我有一个带有 postfix、dovecot、spamassassin 等的电子邮件服务器。 www.mail-tester.com我给 10/10。 www.spamscore.net抱怨 spf(SPF 记录 SOFTFAIL)和反向 DNS:我既没有要求我的 ISP 更改 PTR 记录,也没有静态 IP 地址。
我能做些什么?
这些是 Gmail 的标头,除了 PTR 记录之外,对我来说一切正常……:
Delivered-To: [email protected]
Received: by xxxx:xxx:xxxx:xxx:xx:xx:xxxx:xxxx with SMTP id c19csp344692rch;
Tue, 16 May 2023 06:08:11 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ4vxiX67a0XTZCDu/km6NL865PkDFPhLSzzQgCCAmjNdfe1JG/e92WiW/ba6TjefmeV+NoT
X-Received: by xxxx:xxx:xxxx:x:xx:xxx:xxxx:xxxx with SMTP id b7-20020aa7c907000000b0050dd98add15mr2299049edt.38.1684242491465;
Tue, 16 May 2023 06:08:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1684242491; cv=none;
d=google.com; s=arc-20160816;
b=qumQE9U/4c0UtI82AK73ykWU+wddfWysdzHT0duMwijPySrmetLYLAdPViPtlUB0ph
vIMb27P2vjR8WEa6cie+zQZ8Hw9yPt7AheOYgyRQ2sLWtO3SYTt86ExtrJ5PBLq3nPJM
GvJHw70/eS28S5H5WX/StANGh2fC/hf36zpdovnqnjqaRbi4PZESNRfiz3JVDPbQJrke
aAsEoMKwzX3KyiTvwgr25NgSq/j5NKhzf4qcAOYRAA16WlSJo212PIzZ+6YrW7J9rDYw
FfXK8EPs2RkBo8xaEX0LzstSJo+A9sBbZiZu8IOIdeDk32o6oP3sXQ0Inw8EXy4O/SKQ
JYaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:list-unsubscribe:list-unsubscribe
:mime-version:message-id:user-agent:subject:to:from:date
:dkim-signature:dkim-signature;
bh=4RTOY/L7fEh3E7bKPR/wW8ZxxPpUcJcPGgjnnt1mxQg=;
b=jA6IpOhiyrFfWbHmVBonOnDnKdSpHy+vvqLtARNNiRi+7mX0D0Dwwqif3EGtpY8rqy
CbfuBzjtT/YXssP6nvDgkys3xtVPttH6VqoWdIAwfIgiV1wxzKBUQry+YdlzETcRScsy
MesXBPRmIxUlVDp+WSvVDDyVIQU66MdHPX27druWNl6uOmPYOCi6zMFlGzpQLW3pcYEP
pT+fcTmkzpBemWgLmrV7h5C0Uo67HjXuVUux/OmhedzpiSfTZ9/wQYKUHVS+jJR3cTPz
RgiBWj54F/DSieFn41raTiiLF9AxQBtDgy4avkspEiv24sBceaiajczBlns1JCeSypm3
xefA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=default header.b=erU5MmE3;
dkim=neutral (body hash did not verify) [email protected] header.s=default header.b=h2fQ8KlA;
spf=pass (google.com: domain of [email protected] designates xxxx:xx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx as permitted sender) [email protected];
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=my-domain.com
Return-Path: <[email protected]>
Received: from mail.my-domain.com (p200300e997106c85ba27ebfffebb66f4.dip0.t-ipconnect.de. [xxxx:xx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx])
by mx.google.com with ESMTPS id p16-20020a056402045000b0050bc45d5813si16499100edw.237.2023.05.16.06.08.11
for <[email protected]>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 16 May 2023 06:08:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates xxxx:xx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx as permitted sender) client-ip=xxxx:xx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=default header.b=erU5MmE3;
dkim=neutral (body hash did not verify) [email protected] header.s=default header.b=h2fQ8KlA;
spf=pass (google.com: domain of [email protected] designates xxxx:xx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx as permitted sender) [email protected];
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=my-domain.com
