3

У меня есть Ubuntu box за маршрутизатором (Asus RT-N13U), порт 25 перенаправляется в ящик с маршрутизатора через функцию VirtualServer на маршрутизаторе.

Проблема в том, что некоторые клиенты (здесь host.ru) не могут доставлять почту на ящик (example.com).

Из mail.log на example.com (кто получает):

timeout after DATA (0 bytes) from host.ru[77.77.77.77]

Из mail.log на host.ru (отправитель):

to=<serafim@example.com>, relay=mx.example.com[80.80.80.80]:25, delay=12045, delays=11744/0.01/0.55/300, dsn=4.4.2, status=deferred (host mx.example.com[80.80.80.80] said: 421 4.4.2 mx.example.com Error: timeout exceeded (in reply to end of DATA command))

uname -a

Linux example 3.2.0-35-generic #55-Ubuntu SMP Wed Dec 5 17:42:16 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

sudo tcpdump хост host.ru

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:55:57.023757 IP host.ru.53602 > 192.168.1.100.smtp: Flags [S], seq 3178988342, win 5840, options [mss 1460,sackOK,TS val 111604716 ecr 0,nop,wscale 7], length 0
13:55:57.023778 IP 192.168.1.100.smtp > host.ru.53602: Flags [S.], seq 2583405147, ack 3178988343, win 14480, options [mss 1460,sackOK,TS val 280281936 ecr 111604716], length 0
13:55:57.066389 IP host.ru.53602 > 192.168.1.100.smtp: Flags [.], ack 1, win 5840, options [nop,nop,TS val 111604727 ecr 280281936], length 0
13:55:57.080032 IP 192.168.1.100.smtp > host.ru.53602: Flags [P.], seq 1:36, ack 1, win 14480, options [nop,nop,TS val 280281950 ecr 111604727], length 35
13:55:57.123961 IP host.ru.53602 > 192.168.1.100.smtp: Flags [.], ack 36, win 5840, options [nop,nop,TS val 111604741 ecr 280281950], length 0
13:55:57.123974 IP host.ru.53602 > 192.168.1.100.smtp: Flags [P.], seq 1:23, ack 36, win 5840, options [nop,nop,TS val 111604741 ecr 280281950], length 22
13:55:57.123981 IP 192.168.1.100.smtp > host.ru.53602: Flags [.], ack 23, win 14480, options [nop,nop,TS val 280281961 ecr 111604741], length 0
13:55:57.124066 IP 192.168.1.100.smtp > host.ru.53602: Flags [P.], seq 36:218, ack 23, win 14480, options [nop,nop,TS val 280281961 ecr 111604741], length 182
13:55:57.167559 IP host.ru.53602 > 192.168.1.100.smtp: Flags [P.], seq 23:142, ack 218, win 6432, options [nop,nop,TS val 111604752 ecr 280281961], length 119
13:55:57.175227 IP 192.168.1.100.smtp > host.ru.53602: Flags [P.], seq 218:283, ack 142, win 14480, options [nop,nop,TS val 280281974 ecr 111604752], length 65
13:55:57.221532 IP host.ru.53602 > 192.168.1.100.smtp: Flags [P.], seq 3038:4078, ack 283, win 6432, options [nop,nop,TS val 111604765 ecr 280281974], length 1040
13:55:57.221551 IP 192.168.1.100.smtp > host.ru.53602: Flags [.], ack 142, win 14480, options [nop,nop,TS val 280281985 ecr 111604752,nop,nop,sack 1 {3038:4078}], length 0
^C
12 packets captured
14 packets received by filter
0 packets dropped by kernel

