Мой постфикс отправил почту без проблем. Но один клиентский домен включил обходные пути PIX. Если почтовое сообщение короткое, почта отправляется без проблем. Но если почта длинная - в файле журнала я вижу «время разговора с clientdomain.ltd [xxx.xxx.xxx.xxx] истекло при отправке конца данных - сообщение может быть отправлено более одного раза»
Мой main.cf:
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.domain.ltd
mydomain = domain.ltd
myorigin = $myhostname
inet_interfaces = all
inet_protocols = ipv4
mydestination = localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
mysql:/etc/postfix/mysql/virtual_alias_domain_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname
smtpd_data_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_multi_recipient_bounce permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
smtpd_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
smtpd_tls_key_file = /etc/postfix/certs/privatekey.key
smtpd_tls_cert_file = /etc/postfix/certs/domain.crt
tls_random_source = dev:/dev/urandom
message_size_limit = 52428800
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 15
smtpd_error_sleep_time = 20
anvil_rate_time_unit = 60s
smtpd_client_connection_count_limit = 2000
smtpd_client_connection_rate_limit = 3000
smtpd_client_message_rate_limit = 3000
smtpd_client_event_limit_exceptions = 127.0.0.0/8
smtpd_client_connection_limit_exceptions = 127.0.0.0/8
smtp_data_xfer_timeout = 600s
smtp_pix_workaround_threshold_time = 0
smtp_pix_workaround_delay_time = 60s
smtp_pix_workarounds = disable_esmtp, delay_dotcrlf
smtp_pix_workaround_maps =
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_mailbox_base = /mnt/mail
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = lmtp:unix:private/dovecot-lmtp
dovecot_destination_recipient_limit = 1
smtpd_relay_restrictions = permit
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
#smtpd_milters = unix:/var/run/opendkim/opendkim.sock
#non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
smtputf8_enable = no
compatibility_level = 2
После отправки почты в maillog:
from=<editor@domain.ltd>, size=251469, nrcpt=1 (queue active)
Jul 15 17:48:01 ml postfix/smtp[8619]: DC1D82094D36: enabling PIX workarounds: delay_dotcrlf for mail2.clientdomain.ltd[xxx.xxx.xxx.xxx]:25
Jul 15 17:59:01 ml postfix/smtp[8619]: DC1D82094D36: conversation with mail2.clientdomain.ltd[xxx.xxx.xxx.xxx] timed out while sending end of data -- message may be sent more than once
Эхо tcpdump:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp3s2, link-type EN10MB (Ethernet), capture size 262144 bytes
13:49:02.177954 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [S], seq 3092765430, win 65320, options [mss 1420,sackOK,TS val 1251155134 ecr 0], length 0
13:49:02.181388 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [S.], seq 2876656651, ack 3092765431, win 65535, options [mss 1380,sackOK,TS val 3679205706 ecr 1251155134], length 0
13:49:02.181464 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 1, win 65320, options [nop,nop,TS val 1251155138 ecr 3679205706], length 0
13:49:07.195630 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 1:39, ack 1, win 65535, options [nop,nop,TS val 3679210726 ecr 1251155138], length 38: SMTP: 220 ********************************
13:49:07.195731 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 39, win 65282, options [nop,nop,TS val 1251160152 ecr 3679210726], length 0
13:49:07.195918 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 1:24, ack 39, win 65282, options [nop,nop,TS val 1251160152 ecr 3679210726], length 23: SMTP: HELO ml.domain.ltd
13:49:07.199138 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 39:105, ack 24, win 65535, options [nop,nop,TS val 3679210726 ecr 1251160152], length 66: SMTP: 250 mail2.clientdomain.ltd Hello ml.domain.ltd [188.138.242.100]
13:49:07.199200 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 105, win 65216, options [nop,nop,TS val 1251160156 ecr 3679210726], length 0
13:49:07.199293 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 24:58, ack 105, win 65216, options [nop,nop,TS val 1251160156 ecr 3679210726], length 34: SMTP: MAIL FROM:<editor@domain.ltd>
13:49:07.202417 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 105:113, ack 58, win 65535, options [nop,nop,TS val 3679210726 ecr 1251160156], length 8: SMTP: 250 OK
13:49:07.202462 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 113, win 65208, options [nop,nop,TS val 1251160159 ecr 3679210726], length 0
13:49:07.202528 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 58:94, ack 113, win 65208, options [nop,nop,TS val 1251160159 ecr 3679210726], length 36: SMTP: RCPT TO:<ochiseliov@clientdomain.ltd>
13:49:07.210169 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 113:127, ack 94, win 65535, options [nop,nop,TS val 3679210736 ecr 1251160159], length 14: SMTP: 250 Accepted
13:49:07.210397 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 94:100, ack 127, win 65194, options [nop,nop,TS val 1251160167 ecr 3679210736], length 6: SMTP: DATA
13:49:07.214065 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 127:183, ack 100, win 65535, options [nop,nop,TS val 3679210746 ecr 1251160167], length 56: SMTP: 354 Enter message, ending with "." on a line by itself
13:49:07.214461 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], seq 100:1468, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1368: SMTP: Received: by ml.domain.ltd (Postfix, from userid 89)
13:49:07.214470 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], seq 1468:2836, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1368: SMTP: 0
13:49:07.214475 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 2836:4196, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1360: SMTP: RiyDQmNCz
13:49:07.214518 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], seq 4196:5564, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1368: SMTP: yMDE4INCzLiDQstGL0YDQvtGB0LvQsCDQvdCwIDYsMSUg0L/QviDR
...
13:49:09.260962 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 271374:271377, ack 183, win 65138, options [nop,nop,TS val 1251162217 ecr 3679210806], length 3: SMTP: .
13:49:09.363649 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [.], ack 271377, win 65535, options [nop,nop,TS val 3679212896 ecr 1251162217], length 0
13:54:09.293707 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251462250 ecr 3679212896], length 0
13:54:09.517460 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251462474 ecr 3679212896], length 0
13:54:09.741465 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251462698 ecr 3679212896], length 0
13:54:10.189463 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251463146 ecr 3679212896], length 0
13:54:11.109492 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251464066 ecr 3679212896], length 0
13:54:12.901497 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251465858 ecr 3679212896], length 0
13:54:16.485466 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251469442 ecr 3679212896], length 0
13:54:24.037500 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251476994 ecr 3679212896], length 0
13:54:38.373483 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251491330 ecr 3679212896], length 0
13:55:07.045496 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251520002 ecr 3679212896], length 0
После этого я получил сообщение «Истекло время при отправке конца данных».
Я изменил smtp_pix_workaround_threshold_time и smtp_pix_workaround_delay_time на множество значений, но безрезультатно.
Любые идеи? Спасибо.