Назад | Перейти на главную страницу

Обходной путь Postfix pix для короткой почты работает нормально, но для длинной почты не работает

Мой постфикс отправил почту без проблем. Но один клиентский домен включил обходные пути PIX. Если почтовое сообщение короткое, почта отправляется без проблем. Но если почта длинная - в файле журнала я вижу «время разговора с clientdomain.ltd [xxx.xxx.xxx.xxx] истекло при отправке конца данных - сообщение может быть отправлено более одного раза»

Мой main.cf:

soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix

myhostname = mail.domain.ltd
mydomain = domain.ltd
myorigin = $myhostname

inet_interfaces = all
inet_protocols = ipv4

mydestination = localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8


alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

smtpd_banner = $myhostname ESMTP $mail_name

debug_peer_level = 2

debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
 mysql:/etc/postfix/mysql/virtual_alias_domain_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes

smtpd_helo_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_helo_hostname,
 reject_invalid_helo_hostname

smtpd_data_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_pipelining,
 reject_multi_recipient_bounce,

smtpd_sender_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_sender,
 reject_unknown_sender_domain

smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_multi_recipient_bounce permit_mynetworks permit_sasl_authenticated reject_unauth_destination

smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
smtpd_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
smtpd_tls_key_file = /etc/postfix/certs/privatekey.key
smtpd_tls_cert_file = /etc/postfix/certs/domain.crt


tls_random_source = dev:/dev/urandom

message_size_limit = 52428800
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 15
smtpd_error_sleep_time = 20
anvil_rate_time_unit = 60s
smtpd_client_connection_count_limit = 2000
smtpd_client_connection_rate_limit = 3000
smtpd_client_message_rate_limit = 3000
smtpd_client_event_limit_exceptions = 127.0.0.0/8
smtpd_client_connection_limit_exceptions = 127.0.0.0/8

smtp_data_xfer_timeout = 600s

smtp_pix_workaround_threshold_time = 0
smtp_pix_workaround_delay_time = 60s
smtp_pix_workarounds = disable_esmtp, delay_dotcrlf 
smtp_pix_workaround_maps =

maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth

virtual_mailbox_base = /mnt/mail
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = lmtp:unix:private/dovecot-lmtp
dovecot_destination_recipient_limit = 1

smtpd_relay_restrictions = permit

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
#smtpd_milters = unix:/var/run/opendkim/opendkim.sock
#non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
smtputf8_enable = no
compatibility_level = 2

После отправки почты в maillog:

from=<editor@domain.ltd>, size=251469, nrcpt=1 (queue active)
Jul 15 17:48:01 ml postfix/smtp[8619]: DC1D82094D36: enabling PIX workarounds: delay_dotcrlf for mail2.clientdomain.ltd[xxx.xxx.xxx.xxx]:25

Jul 15 17:59:01 ml postfix/smtp[8619]: DC1D82094D36: conversation with mail2.clientdomain.ltd[xxx.xxx.xxx.xxx] timed out while sending end of data -- message may be sent more than once