sudo tcpdump - хост host.ru

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:20:16.612887 IP host.ru.57231 > 192.168.1.100.smtp: Flags [S], seq 1608703986, win 5840, options [mss 1460,sackOK,TS val 111969611 ecr 0,nop,wscale 7], length 0
E..<Z.@.7.{.M_^....d...._............:.........
...K........
14:20:16.612917 IP 192.168.1.100.smtp > host.ru.57231: Flags [S.], seq 1579317444, ack 1608703987, win 14480, options [mss 1460,sackOK,TS val 280646833 ecr 111969611], length 0
E..8..@.@..?...dM_^.....^"x._.....8.m..........
..T....K
14:20:16.656975 IP host.ru.57231 > 192.168.1.100.smtp: Flags [.], ack 1, win 5840, options [nop,nop,TS val 111969622 ecr 280646833], length 0
E..4Z.@.7.{.M_^....d...._...^"x.....
......
...V..T.
14:20:16.670621 IP 192.168.1.100.smtp > host.ru.57231: Flags [P.], seq 1:36, ack 1, win 14480, options [nop,nop,TS val 280646847 ecr 111969622], length 35
E..W,y@.@......dM_^.....^"x._.....8.m......
..T....V220 mx.example.com ESMTP Postfix

14:20:16.714676 IP host.ru.57231 > 192.168.1.100.smtp: Flags [.], ack 36, win 5840, options [nop,nop,TS val 111969637 ecr 280646847], length 0
E..4Z.@.7.{.M_^....d...._...^"x.....
X.....
...e..T.
14:20:16.714875 IP host.ru.57231 > 192.168.1.100.smtp: Flags [P.], seq 1:23, ack 36, win 5840, options [nop,nop,TS val 111969637 ecr 280646847], length 22
E..JZ.@.7.{qM_^....d...._...^"x............
...e..T.EHLO host.ru

14:20:16.714890 IP 192.168.1.100.smtp > host.ru.57231: Flags [.], ack 23, win 14480, options [nop,nop,TS val 280646859 ecr 111969637], length 0
E..4,z@.@......dM_^.....^"x._.. ..8.m......
..T....e
14:20:16.715010 IP 192.168.1.100.smtp > host.ru.57231: Flags [P.], seq 36:218, ack 23, win 14480, options [nop,nop,TS val 280646859 ecr 111969637], length 182
E...,{@.@......dM_^.....^"x._.. ..8.n].....
..T....e250-mx.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

14:20:16.758845 IP host.ru.57231 > 192.168.1.100.smtp: Flags [P.], seq 23:142, ack 218, win 6432, options [nop,nop,TS val 111969648 ecr 280646859], length 119
E...Z.@.7.{.M_^....d...._.. ^"y.... %z.....
...p..T.MAIL FROM:<ri@host.ru> SIZE=3927 BODY=7BIT
RCPT TO:<serafim@example.com> ORCPT=rfc822;serafim@example.com
DATA

14:20:16.766138 IP 192.168.1.100.smtp > host.ru.57231: Flags [P.], seq 218:283, ack 142, win 14480, options [nop,nop,TS val 280646871 ecr 111969648], length 65
E..u,|@.@......dM_^.....^"y._.....8.m......
..T....p250 2.1.0 Ok
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>

