Postfix 阻止来自备份 MX 的邮件

Postfix 阻止来自备份 MX 的邮件

我有两台 CentOS 6.6 服务器,配置了 Postfix 来发送电子邮件。一切运行正常,SPF 条目、域密钥和 OpenDKIM 都已配置并正常运行,但我正在尝试完善我的备份邮件服务器。目前,如果我关闭 mx1 并发送电子邮件,它会像预期的那样在 mx2 上排队。一旦我在 mx1 上启动 Postfix,邮件就会发出,但 mx1 会因为 SPF 过滤器而拒绝它。我尽我所能让它工作,但它就是没有按预期的方式工作。

mx2 配置为中继我要发送到的域的邮件。我的 main.cf 中还有 mynetwork 中备份 MX 的 IP

mx1 = bluemoon.domain.tld

mx2 = surly.domain.tld

日志:

MX2:

Apr 28 08:23:31 surly postfix/smtpd[13015]: 4B37B35E1092E: client=sender1.zohomail.com[74.201.84.162]
Apr 28 08:23:31 surly postfix/cleanup[13020]: 4B37B35E1092E: message-id=<[email protected]>
Apr 28 08:23:31 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: handlers_stderr: SKIP
Apr 28 08:23:31 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: SKIP during call 'limit-out' handler
Apr 28 08:23:31 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: handlers_stderr: SKIP
Apr 28 08:23:31 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: SKIP during call 'check-quota' handler
Apr 28 08:23:31 surly spf filter[13024]: Starting spf filter...
Apr 28 08:23:32 surly spf filter[13024]: SPF result: pass
Apr 28 08:23:32 surly spf filter[13024]: SPF status: PASS
Apr 28 08:23:32 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: handlers_stderr: PASS
Apr 28 08:23:32 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: PASS during call 'spf' handler
Apr 28 08:23:32 surly opendkim[680]: 4B37B35E1092E: sender1.zohomail.com [<IP ADDR>] not internal
Apr 28 08:23:32 surly opendkim[680]: 4B37B35E1092E: not authenticated
Apr 28 08:23:32 surly opendkim[680]: 4B37B35E1092E: no signature data
Apr 28 08:23:32 surly postfix/qmgr[2080]: 4B37B35E1092E: from=<[email protected]>, size=3236, nrcpt=1 (queue active)
Apr 28 08:23:32 surly postfix/smtp[13025]: connect to mx1.domain.tld[<IP ADDR>]:25: Connection refused
Apr 28 08:23:32 surly postfix/smtpd[13015]: disconnect from sender1.zohomail.com[74.201.84.162]
Apr 28 08:23:32 surly postfix/smtp[13025]: 4B37B35E1092E: to=<[email protected]>, relay=none, delay=1.4, delays=1.3/0.01/0.02/0, dsn=4.4.1, status=deferred (connect to mx1.domain.tld[<ip addr>]:25: Connection refused)
Apr 28 08:24:21 surly postfix/qmgr[2080]: 4B37B35E1092E: from=<[email protected]>, size=3236, nrcpt=1 (queue active)
Apr 28 08:24:21 surly postfix/smtp[13025]: 4B37B35E1092E: to=<[email protected]>, relay=mx1.domain.tld[<ip addr>]:25, delay=51, delays=50/0/0.04/0.6, dsn=5.7.1, status=bounced (host mx1.domain.tld[<ip adr>] said: 550 5.7.1 Command rejected (in reply to end of DATA command))
Apr 28 08:24:21 surly postfix/cleanup[13020]: D1B1C35E10940: message-id=<[email protected]>
Apr 28 08:24:21 surly postfix/qmgr[2080]: D1B1C35E10940: from=<>, size=5422, nrcpt=1 (queue active)
Apr 28 08:24:21 surly postfix/bounce[13050]: 4B37B35E1092E: sender non-delivery notification: D1B1C35E10940
Apr 28 08:24:21 surly postfix/qmgr[2080]: 4B37B35E1092E: removed

MX1:

Apr 28 08:24:21 s18267928 postfix/smtpd[27039]: connect from surly.domain.tld[<ip>]
Apr 28 08:24:21 s18267928 postfix/smtpd[27039]: 3A2F9708C90E: client=surly.domain.tld[<Ip>]
Apr 28 08:24:21 s18267928 postfix/cleanup[27044]: 3A2F9708C90E: message-id=<[email protected]>
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: handlers_stderr: SKIP
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: SKIP during call 'limit-out' handler
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: handlers_stderr: SKIP
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: SKIP during call 'check-quota' handler
Apr 28 08:24:21 s18267928 spf filter[27047]: Starting spf filter...
Apr 28 08:24:21 s18267928 spf filter[27047]: SPF result: softfail
Apr 28 08:24:21 s18267928 spf filter[27047]: SPF status: REJECT
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: handlers_stderr: REJECT
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: REJECT during call 'spf' handler
Apr 28 08:24:21 s18267928 postfix/cleanup[27044]: 3A2F9708C90E: milter-reject: END-OF-MESSAGE from surly.<domain.tld>[<ip addr>]: 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<surly.domain.tld>

答案1

根据此日志

Apr 28 08:24:21 s18267928 postfix/cleanup[27044]: 3A2F9708C90E: milter-reject: END-OF-MESSAGE from surly.<domain.tld>[<ip addr>]: 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<surly.domain.tld>

显然,该邮件被 Postfix 调用的 Plesk 邮件过滤程序拒绝了。因此,我们有两个选择:

  1. 排除 IP 地址,这样 Postfix 就不会将电子邮件发送到 milter 检查。

    不幸的是没有直接参数来控制这种情况。有解决方法,包括设置新smtpd服务master.cf并添加无药剂参 数。 请参阅本文档例如。

  2. 告诉 plesk 将特定的 IP 地址从 SPF 检查列入白名单。

根据此帖子:有什么办法可以关闭 Plesk 上针对特定 IP 的 SPF 检查?,可以将特定 IP 地址列入 SPF 检查白名单。只需设置

ip4:a.b.c.d

SPF 本地规则选项。

相关内容