Эхо tcpdump:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp3s2, link-type EN10MB (Ethernet), capture size 262144 bytes
13:49:02.177954 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [S], seq 3092765430, win 65320, options [mss 1420,sackOK,TS val 1251155134 ecr 0], length 0
13:49:02.181388 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [S.], seq 2876656651, ack 3092765431, win 65535, options [mss 1380,sackOK,TS val 3679205706 ecr 1251155134], length 0
13:49:02.181464 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 1, win 65320, options [nop,nop,TS val 1251155138 ecr 3679205706], length 0
13:49:07.195630 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 1:39, ack 1, win 65535, options [nop,nop,TS val 3679210726 ecr 1251155138], length 38: SMTP: 220 ********************************
13:49:07.195731 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 39, win 65282, options [nop,nop,TS val 1251160152 ecr 3679210726], length 0
13:49:07.195918 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 1:24, ack 39, win 65282, options [nop,nop,TS val 1251160152 ecr 3679210726], length 23: SMTP: HELO ml.domain.ltd
13:49:07.199138 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 39:105, ack 24, win 65535, options [nop,nop,TS val 3679210726 ecr 1251160152], length 66: SMTP: 250 mail2.clientdomain.ltd Hello ml.domain.ltd [188.138.242.100]
13:49:07.199200 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 105, win 65216, options [nop,nop,TS val 1251160156 ecr 3679210726], length 0
13:49:07.199293 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 24:58, ack 105, win 65216, options [nop,nop,TS val 1251160156 ecr 3679210726], length 34: SMTP: MAIL FROM:<editor@domain.ltd>
13:49:07.202417 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 105:113, ack 58, win 65535, options [nop,nop,TS val 3679210726 ecr 1251160156], length 8: SMTP: 250 OK
13:49:07.202462 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], ack 113, win 65208, options [nop,nop,TS val 1251160159 ecr 3679210726], length 0
13:49:07.202528 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 58:94, ack 113, win 65208, options [nop,nop,TS val 1251160159 ecr 3679210726], length 36: SMTP: RCPT TO:<ochiseliov@clientdomain.ltd>
13:49:07.210169 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 113:127, ack 94, win 65535, options [nop,nop,TS val 3679210736 ecr 1251160159], length 14: SMTP: 250 Accepted
13:49:07.210397 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 94:100, ack 127, win 65194, options [nop,nop,TS val 1251160167 ecr 3679210736], length 6: SMTP: DATA
13:49:07.214065 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [P.], seq 127:183, ack 100, win 65535, options [nop,nop,TS val 3679210746 ecr 1251160167], length 56: SMTP: 354 Enter message, ending with "." on a line by itself
13:49:07.214461 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], seq 100:1468, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1368: SMTP: Received: by ml.domain.ltd (Postfix, from userid 89)
13:49:07.214470 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], seq 1468:2836, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1368: SMTP: 0
13:49:07.214475 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 2836:4196, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1360: SMTP: RiyDQmNCz
13:49:07.214518 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [.], seq 4196:5564, ack 183, win 65138, options [nop,nop,TS val 1251160171 ecr 3679210746], length 1368: SMTP: yMDE4INCzLiDQstGL0YDQvtGB0LvQsCDQvdCwIDYsMSUg0L/QviDR

...

13:49:09.260962 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [P.], seq 271374:271377, ack 183, win 65138, options [nop,nop,TS val 1251162217 ecr 3679210806], length 3: SMTP: .
13:49:09.363649 IP mail2.clientdomain.ltd.smtp > ml.domain.ltd.43596: Flags [.], ack 271377, win 65535, options [nop,nop,TS val 3679212896 ecr 1251162217], length 0
13:54:09.293707 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251462250 ecr 3679212896], length 0
13:54:09.517460 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251462474 ecr 3679212896], length 0
13:54:09.741465 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251462698 ecr 3679212896], length 0
13:54:10.189463 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251463146 ecr 3679212896], length 0
13:54:11.109492 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251464066 ecr 3679212896], length 0
13:54:12.901497 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251465858 ecr 3679212896], length 0
13:54:16.485466 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251469442 ecr 3679212896], length 0
13:54:24.037500 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251476994 ecr 3679212896], length 0
13:54:38.373483 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251491330 ecr 3679212896], length 0
13:55:07.045496 IP ml.domain.ltd.43596 > mail2.clientdomain.ltd.smtp: Flags [F.], seq 271377, ack 183, win 65138, options [nop,nop,TS val 1251520002 ecr 3679212896], length 0

После этого я получил сообщение «Истекло время при отправке конца данных».

Я изменил smtp_pix_workaround_threshold_time и smtp_pix_workaround_delay_time на множество значений, но безрезультатно.

Любые идеи? Спасибо.