У меня есть Ubuntu box за маршрутизатором (Asus RT-N13U), порт 25 перенаправляется в ящик с маршрутизатора через функцию VirtualServer на маршрутизаторе.
Проблема в том, что некоторые клиенты (здесь host.ru) не могут доставлять почту на ящик (example.com).
Из mail.log на example.com (кто получает):
timeout after DATA (0 bytes) from host.ru[77.77.77.77]
Из mail.log на host.ru (отправитель):
to=<serafim@example.com>, relay=mx.example.com[80.80.80.80]:25, delay=12045, delays=11744/0.01/0.55/300, dsn=4.4.2, status=deferred (host mx.example.com[80.80.80.80] said: 421 4.4.2 mx.example.com Error: timeout exceeded (in reply to end of DATA command))
uname -a
Linux example 3.2.0-35-generic #55-Ubuntu SMP Wed Dec 5 17:42:16 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
sudo tcpdump хост host.ru
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:55:57.023757 IP host.ru.53602 > 192.168.1.100.smtp: Flags [S], seq 3178988342, win 5840, options [mss 1460,sackOK,TS val 111604716 ecr 0,nop,wscale 7], length 0
13:55:57.023778 IP 192.168.1.100.smtp > host.ru.53602: Flags [S.], seq 2583405147, ack 3178988343, win 14480, options [mss 1460,sackOK,TS val 280281936 ecr 111604716], length 0
13:55:57.066389 IP host.ru.53602 > 192.168.1.100.smtp: Flags [.], ack 1, win 5840, options [nop,nop,TS val 111604727 ecr 280281936], length 0
13:55:57.080032 IP 192.168.1.100.smtp > host.ru.53602: Flags [P.], seq 1:36, ack 1, win 14480, options [nop,nop,TS val 280281950 ecr 111604727], length 35
13:55:57.123961 IP host.ru.53602 > 192.168.1.100.smtp: Flags [.], ack 36, win 5840, options [nop,nop,TS val 111604741 ecr 280281950], length 0
13:55:57.123974 IP host.ru.53602 > 192.168.1.100.smtp: Flags [P.], seq 1:23, ack 36, win 5840, options [nop,nop,TS val 111604741 ecr 280281950], length 22
13:55:57.123981 IP 192.168.1.100.smtp > host.ru.53602: Flags [.], ack 23, win 14480, options [nop,nop,TS val 280281961 ecr 111604741], length 0
13:55:57.124066 IP 192.168.1.100.smtp > host.ru.53602: Flags [P.], seq 36:218, ack 23, win 14480, options [nop,nop,TS val 280281961 ecr 111604741], length 182
13:55:57.167559 IP host.ru.53602 > 192.168.1.100.smtp: Flags [P.], seq 23:142, ack 218, win 6432, options [nop,nop,TS val 111604752 ecr 280281961], length 119
13:55:57.175227 IP 192.168.1.100.smtp > host.ru.53602: Flags [P.], seq 218:283, ack 142, win 14480, options [nop,nop,TS val 280281974 ecr 111604752], length 65
13:55:57.221532 IP host.ru.53602 > 192.168.1.100.smtp: Flags [P.], seq 3038:4078, ack 283, win 6432, options [nop,nop,TS val 111604765 ecr 280281974], length 1040
13:55:57.221551 IP 192.168.1.100.smtp > host.ru.53602: Flags [.], ack 142, win 14480, options [nop,nop,TS val 280281985 ecr 111604752,nop,nop,sack 1 {3038:4078}], length 0
^C
12 packets captured
14 packets received by filter
0 packets dropped by kernel
sudo tcpdump - хост host.ru
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:20:16.612887 IP host.ru.57231 > 192.168.1.100.smtp: Flags [S], seq 1608703986, win 5840, options [mss 1460,sackOK,TS val 111969611 ecr 0,nop,wscale 7], length 0
E..<Z.@.7.{.M_^....d...._............:.........
...K........
14:20:16.612917 IP 192.168.1.100.smtp > host.ru.57231: Flags [S.], seq 1579317444, ack 1608703987, win 14480, options [mss 1460,sackOK,TS val 280646833 ecr 111969611], length 0
E..8..@.@..?...dM_^.....^"x._.....8.m..........
..T....K
14:20:16.656975 IP host.ru.57231 > 192.168.1.100.smtp: Flags [.], ack 1, win 5840, options [nop,nop,TS val 111969622 ecr 280646833], length 0
E..4Z.@.7.{.M_^....d...._...^"x.....
......
...V..T.
14:20:16.670621 IP 192.168.1.100.smtp > host.ru.57231: Flags [P.], seq 1:36, ack 1, win 14480, options [nop,nop,TS val 280646847 ecr 111969622], length 35
E..W,y@.@......dM_^.....^"x._.....8.m......
..T....V220 mx.example.com ESMTP Postfix
14:20:16.714676 IP host.ru.57231 > 192.168.1.100.smtp: Flags [.], ack 36, win 5840, options [nop,nop,TS val 111969637 ecr 280646847], length 0
E..4Z.@.7.{.M_^....d...._...^"x.....
X.....
...e..T.
14:20:16.714875 IP host.ru.57231 > 192.168.1.100.smtp: Flags [P.], seq 1:23, ack 36, win 5840, options [nop,nop,TS val 111969637 ecr 280646847], length 22
E..JZ.@.7.{qM_^....d...._...^"x............