14:20:16.812134 IP host.ru.57231 > 192.168.1.100.smtp: Flags [P.], seq 3038:4078, ack 283, win 6432, options [nop,nop,TS val 111969661 ecr 280646871], length 1040
E..DZ.@.7.wsM_^....d...._...^"y.... .......
...}..T.kNC70YzRgtGI0YPQu9C70LXRgNCwDQog
DQp3d3cudHJpei1jaGFuY2UucnUgDQrQmtC+0LzQv9GM0Y7RgtC10YDQvdGL0LUg0L/RgNC+
0LPRgNCw0LzQvNGLINC00LvRjyDRgNC10LrQu9Cw0LzQuNGB0YLQvtCyLCDQttGD0YDQvdCw
0LvQuNGB0YLQvtCyINC4INC80LXQvdC10LTQttC10YDQvtCyIA0KDQp3d3cudHJpei1yaS5y
dS9jdXJyeS9jb2RlLmFzcA0K0JrQsNC70YzQutGD0LvRj9GC0L7RgCDQutGD0YDRgdC+0LIg
0LLQsNC70Y7Rgg0KDQo+IC0tLSDQmNGB0YXQvtC00L3QvtC1INGB0L7QvtCx0YnQtdC90LjQ
tSAtLS0NCj4g0JTQsNGC0LA6IDE2LjAxLjIwMTMgMTA6MTY6MDcNCj4g0J7RgtC/0YDQsNCy
0LjRgtC10LvRjDog0KHQtdGA0LDRhNC40Lwg0KEuIDxzZXJhZmltQG5pY2Vjb2RlLmJpej4N
Cj4g0J/QvtC70YPRh9Cw0YLQtdC70Lg6IFRSSVotUkkgPHJpQHRyaXotcmkucnU+DQo+INCi
0LXQvNCwOiDQoNC10LrQstC40LfQuNGC0Ysg0LTQu9GPIG5pY2VDb2RlDQo+IA0KPiDQlNC+
0LHRgNGL0Lkg0LTQtdC90YwhDQo+IA0KPiDQlNCw0LnRgtC1LCDQv9C+0LbQsNC70YPQudGB
0YLQsCwg0LLQsNGI0Lgg0YDQtdC60LLQuNC30LjRgtGLLCDQvNGLINGB0YfQtdGCINCy0YvR
gdGC0LDQstC40LwuDQo+IA0KPiDQodC/0LDRgdC40LHQviwg0KHQtdGA0LDRhNC40Lwg0KHR
g9GF0LXQvdGM0LrQuNC5DQo+IG5pY2VDb2RlLg0KPiANCj4gDQo=




--------_next_part_10400_1819762754_11036--

.
QUIT

14:20:16.812152 IP 192.168.1.100.smtp > host.ru.57231: Flags [.], ack 142, win 14480, options [nop,nop,TS val 280646883 ecr 111969648,nop,nop,sack 1 {3038:4078}], length 0
E..@,}@.@......dM_^.....^"y._.....8.m......
..T....p...
_..._...
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel

main.cf

myhostname = mx.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = example.com, localhost

local_recipient_maps =

inet_interfaces = all
inet_protocols = all
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

relayhost = 

smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no

smtpd_use_tls=yes
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
    #permit_mynetworks
    permit_sasl_authenticated
    reject_non_fqdn_helo_hostname
    reject_invalid_helo_hostname
    permit

smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_maps
smtpd_sender_restrictions =
    #permit_mynetworks
    reject_sender_login_mismatch
    permit_sasl_authenticated
    reject_non_fqdn_sender
    reject_unknown_sender_domain
    permit

smtpd_recipient_restrictions =
    reject_unauth_pipelining
    reject_non_fqdn_recipient
    reject_unknown_recipient_domain
    #permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
    #reject_rbl_client zen.spamhaus.org
    #reject_rbl_client bl.spamcop.net
    #check_policy_service unix:postgrey/socket
    permit


smtp_tls_security_level = may
smtpd_tls_security_level = may
##smtpd_tls_security_level = encrypt
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

master.cf

smtp      inet  n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

Также я установил

net.ipv4.tcp_window_scaling = 0

в /etc/sysctl.conf

Может ли кто-нибудь помочь мне, пожалуйста?

1 ответ1

0

Кажется, это может быть вызвано тем, что маршрутизатор находится в пути, который не понимает масштабирование окна. Читайте здесь:как сделать, отключить tcp-window-scaling

Обходной путь - отключить масштабирование окна на сервере, который отправляет почту:

sudo sysctl -w net.ipv4.tcp_window_scaling=0

И вы можете проверить, если он включен, если он возвращает 1:

cat /proc/sys/net/ipv4/tcp_window_scaling

С Уважением,

Mirko

Всё ещё ищете ответ? Посмотрите другие вопросы с метками .