我在 Ubuntu 13.10 上安装了带有 dovecot 的 postfix。我通过节点应用程序发送电子邮件(使用电子邮件模板)。
如果我发送一封电子邮件[email protected]至[email protected](电子邮件 1),spf 记录通过。如果我将电子邮件从 发送[email protected]到[email protected](电子邮件2),spf记录失败。
我的 spf 记录:
v=spf1 a mx ~all
我尝试了指定 IP 的变体,但电子邮件仍然通过/软失败1和2。
我已将我的 @mydomain.com 电子邮件链接到 gmail,这样我就可以从那里阅读它们,也可以从 gmail 检查标题。
这是电子邮件 1,通过:
Delivered-To: [email protected]
Received: by 10.220.131.9 with SMTP id v9csp9729vcs;
Thu, 3 Apr 2014 02:07:44 -0700 (PDT)
X-Received: by 10.204.243.137 with SMTP id lm9mr3945288bkb.33.1396516062351;
Thu, 03 Apr 2014 02:07:42 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mydomain.com (mydomain.com. [81.4.107.88])
by mx.google.com with ESMTPS id de1si2116722bkc.265.2014.04.03.02.07.41
for <[email protected]>
(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Thu, 03 Apr 2014 02:07:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 81.4.107.88 as permitted sender) client-ip=81.4.107.88;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 81.4.107.88 as permitted sender) [email protected]
Received: from [127.0.0.1] (mydomain [127.0.0.1])
(Authenticated sender: username)
by mydomain.com (Postfix) with ESMTPA id 2FE0730A095F
for <[email protected]>; Thu, 3 Apr 2014 05:07:41 -0400 (EDT)
X-Mailer: Nodemailer (0.6.1; +http://github.com/andris9/nodemailer;
smtp/0.3.23)
Date: Thu, 03 Apr 2014 09:07:41 GMT
Message-Id: <[email protected]>
From: [email protected]
To: [email protected]
Subject: Welcome to mydomain
这是电子邮件2,失败了:
Delivered-To: [email protected]
Received: by 10.220.131.9 with SMTP id v9csp9756vcs;
Thu, 3 Apr 2014 02:08:20 -0700 (PDT)
X-Received: by 10.220.103.141 with SMTP id k13mr2007429vco.25.1396516099631;
Thu, 03 Apr 2014 02:08:19 -0700 (PDT)
Authentication-Results: mx.google.com;
spf=softfail (google.com: best guess record for domain of transitioning [email protected] does not designate <unknown> as permitted sender) [email protected]
Received-SPF: softfail (google.com: best guess record for domain of transitioning [email protected] does not designate <unknown> as permitted sender)
Received: by 10.220.241.77 with POP3 id ld13mf1851813vcb.12;
Thu, 03 Apr 2014 02:08:19 -0700 (PDT)
X-Gmail-Fetch-Info: [email protected] 3 mail.mydomain.com 110 support
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from [127.0.0.1] (mydomain [127.0.0.1])
(Authenticated sender: username)
by mydomain.com (Postfix) with ESMTPA id 2DF0730A095E
for <[email protected]>; Thu, 3 Apr 2014 05:07:41 -0400 (EDT)
X-Mailer: Nodemailer (0.6.1; +http://github.com/andris9/nodemailer;
smtp/0.3.23)
Date: Thu, 03 Apr 2014 09:07:41 GMT
Message-Id: <[email protected]>
From: [email protected]
To: [email protected]
Subject: New user signed-up
Content-Type: multipart/alternative;
boundary="----Nodemailer-0.6.1-?=_1-1396516061189"
MIME-Version: 1.0
我不认为问题出在发送电子邮件的 node.js 代码上,因为它们都使用相同的传输和登录。以下是简化但仍然很长的代码版本:
var transport = nodemailer.createTransport("SMTP", {
service: "mydomain.com",
auth: {
user: "username",
pass: "password"
}
})
//THIS EMAIL FAILS SPF CHECK
exports.send_new_registration = function(username, email){
emailTemplates(templatesDir, function(err, template) {
console.log("Attempting to send email.");
if (err) {
console.log(err);
} else {
var locals = {
email : email,
username :username
};
// Send a single email
template('new_user', locals, function(err, html, text) {
if (err) {
console.log(err);
} else {
transport.sendMail({
from: '[email protected]',
to: '[email protected]',
subject: "New user signed-up",
html: html,
// generateTextFromHTML: true,
text: text
}, function(err, responseStatus) {
if (err) {
console.log(err);
} else {
console.log(responseStatus.message);
}
});
}
});
}
//THIS EMAIL PASSES SPF CHECK
exports.send_confirmation_email = function(email, token){
var link = "https://mydomain.com/email-confirmation/" + token;
emailTemplates(templatesDir, function(err, template) {
console.log("Attempting to send email.");
if (err) {
console.log(err);
} else {
var locals = {
link : link
};
// Send a single email
template('register', locals, function(err, html, text) {
if (err) {
console.log(err);
} else {
transport.sendMail({
from: '[email protected]',
to: email,
subject: "Welcome to mydomain",
html: html,
// generateTextFromHTML: true,
text: text
}, function(err, responseStatus) {
if (err) {
console.log(err);
} else {
console.log(responseStatus.message);
}
});
}
});
}
});
}
我认为这不相关,但我还没有让 TLS 在 postfix 上工作。我也尝试过让它postfix-policyd-spf-perl工作,但没有成功。当我从自己的帐户向自己的帐户发送电子邮件时,这会添加一个额外的标题。我猜这有关系,但我不确定。
仅供参考,如果我添加check_policy_service unix:private/policy-spf到我的,我在发往的/etc/postfix/main.cf电子邮件中看到的附加标题是:[email protected][email protected]
Received-SPF: softfail (mydomain.com: Sender is not authorized by default to use
'[email protected]' in 'mfrom' identity, however domain is not currently prepared for false
failures (mechanism '~all' matched)) receiver=mydomain.com; identity=mailfrom; envelope-
from="[email protected]"; helo="[an_ip]"; client-ip=a_diff_ip
我仅添加这一点,因为我不确定这是否与 google softfail 检查有关...
编辑:为了让问题清楚,我不清楚为什么如果我向 gmail 帐户发送电子邮件,它会通过 spf 检查,但如果我向我自己的域发送电子邮件,它就会失败。
答案1
SPF 没有失败。您误解了结果。
当邮件发送到 GMail 帐户时,Google 会(正确地)进行检查。Google 还会在通过 POP3 检索时添加检查。它不知道邮件来自哪里,因此会标记为软失败。
我不确定 Google 为什么要检查 POP3 检索的电子邮件,但不应该这样做。
您需要将其发送到执行自己的 SPF 检查的地址并直接获取它,而不是让 Google 玩弄标头。