Postfix pix 解决方法对于短邮件有效,但对于长邮件无效,

tag-icon tag-icon postfix email-server cisco-asa cisco-pix
Postfix pix 解决方法对于短邮件有效,但对于长邮件无效,

我的 postfix 发送电子邮件没有问题。但一个客户端域启用了 PIX 解决方法。如果邮件消息很短,则发送邮件没有问题。但如果邮件很长 - 在日志文件中我看到“与 clientdomain.ltd[xxx.xxx.xxx.xxx] 的对话在发送数据结尾时超时 - 消息可能发送多次”

我的main.cf:

soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix

myhostname = mail.domain.ltd
mydomain = domain.ltd
myorigin = $myhostname

inet_interfaces = all
inet_protocols = ipv4

mydestination = localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8


alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

smtpd_banner = $myhostname ESMTP $mail_name

debug_peer_level = 2

debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
 mysql:/etc/postfix/mysql/virtual_alias_domain_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes

smtpd_helo_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_helo_hostname,
 reject_invalid_helo_hostname

smtpd_data_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_pipelining,
 reject_multi_recipient_bounce,

smtpd_sender_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_sender,
 reject_unknown_sender_domain

smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_multi_recipient_bounce permit_mynetworks permit_sasl_authenticated reject_unauth_destination

smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
smtpd_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
smtpd_tls_key_file = /etc/postfix/certs/privatekey.key
smtpd_tls_cert_file = /etc/postfix/certs/domain.crt


tls_random_source = dev:/dev/urandom

message_size_limit = 52428800
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 15
smtpd_error_sleep_time = 20
anvil_rate_time_unit = 60s
smtpd_client_connection_count_limit = 2000
smtpd_client_connection_rate_limit = 3000
smtpd_client_message_rate_limit = 3000
smtpd_client_event_limit_exceptions = 127.0.0.0/8
smtpd_client_connection_limit_exceptions = 127.0.0.0/8

smtp_data_xfer_timeout = 600s

smtp_pix_workaround_threshold_time = 0
smtp_pix_workaround_delay_time = 60s
smtp_pix_workarounds = disable_esmtp, delay_dotcrlf 
smtp_pix_workaround_maps =

maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth

virtual_mailbox_base = /mnt/mail
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = lmtp:unix:private/dovecot-lmtp
dovecot_destination_recipient_limit = 1

smtpd_relay_restrictions = permit

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
#smtpd_milters = unix:/var/run/opendkim/opendkim.sock
#non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
smtputf8_enable = no
compatibility_level = 2

发送邮件后在邮件日志中:

from=<[email protected]>, size=251469, nrcpt=1 (queue active)
Jul 15 17:48:01 ml postfix/smtp[8619]: DC1D82094D36: enabling PIX workarounds: delay_dotcrlf for mail2.clientdomain.ltd[xxx.xxx.xxx.xxx]:25

Jul 15 17:59:01 ml postfix/smtp[8619]: DC1D82094D36: conversation with mail2.clientdomain.ltd[xxx.xxx.xxx.xxx] timed out while sending end of data -- message may be sent more than once

tcpdump 的回显:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp3s2, link-type EN10MB (Ethernet), capture size 262144 bytes
13:49:02.177954 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [S], seq 3092765430, win 65320, options [mss 1420,sackOK,TS val 1251155134 ecr 0], length 0
13:49:02.181388 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [S.], seq 2876656651, ack 3092765431, win 65535, options [mss 1380,sackOK,TS val 3679205706 ecr 1251155134], length 0
13:49:02.181464 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 1, win 65320, options [nop,nop,TS val 1251155138 ecr 3679205706], length 0
13:49:07.195630 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 1:39, ack 1, win 65535, options [nop,nop,TS val 3679210726 ecr 1251155138], length 38: SMTP: 220 ********************************
13:49:07.195731 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 39, win 65282, options [nop,nop,TS val 1251160152 ecr 3679210726], length 0
13:49:07.195918 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 1:24, ack 39, win 65282, options [nop,nop,TS val 1251160152 ecr 3679210726], length 23: SMTP: HELO ml.domain.ltd
13:49:07.199138 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 39:105, ack 24, win 65535, options [nop,nop,TS val 3679210726 ecr 1251160152], length 66: SMTP: 250 mail2.clientdomain.ltd Hello ml.domain.ltd [188.138.242.100]
13:49:07.199200 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 105, win 65216, options [nop,nop,TS val 1251160156 ecr 3679210726], length 0
13:49:07.199293 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 24:58, ack 105, win 65216, options [nop,nop,TS val 1251160156 ecr 3679210726], length 34: SMTP: MAIL FROM:<[email protected]>
13:49:07.202417 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 105:113, ack 58, win 65535, options [nop,nop,TS val 3679210726 ecr 1251160156], length 8: SMTP: 250 OK
13:49:07.202462 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 113, win 65208, options [nop,nop,TS val 1251160159 ecr 3679210726], length 0
13:49:07.202528 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 58:94, ack 113, win 65208, options [nop,nop,TS val 1251160159 ecr 3679210726], length 36: SMTP: RCPT TO:<[email protected]>
13:49:07.210169 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 113:127, ack 94, win 65535, options [nop,nop,TS val 3679210736 ecr 1251160159], length 14: SMTP: 250 Accepted
13:49:07.210397 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 94:100, ack 127, win 65194, options [nop,nop,TS val 1251160167 ecr 3679210736], length 6: SMTP: DATA
13:49:07.214065 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 127:183, ack 100, win 65535, options [nop,nop,TS val 3679210746 ecr 1251160167], length 56: SMTP: 354 Enter message, ending with "." on a line by itself
13:49:07.214461 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], seq 100:1468, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1368: SMTP: Received: by ml.domain.ltd (Postfix, from userid 89)
13:49:07.214470 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], seq 1468:2836, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1368: SMTP: 0
13:49:07.214475 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 2836:4196, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1360: SMTP: RiyDQmNCz
13:49:07.214518 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], seq 4196:5564, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1368: SMTP: yMDE4INCzLiDQstGL0YDQvtGB0LvQsCDQvdCwIDYsMSUg0L/QviDR

...

13:49:09.260962 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 271374:271377, ack 183, win 65138, options [nop,nop,TS val 1251162217 ecr 3679210806], length 3: SMTP: .
13:49:09.363649 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [.], ack 271377, win 65535, options [nop,nop,TS val 3679212896 ecr 1251162217], length 0
13:54:09.293707 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251462250 ecr 3679212896], length 0
13:54:09.517460 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251462474 ecr 3679212896], length 0
13:54:09.741465 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251462698 ecr 3679212896], length 0
13:54:10.189463 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251463146 ecr 3679212896], length 0
13:54:11.109492 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251464066 ecr 3679212896], length 0
13:54:12.901497 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251465858 ecr 3679212896], length 0
13:54:16.485466 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251469442 ecr 3679212896], length 0
13:54:24.037500 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251476994 ecr 3679212896], length 0
13:54:38.373483 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251491330 ecr 3679212896], length 0
13:55:07.045496 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251520002 ecr 3679212896], length 0

此后我收到消息“发送数据结束时超时”。

我将 smtp_pix_workaround_threshold_time 和 smtp_pix_workaround_delay_time 更改为许多值,但没有结果。

有什么想法吗?谢谢。

相关内容