我们遇到了一个奇怪的情况:
- 我们收到一封包含 ESMTP 标头的电子邮件
- 我们的服务器接受了,没问题
- 我们将该邮件导入 Gmail,就像从我们的邮箱导入其他邮件一样
- Gmail 进行 SPF 检查,但失败
- Gmail 使用我们的服务器 IP 地址和邮件发件人域来进行检查(原文如此!)
我们在本地邮箱之间发送邮件时也遇到了类似的问题(但 Gmail 使用我们的服务器域和客户端的 IP):当通过 SMTP 从一个本地邮箱发送到另一个本地邮箱时,由于邮件中的客户端 IP 而不是服务器 IP,导入到 Gmail 的电子邮件 SPF 失败
例子:
Received-SPF: fail (google.com: domain of [email protected] does not designate 188.40.153.39 as permitted sender) client-ip=188.40.153.39;
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of [email protected] does not designate 188.40.153.39 as permitted sender) [email protected]
更多标头:
Delivered-To: [email protected]
Received: by 10.194.168.164 with SMTP id zx4csp522020wjb;
Thu, 19 Feb 2015 06:26:04 -0800 (PST)
X-Received: by 10.180.219.66 with SMTP id pm2mr10333511wic.91.1424355964017;
Thu, 19 Feb 2015 06:26:04 -0800 (PST)
Return-Path: <[email protected]>
Received: from server.webvizarts.com (server.webvizarts.com . [188.40.153.39])
by mx.google.com with ESMTPS id ge6si41332059wjd.24.2015.02.19.06.26.03
for <[email protected]>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 19 Feb 2015 06:26:04 -0800 (PST)
Received-SPF: fail (google.com: domain of [email protected] does not designate 188.40.153.39 as permitted sender) client-ip=188.40.153.39;
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of [email protected] does not designate 188.40.153.39 as permitted sender) [email protected]
Received: from mx.msit.gov.pl ([77.252.152.34])
by server.webvizarts.com with esmtp (Exim 4.83)
(envelope-from <[email protected]>)
id 1YOS3G-0003eP-T2
for [email protected]; Thu, 19 Feb 2015 15:26:03 +0100
Received: from msit.gov.pl (unknown [192.168.10.30])
by mx.msit.gov.pl (Postfix) with ESMTPS id 5BE2F3B64
for <[email protected]>; Thu, 19 Feb 2015 15:24:48 +0100 (CET)
Received: from EX3.sport.local (192.168.10.30) by EX3.sport.local
(192.168.10.30) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Thu, 19 Feb
2015 15:22:45 +0100
Received: from EX3.sport.local ([fe80::b8ed:df29:c87:77d2]) by EX3.sport.local
([fe80::b8ed:df29:c87:77d2%15]) with mapi id 15.00.1044.021; Thu, 19 Feb 2015
15:22:45 +0100
From: John Smith <[email protected]>
To: Christopher Smith <[email protected]>
Subject: Re: Some sensitive subject
Thread-Topic: Some sensitive subject
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.168.0.102]
隐藏标题、邮箱名称和人名。
我们在基于 Debian 的 VPS 上安装了 dovecot+exim。
我们正在寻找一些解决方案来避免这种情况。Gmail 端的实现是否存在缺陷,或者我们可以做些什么?
编辑:根据评论,转发被误认为是导入
答案1
[...]
我们将该邮件导入 Gmail,就像导入其他邮箱里的电子邮件一样
[...]
这是错误的,因为邮件标题显示了不同的内容:
Received: from server.webvizarts.com (server.webvizarts.com . [188.40.153.39])
by mx.google.com with ESMTPS id ge6si41332059wjd.24.2015.02.19.06.26.03
for <[email protected]>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 19 Feb 2015 06:26:04 -0800 (PST)
电子邮件由server.webvizarts.com转发mx.google.com给[email protected]。显然没有设置信封发件人:
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of [email protected] does not designate 188.40.153.39 as permitted sender) [email protected]
显然信封的发件人仍然是[email protected]。
我能想到这里有三个选择:
- 使用重写信封发件人重写方案例如postfix-srsd。
- 发送/中继之前,在 Gmail 上进行身份验证
- 将电子邮件从您的服务器推送到 Gmail 的 IMAP/POP3 邮箱或让它们通过 Gmail 从您的服务器中提取(我不知道哪种方法更容易)