postfix smtp歡迎信息延時
telnet 到mx.xxx.com.cn 25 需要20秒后才會出現
mx.xxx.com .cn ESMTP Postfix 的歡迎信息
但telnet 到mx.xxx.com.cn 110則很快就出現
+OK Hello there 信息
而且網路速度也很快,上面的測試起碼說明不是網速問題
最後查找相關資料如下:
//***********************************************************
對拒絕服務攻擊的處理
postfix對每一個SMTP會話都設置一個錯誤計數器,當該客戶端的請求未
被接受或違反那UCE規則時,該計數器就增1。隨著計數器的增加,postfix將採取不同的措施來防止惡意用戶的拒絕服務攻擊。
smtpd_error_sleep_time:當該錯誤計數器的值還很小時,postfix將暫停
smtpd_error_sleep_time指定的時間,然後向客戶端報告一個錯誤。該參數的預設值為5秒。
smtpd_soft_error_limit:當錯誤計數器的值超過該參數指定的值時,postfix在響應該客戶端請求前將沉睡一段時間。預設值為10。
smtpd_hard_error_limit:當錯誤計數器的值超過該參數指定的值時,postfix
中斷同該客戶端的連接。預設值為100。
//************************************************************
以上的幾項值都改過,但還是出現上述情況,不知道哪位高手遇到類似問題
經過排查都不是以上問題
日誌里有這樣一條錯誤
mx postfix/smtpd: warning: 58.61.255.3: hostname 3.255.61.58.broad.gz.gd.dynamic.163data.com.cn verification failed: hostname nor servna
且在不同的IP連接,只要該IP沒有解析出這樣的錯誤反向解析地址
如:3.255.61.58.broad.gz.gd.dynamic.163data.com.cn
就不存在延時問題
《解決方案》
都是電信惹得禍,似乎最近搞了個域名反解工程,一夜之間所有電信的動態ip都堂而皇之的擁有了一個反解域名。
如樓主提供的這條
58.61.255.3: hostname 3.255.61.58.broad.gz.gd.dynamic.163data.com.cn
但是這個域名的伺服器不存在。
http://www.dnsstuff.com/tools/dnsreport.ch?domain=163data.com.cn
如果郵件的smtp守護進程設置了反解驗證的功能,就會造成通過電信線路連接的用戶感覺到非常嚴重的延遲,甚至無法連接。
《解決方案》
原帖由 r2007 於 2007-11-15 10:58 發表 http://bbs.chinaunix.net/images/common/back.gif
都是電信惹得禍,似乎最近搞了個域名反解工程,一夜之間所有電信的動態ip都堂而皇之的擁有了一個反解域名。
如樓主提供的這條
58.61.255.3: hostname 3.255.61.58.broad.gz.gd.dynamic.163data.com.cn
但是這 ...
請教樓上的老大,如何取消反解驗證。
《解決方案》
我沒有用過postfix,如果方便可以把配置丟上來分析一下。
《解決方案》
原帖由 r2007 於 2007-11-15 12:04 發表 http://bbs.chinaunix.net/images/common/back.gif
我沒有用過postfix,如果方便可以把配置丟上來分析一下。
smtpd_recipient_limit = 15
bounce_queue_lifetime = 12h
maximal_queue_lifetime = 24h
myhostname = postfix.cn
smtp_helo_name = $myhostname
local_transport = maildrop
mailbox_transport = maildrop
#disable_dns_lookups = yes
smtpd_error_sleep_time = 0
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
default_process_limit = 100
mydestination = mysql:/usr/local/etc/postfix/mysql/mysql-mydest.cf
virtual_transport_maps = mysql:/usr/local/etc/postfix/mysql/mysql-transport.cf
#virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual.cf
#virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/mysql-alias.cf
recipient_bcc_maps = mysql:/usr/local/etc/postfix/mysql/mysql-autobbc-in.cf
sender_bcc_maps = mysql:/usr/local/etc/postfix/mysql/mysql-autobbc-out.cf
local_recipient_maps = $virtual_mailbox_maps $virtual_maps
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-maps.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_maildir_suffix = Maildir/
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-quota.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
virtual_uid_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-uid.cf
virtual_gid_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-gid.cf
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access mysql:/usr/local/etc/postfix/mysql/mysql-access.cf,
permit_auth_destination,
reject
smtpd_sender_login_maps = mysql:/usr/local/etc/postfix/mysql/mysql-smtpd-login.cf
smtpd_reject_unlisted_sender = yes
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain,
# reject_unknown_client,
check_sender_access mysql:/usr/local/etc/postfix/mysql/mysql-access.cf,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
check_client_access mysql:/usr/local/etc/postfix/mysql/mysql-access.cf,
permit_sasl_authenticated,
reject_unknown_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit
default_destination_recipient_limit = 1
local_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
message_size_limit = 104857600
smtpd_milters = unix:/var/run/milter/milter-limit.socket
smtpd_recipient_limit = 10
bounce_queue_lifetime = 12h
maximal_queue_lifetime = 24h
smtpd_delay_reject = yes
smtpd_proxy_timeout = 180s
#smtpd_helo_required = yes
strict_rfc821_envelopes = yes
《解決方案》
註釋掉這個試試
reject_unknown_hostname,
《解決方案》
原帖由 r2007 於 2007-11-15 13:14 發表 http://bbs.chinaunix.net/images/common/back.gif
註釋掉這個試試
reject_unknown_hostname,
還是不行,我都快暈了。
《解決方案》
能否看看master.cf ?
《解決方案》
原帖由 r2007 於 2007-11-15 13:28 發表 http://bbs.chinaunix.net/images/common/back.gif
能否看看master.cf ?
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - 1000 smtpd
# -o disable_dns_lookups=yes
# -o content_filter=filter
# -o content_filter=filter
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#dbmail-lmtp unix - - n - - lmtp
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -w 90 -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} ${sender}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
#dbmail-smtp unix - n n - - pipe
# flags= user=postfix argv=/usr/local/sbin/dbmail-smtp -d ${recipient}
#filter unix - n n - - pipe
# flags=R user=vmail argv=/usr/local/bin/clamfilter -F jacky@thismail.org -f ${sender} -- ${recipient}
《解決方案》
沒找到問題。
有幾個基本建議。
check一下用戶填寫的smtp伺服器是不是這台?
配置改變后是否重啟了postfix
另送一個外點子,自架一個dns伺服器,建一個 163data.com.cn 的zone。然後讓postfix的機器的resolv.conf記錄指向這個dns伺服器。