...e..T.EHLO host.ru
14:20:16.714890 IP 192.168.1.100.smtp > host.ru.57231: Flags [.], ack 23, win 14480, options [nop,nop,TS val 280646859 ecr 111969637], length 0
E..4,z@.@......dM_^.....^"x._.. ..8.m......
..T....e
14:20:16.715010 IP 192.168.1.100.smtp > host.ru.57231: Flags [P.], seq 36:218, ack 23, win 14480, options [nop,nop,TS val 280646859 ecr 111969637], length 182
E...,{@.@......dM_^.....^"x._.. ..8.n].....
..T....e250-mx.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
14:20:16.758845 IP host.ru.57231 > 192.168.1.100.smtp: Flags [P.], seq 23:142, ack 218, win 6432, options [nop,nop,TS val 111969648 ecr 280646859], length 119
E...Z.@.7.{.M_^....d...._.. ^"y.... %z.....
...p..T.MAIL FROM:<ri@host.ru> SIZE=3927 BODY=7BIT
RCPT TO:<serafim@example.com> ORCPT=rfc822;serafim@example.com
DATA
14:20:16.766138 IP 192.168.1.100.smtp > host.ru.57231: Flags [P.], seq 218:283, ack 142, win 14480, options [nop,nop,TS val 280646871 ecr 111969648], length 65
E..u,|@.@......dM_^.....^"y._.....8.m......
..T....p250 2.1.0 Ok
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
14:20:16.812134 IP host.ru.57231 > 192.168.1.100.smtp: Flags [P.], seq 3038:4078, ack 283, win 6432, options [nop,nop,TS val 111969661 ecr 280646871], length 1040
E..DZ.@.7.wsM_^....d...._...^"y.... .......
...}..T.kNC70YzRgtGI0YPQu9C70LXRgNCwDQog
DQp3d3cudHJpei1jaGFuY2UucnUgDQrQmtC+0LzQv9GM0Y7RgtC10YDQvdGL0LUg0L/RgNC+
0LPRgNCw0LzQvNGLINC00LvRjyDRgNC10LrQu9Cw0LzQuNGB0YLQvtCyLCDQttGD0YDQvdCw
0LvQuNGB0YLQvtCyINC4INC80LXQvdC10LTQttC10YDQvtCyIA0KDQp3d3cudHJpei1yaS5y
dS9jdXJyeS9jb2RlLmFzcA0K0JrQsNC70YzQutGD0LvRj9GC0L7RgCDQutGD0YDRgdC+0LIg
0LLQsNC70Y7Rgg0KDQo+IC0tLSDQmNGB0YXQvtC00L3QvtC1INGB0L7QvtCx0YnQtdC90LjQ
tSAtLS0NCj4g0JTQsNGC0LA6IDE2LjAxLjIwMTMgMTA6MTY6MDcNCj4g0J7RgtC/0YDQsNCy
0LjRgtC10LvRjDog0KHQtdGA0LDRhNC40Lwg0KEuIDxzZXJhZmltQG5pY2Vjb2RlLmJpej4N
Cj4g0J/QvtC70YPRh9Cw0YLQtdC70Lg6IFRSSVotUkkgPHJpQHRyaXotcmkucnU+DQo+INCi
0LXQvNCwOiDQoNC10LrQstC40LfQuNGC0Ysg0LTQu9GPIG5pY2VDb2RlDQo+IA0KPiDQlNC+
0LHRgNGL0Lkg0LTQtdC90YwhDQo+IA0KPiDQlNCw0LnRgtC1LCDQv9C+0LbQsNC70YPQudGB
0YLQsCwg0LLQsNGI0Lgg0YDQtdC60LLQuNC30LjRgtGLLCDQvNGLINGB0YfQtdGCINCy0YvR
gdGC0LDQstC40LwuDQo+IA0KPiDQodC/0LDRgdC40LHQviwg0KHQtdGA0LDRhNC40Lwg0KHR
g9GF0LXQvdGM0LrQuNC5DQo+IG5pY2VDb2RlLg0KPiANCj4gDQo=
--------_next_part_10400_1819762754_11036--
.
QUIT
14:20:16.812152 IP 192.168.1.100.smtp > host.ru.57231: Flags [.], ack 142, win 14480, options [nop,nop,TS val 280646883 ecr 111969648,nop,nop,sack 1 {3038:4078}], length 0
E..@,}@.@......dM_^.....^"y._.....8.m......
..T....p...
_..._...
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel
main.cf
myhostname = mx.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = example.com, localhost
local_recipient_maps =
inet_interfaces = all
inet_protocols = all
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_use_tls=yes
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
#permit_mynetworks
permit_sasl_authenticated
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
permit
smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_maps
smtpd_sender_restrictions =
#permit_mynetworks
reject_sender_login_mismatch
permit_sasl_authenticated
reject_non_fqdn_sender
reject_unknown_sender_domain
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining
reject_non_fqdn_recipient
reject_unknown_recipient_domain
#permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
#reject_rbl_client zen.spamhaus.org
#reject_rbl_client bl.spamcop.net
#check_policy_service unix:postgrey/socket
permit
smtp_tls_security_level = may
smtpd_tls_security_level = may
##smtpd_tls_security_level = encrypt
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
master.cf
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
Также я установил
net.ipv4.tcp_window_scaling = 0
в /etc/sysctl.conf
Может ли кто-нибудь помочь мне, пожалуйста?