我在 VPS 上安装了 Postfix 和 Dovecot,并配置为将邮件转发到 Gmail 地址,并接受来自 gmail 的 smtp 请求,以便它可以代表该域发送。TLS 和身份验证正在运行,电子邮件正在到达,MX 域、SPR、DKIM、SPF 全部配置并运行。
但是,我只能向自己和少数域发送电子邮件。例如:
This is the mail system at host tomjn.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<[email protected]>: host dc-cd3425bc.geekmatt.com[87.106.180.26] said:
550-Verification failed for <[email protected]> 550-The mail server could
not deliver mail to [email protected]. The account or domain may not
exist, they may be blacklisted, or missing the proper dns entries. 550
Sender verify failed (in reply to RCPT TO command)
Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.0.0
Remote-MTA: dns; dc-cd3425bc.geekmatt.com
Diagnostic-Code: smtp; 550-Verification failed for <[email protected]> 550-The
mail server could not deliver mail to [email protected]. The account or
domain may not exist, they may be blacklisted, or missing the proper dns
entries. 550 Sender verify failed
我不确定该怎么做。这是远程服务器拒绝我的服务器吗?还是我的服务器拒绝远程服务器?
我查找了地址验证并发现了这一点:
但是它的含义很模糊,当它说收件人时,它是指接收电子邮件的远程服务器吗?我的服务器接收验证请求?远程服务器接收验证请求?它是指电子邮件的发件人还是验证请求的发件人?它没有明确说明。谷歌搜索导致出现几个问题,答案是“这是一个坏主意,每个人都应该停止使用它”,而人们解决了由于使用我不使用的东西(例如 SRS)而导致的问题。
电子邮件至[电子邮件保护]没有引起任何回应。
这是我的 postfix 的 main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
readme_directory = no
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_auth_enable = yes
smtpd_helo_required = yes
#smtpd_pw_server_security_options = cram-md5,digest-md5,login,plain
#content_filter = smtp-amavis:[127.0.0.1]:10024
#smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated
smtpd_client_restrictions =
permit_mynetworks
permit_sasl_authenticated
REJECT
virtual_transport = lmtp:unix:private/dovecot-lmtp
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = tomjn.com
virtual_alias_domains = tomjn.com tomjn.co.uk
#alias_maps =
#alias_database = hash:/etc/aliases
myorigin = /etc/mailname
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
#mydestination = localhost.com, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 216.239.32.0/19 64.233.160.0/19 66.249.80.0/20 72.14.192.0/18 209.85.128.0/17 66.102.0.0/20 74.125.0.0/16 64.18.0.0/20 207.126.144.0/20 173.194.0.0/16 [2001:4860:4000::]/36 [2404:6800:4000::]/36 [2607:f8b0:4000::]/36 [2800:3f0:4000::]/36 [2a00:1450:4000::]/36 [2c0f:fb50:4000::]/36
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
旁注:是的,我知道 Google 应用,是的,DNS 配置正确,不,我只使用 Dovecot 进行 TLS 而不是 IMAP/POP3,是的[电子邮件保护]存在
答案1
是的,它被称为发件人验证。验证是由 geekmatt.com 邮件服务器完成的,而不是您的。根据错误消息,我可以得出结论
550-Verification failed for <[email protected]> 550-The mail server could
not deliver mail to [email protected]. The account or domain may not
exist, they may be blacklisted, or missing the proper dns entries. 550
Sender verify failed
是 exim 标准错误消息。
顺便说一句,并非所有发件人验证都是坏的。为了便于解释,我假设您要将电子邮件从 example.com 发送到 example.net
在基本级别,example.net 邮件服务器必须验证发件人域是否存在。如果邮件服务器在此级别拒绝了您的电子邮件,则您的域 1) 没有 DNS MX 和 DNS A 记录,或者 2) MX 记录格式错误,例如 MX 主机名长度为零的记录。在 postfix 中,等效参数是拒绝未知发件人域名
在高级级别,邮件服务器将尝试检查发件人地址是否存在。基本上,在接受您的电子邮件之前,example.net 邮件服务器将尝试telnet 到你的邮件服务器,但不发送任何电子邮件。该支票被视为坏支票,因为几个原因。
现在,域名 tomjn.com 似乎未能通过基本发件人验证。以下是 tomjn.com 的 MX 记录
% dig tomjn.com MX +short
1 178.62.28.136.tomjn.com.
% dig 178.62.28.136.tomjn.com
; <<>> DiG 9.9.5 <<>> 178.62.28.136.tomjn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, **status: NXDOMAIN,** id: 52812
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;178.62.28.136.tomjn.com. IN A
;; AUTHORITY SECTION:
tomjn.com. 1800 IN SOA NS1.DIGITALOCEAN.com. hostmaster.tomjn.com. 1410110590 3600 900 1209600 1800
您的 MX 记录没有有效的 A 记录。因此 geekmatt.com 拒绝了您的电子邮件。
解决方案:修复您的 MX 记录