postfix无法接收来自某些域的电子邮件。

Question

我正在运行一个后缀/dovecot电子邮件服务器。操作系统是Ubuntu18.04。我还使用aws作为中继主机发送电子邮件，因为端口25被封锁。它运行良好，但我无法接收来自某些领域的电子邮件，如亚马逊或我的主机提供商之一。其他领域，如gmail或outlook运行良好。知道为什么会这样吗？

下面是我的后缀配置。

##
## Network settings
##

mynetworks = 127.0.0.0/8 192.168.1.0/24
inet_interfaces = all
inet_protocols = ipv4
myhostname = mail.example.com
mydestination = localhost.$mydomain, localhost, localhost.localdomain

# Enable auth
smtp_sasl_auth_enable = yes
# Set username and password
smtp_sasl_password_maps = static:aws-username:aws-password
smtp_sasl_security_options = noanonymous
# Turn on tls encryption 
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
# Set external SMTP relay host here IP or hostname accepted along with a port number. 
relayhost = email-smtp.us-west-2.amazonaws.com:587


##
## Mail queue settings
##

maximal_queue_lifetime = 1h
bounce_queue_lifetime = 1h
maximal_backoff_time = 15m
minimal_backoff_time = 5m
queue_run_delay = 5m


##
## TLS settings
###

tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA


### Outbound SMTP connections (Postfix as sender)

#smtp_tls_security_level = dane
smtp_dns_support_level = dnssec
smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt


### Inbound SMTP connections

smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_ciphers = high
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem


##
## Local mail delivery to Dovecot via LMTP
##

virtual_transport = lmtp:unix:private/dovecot-lmtp


##
## Spam filter and DKIM signatures via Rspamd
##

smtpd_milters = inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_protocol = 6
milter_mail_macros =  i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept



##
## Server Restrictions for clients, cecipients and relaying
## (concerning S2S-connections. Mailclient-connections are configured in submission-section in master.cf)
##

### Conditions in which Postfix works as a relay. (for mail user clients)
smtpd_relay_restrictions =      reject_non_fqdn_recipient
                                reject_unknown_recipient_domain
                                permit_mynetworks
                                reject_unauth_destination


### Conditions in which Postfix accepts e-mails as recipient (additional to relay conditions)
### check_recipient_access checks if an account is "sendonly"
smtpd_recipient_restrictions = check_recipient_access mysql:/etc/postfix/sql/recipient-access.cf


### Restrictions for all sending foreign servers ("SMTP clients")
smtpd_client_restrictions =     permit_mynetworks
                                check_client_access hash:/etc/postfix/without_ptr
                                reject_unknown_client_hostname


### Foreign mail servers must present a valid "HELO"
smtpd_helo_required = yes
smtpd_helo_restrictions =   permit_mynetworks
                            reject_invalid_helo_hostname
                            reject_non_fqdn_helo_hostname
                            reject_unknown_helo_hostname

# Block clients, which start sending too early
smtpd_data_restrictions = reject_unauth_pipelining


##
## Restrictions for MUAs (Mail user agents)
##

mua_relay_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
mua_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject
mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject


##
## Postscreen Filter
##

### Postscreen Whitelist / Blocklist
postscreen_access_list =        permit_mynetworks
                                cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = drop


# Drop connections if other server is sending too quickly
postscreen_greet_action = drop


### DNS blocklists
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites =    ix.dnsbl.manitu.net*2
                            zen.spamhaus.org*2
postscreen_dnsbl_action = drop


##
## MySQL queries
##

virtual_alias_maps = mysql:/etc/postfix/sql/aliases.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql/accounts.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql/domains.cf
local_recipient_maps = $virtual_mailbox_maps


##
## Miscellaneous
##

### Maximum mailbox size (0=unlimited - is already limited by Dovecot quota)
mailbox_size_limit = 0

### Maximum size of inbound e-mails (50 MB)
message_size_limit = 52428800

### Do not notify system users on new e-mail
biff = no

### Users always have to provide full e-mail addresses
append_dot_mydomain = no

### Delimiter for "Address Tagging"
recipient_delimiter = +

这是一个这样的领域的日志，从那里我没有收到任何电子邮件。

Jun  3 13:29:36 mail postfix/smtpd[8301]: connect from mx01.simplyhosting.cloud[91.186.2.150]
Jun  3 13:29:37 mail postfix/smtpd[8301]: 76948C00234: client=mx01.simplyhosting.cloud[91.186.2.150]
Jun  3 13:34:37 mail postfix/smtpd[8301]: timeout after DATA (0 bytes) from mx01.simplyhosting.cloud[91.186.2.150]
Jun  3 13:34:37 mail postfix/smtpd[8301]: disconnect from mx01.simplyhosting.cloud[91.186.2.150] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4

Answer 1

这个问题解决了。我发现有问题的远程smtp服务器无法发送任何数据。只是握手后失去了连接。一旦我在/etc/sysctl.conf中添加了net.ipv4.tcp_window_scaling =0，我就开始收到来自这些域的电子邮件。

更新:忘了提到，我需要调整服务器机器的默认MTU大小到1492，这是我通过点击google服务器发现的。