concerning S2S-connections. Mailclient-connections are configured in submission-section in master.cf)
##
### Conditions in which Postfix works as a relay. (for mail user clients)
smtpd_relay_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
### Conditions in which Postfix accepts e-mails as recipient (additional to relay conditions)
### check_recipient_access checks if an account is "sendonly"
smtpd_recipient_restrictions = check_recipient_access mysql:/etc/postfix/sql/recipient-access.cf
### Restrictions for all sending foreign servers ("SMTP clients")
smtpd_client_restrictions = permit_mynetworks
check_client_access hash:/etc/postfix/without_ptr
reject_unknown_client_hostname
### Foreign mail servers must present a valid "HELO"
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
# Block clients, which start sending too early
smtpd_data_restrictions = reject_unauth_pipelining
##
## Restrictions for MUAs (Mail user agents)
##
mua_relay_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
mua_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject
mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
##
## Postscreen Filter
##
### Postscreen Whitelist / Blocklist
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = drop
# Drop connections if other server is sending too quickly
postscreen_greet_action = drop
### DNS blocklists
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = ix.dnsbl.manitu.net*2
zen.spamhaus.org*2
postscreen_dnsbl_action = drop
##
## MySQL queries
##
virtual_alias_maps = mysql:/etc/postfix/sql/aliases.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql/accounts.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql/domains.cf
local_recipient_maps = $virtual_mailbox_maps
##
## Miscellaneous
##
### Maximum mailbox size (0=unlimited - is already limited by Dovecot quota)
mailbox_size_limit = 0
### Maximum size of inbound e-mails (50 MB)
message_size_limit = 52428800
### Do not notify system users on new e-mail
biff = no
### Users always have to provide full e-mail addresses
append_dot_mydomain = no
### Delimiter for "Address Tagging"
recipient_delimiter = +
这是我没有收到任何电子邮件的此类域名的日志。
Jun 3 13:29:36 mail postfix/smtpd[8301]: connect from mx01.simplyhosting.cloud[91.186.2.150]
Jun 3 13:29:37 mail postfix/smtpd[8301]: 76948C00234: client=mx01.simplyhosting.cloud[91.186.2.150]
Jun 3 13:34:37 mail postfix/smtpd[8301]: timeout after DATA (0 bytes) from mx01.simplyhosting.cloud[91.186.2.150]
Jun 3 13:34:37 mail postfix/smtpd[8301]: disconnect from mx01.simplyhosting.cloud[91.186.2.150] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4
答案1
问题解决了。我发现有问题的远程 smtp 服务器无法发送任何数据。它只是在握手后断开连接。一旦我添加了net.ipv4.tcp_window_scaling = 0在 /etc/sysctl.conf 中,我开始从上述域获取电子邮件。
更新:忘了提一下,我需要将服务器机器的默认 MTU 大小调整为 1492,这是我通过 ping google dns 服务器发现的。