Received: by mail.my-domain.com (Postfix, from userid 109) id 9913F3CA6; Tue, 16 May 2023 13:08:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=my-domain.com; s=default; t=1684242487; bh=4RTOY/L7fEh3E7bKPR/wW8ZxxPpUcJcPGgjnnt1mxQg=; h=Date:From:To:Subject:List-Unsubscribe:List-Unsubscribe:From; b=erU5MmE3HyDCKPJ8ezhzJ1H6p+B1iw0U0AU13RU7fDMeaXrZdnMKm7cVyvaRYbJ6X
NpU1/qmQccj2haf6qpB+Db1Y2tTC2fAo7OYeD+mBmSDuO6/iMqNaUgwf0ty1tQvKAo
hv6sP6AXtf0vWTnVuVulpq1diCdUSrCOtQhuzAVmW7XvARyghZEDwDhP1xSpi6ZZzq
cgxSH1hWgTvND6bSDSMYjSuhKA1OJjWBv8STMcFT0Iu3fxMI6l3IhtmnqUnUhn63aD
RZvRPGjhptkcQIYR8iA5DudUvHlwsuGuy5lFZRLDiwPD2SZrsjVqr1Fwzy8HnJ2Ge3
gx6+juU/9cmWQ==
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on my-computer.Speedport_W_724V_Typ_A_05011603_06_003
X-Spam-Level:
X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
Received: from [127.0.0.1] (dynamic-046-114-006-210.46.114.pool.telefonica.de [46.114.6.210]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.my-domain.com (Postfix) with ESMTPSA id 166203C95 for <[email protected]>; Tue, 16 May 2023 13:07:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=my-domain.com; s=default; t=1684242475; bh=nHNlsXdplV+gXG0VuUvNHDw/RyaACF99+XI8vu7+m3A=; h=Date:From:To:Subject:List-Unsubscribe:From; b=h2fQ8KlAb0gcSJ9g9Gn2hrkQ81s81+EoKh5KeyhMRmiKhMQkPtdGUuJTparRjOi6l
mng0pXysmFBUcHshZUT/XpnFwWqiQNxt8DuiY2YTkw8DXHx+UdLBprBJ2HskOMO7Lg
PklQBaoPsrEJXTs53oSpHqgPMXRRNwcgfYa66AWcIi63Pn8sxn5TgOwhk3DT+451HH
LuzYILfq1xfo4RROKPaCP9zNKwRY72OrGdrlD6skb4dBdXYKF+vSSJLOqxk5vBcFMx
tt5OPMAUhSmoUbWXj+UNS3wD58iclWM+CYoYLVzC6TI+lGMliomHEURvjybqufacn7
JDirRAIDst+YQ==
Date: Tue, 16 May 2023 15:07:47 +0200
From: John <[email protected]>
To: [email protected]
Subject: Subject here
User-Agent: K-9 Mail for Android
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=----8DTU44YRN9DS835N8LAPEHSE9DSIVO
List-Unsubscribe: mailto:[email protected]?subject=unsubscribe>"
List-Unsubscribe: mailto:[email protected]?subject=unsubscribe>"
Content-Transfer-Encoding: 7bit
------8DTU44YRN9DS835N8LAPEHSE9DSIVO
Content-Type: text/plain; charset=utf-8
List-Unsubscribe: mailto:[email protected]?subject=unsubscribe>"
List-Unsubscribe: mailto:[email protected]?subject=unsubscribe>"
Content-Transfer-Encoding: quoted-printable
Dear John,
Body here.
Best regards,
John
------8DTU44YRN9DS835N8LAPEHSE9DSIVO
Content-Type: text/html; charset=utf-8
List-Unsubscribe: mailto:[email protected]?subject=unsubscribe>"
List-Unsubscribe: mailto:[email protected]?subject=unsubscribe>"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html><html><body><div dir=3D"auto">Dear John,<br><br>Body=
here.<br><br>Best regards,<br>John</div></body></ht=
ml>
------8DTU44YRN9DS835N8LAPEHSE9DSIVO--
答案1
我既没有要求我的 ISP 更改 PTR 记录,也没有
Gmail 要求所有 IPv6 发件人都拥有 PTR 记录。许多邮件域也要求 IPv4 发件人拥有同样的记录。
您的 DKIM 设置存在问题 – 您的消息被签名两次,并且由于其设置方式,您自己的邮件列表系统别无选择,只能立即使其无效。
具体来说,第一个签名(底部)是签名标头,它不应该签名,即list-unsubscribe标头(或缺少标头)。因此,如果 DKIM 签名断言存在不这样的标题,但您的邮件列表软件立即添加一个,这很可能会导致 DKIM 验证失败。
不止于此——如果你的例子是可信的,系统还会将 List-Unsubscribe 标头添加到每个 MIME 部分(尽管此标头不该放在那里——它只在作为消息级标头时才有意义)。这不仅毫无用处,而且如果在签名后执行此操作,将使现有签名无效,导致接收方出现“主体哈希未验证”的情况。
您应该 1) 阻止系统添加第二个签名(第一个就足够了),2) 停止在签名的标头中包含“List-Unsubscribe”,3) 停止将这些标头添加到各个 MIME 部分。