我有两台 CentOS 6.6 服务器,配置了 Postfix 来发送电子邮件。一切运行正常,SPF 条目、域密钥和 OpenDKIM 都已配置并正常运行,但我正在尝试完善我的备份邮件服务器。目前,如果我关闭 mx1 并发送电子邮件,它会像预期的那样在 mx2 上排队。一旦我在 mx1 上启动 Postfix,邮件就会发出,但 mx1 会因为 SPF 过滤器而拒绝它。我尽我所能让它工作,但它就是没有按预期的方式工作。
mx2 配置为中继我要发送到的域的邮件。我的 main.cf 中还有 mynetwork 中备份 MX 的 IP
mx1 = bluemoon.domain.tld
mx2 = surly.domain.tld
日志:
MX2:
Apr 28 08:23:31 surly postfix/smtpd[13015]: 4B37B35E1092E: client=sender1.zohomail.com[74.201.84.162]
Apr 28 08:23:31 surly postfix/cleanup[13020]: 4B37B35E1092E: message-id=<[email protected]>
Apr 28 08:23:31 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: handlers_stderr: SKIP
Apr 28 08:23:31 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: SKIP during call 'limit-out' handler
Apr 28 08:23:31 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: handlers_stderr: SKIP
Apr 28 08:23:31 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: SKIP during call 'check-quota' handler
Apr 28 08:23:31 surly spf filter[13024]: Starting spf filter...
Apr 28 08:23:32 surly spf filter[13024]: SPF result: pass
Apr 28 08:23:32 surly spf filter[13024]: SPF status: PASS
Apr 28 08:23:32 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: handlers_stderr: PASS
Apr 28 08:23:32 surly /usr/lib64/plesk-9.0/psa-pc-remote[23410]: PASS during call 'spf' handler
Apr 28 08:23:32 surly opendkim[680]: 4B37B35E1092E: sender1.zohomail.com [<IP ADDR>] not internal
Apr 28 08:23:32 surly opendkim[680]: 4B37B35E1092E: not authenticated
Apr 28 08:23:32 surly opendkim[680]: 4B37B35E1092E: no signature data
Apr 28 08:23:32 surly postfix/qmgr[2080]: 4B37B35E1092E: from=<[email protected]>, size=3236, nrcpt=1 (queue active)
Apr 28 08:23:32 surly postfix/smtp[13025]: connect to mx1.domain.tld[<IP ADDR>]:25: Connection refused
Apr 28 08:23:32 surly postfix/smtpd[13015]: disconnect from sender1.zohomail.com[74.201.84.162]
Apr 28 08:23:32 surly postfix/smtp[13025]: 4B37B35E1092E: to=<[email protected]>, relay=none, delay=1.4, delays=1.3/0.01/0.02/0, dsn=4.4.1, status=deferred (connect to mx1.domain.tld[<ip addr>]:25: Connection refused)
Apr 28 08:24:21 surly postfix/qmgr[2080]: 4B37B35E1092E: from=<[email protected]>, size=3236, nrcpt=1 (queue active)
Apr 28 08:24:21 surly postfix/smtp[13025]: 4B37B35E1092E: to=<[email protected]>, relay=mx1.domain.tld[<ip addr>]:25, delay=51, delays=50/0/0.04/0.6, dsn=5.7.1, status=bounced (host mx1.domain.tld[<ip adr>] said: 550 5.7.1 Command rejected (in reply to end of DATA command))
Apr 28 08:24:21 surly postfix/cleanup[13020]: D1B1C35E10940: message-id=<[email protected]>
Apr 28 08:24:21 surly postfix/qmgr[2080]: D1B1C35E10940: from=<>, size=5422, nrcpt=1 (queue active)
Apr 28 08:24:21 surly postfix/bounce[13050]: 4B37B35E1092E: sender non-delivery notification: D1B1C35E10940
Apr 28 08:24:21 surly postfix/qmgr[2080]: 4B37B35E1092E: removed
MX1:
Apr 28 08:24:21 s18267928 postfix/smtpd[27039]: connect from surly.domain.tld[<ip>]
Apr 28 08:24:21 s18267928 postfix/smtpd[27039]: 3A2F9708C90E: client=surly.domain.tld[<Ip>]
Apr 28 08:24:21 s18267928 postfix/cleanup[27044]: 3A2F9708C90E: message-id=<[email protected]>
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: handlers_stderr: SKIP
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: SKIP during call 'limit-out' handler
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: handlers_stderr: SKIP
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: SKIP during call 'check-quota' handler
Apr 28 08:24:21 s18267928 spf filter[27047]: Starting spf filter...
Apr 28 08:24:21 s18267928 spf filter[27047]: SPF result: softfail
Apr 28 08:24:21 s18267928 spf filter[27047]: SPF status: REJECT
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: handlers_stderr: REJECT
Apr 28 08:24:21 s18267928 /usr/lib64/plesk-9.0/psa-pc-remote[19488]: REJECT during call 'spf' handler
Apr 28 08:24:21 s18267928 postfix/cleanup[27044]: 3A2F9708C90E: milter-reject: END-OF-MESSAGE from surly.<domain.tld>[<ip addr>]: 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<surly.domain.tld>
答案1
根据此日志
Apr 28 08:24:21 s18267928 postfix/cleanup[27044]: 3A2F9708C90E: milter-reject: END-OF-MESSAGE from surly.<domain.tld>[<ip addr>]: 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<surly.domain.tld>
显然,该邮件被 Postfix 调用的 Plesk 邮件过滤程序拒绝了。因此,我们有两个选择:
排除 IP 地址,这样 Postfix 就不会将电子邮件发送到 milter 检查。
不幸的是没有直接参数来控制这种情况。有解决方法,包括设置新
smtpd
服务master.cf
并添加无药剂参 数。 请参阅本文档例如。告诉 plesk 将特定的 IP 地址从 SPF 检查列入白名单。
根据此帖子:有什么办法可以关闭 Plesk 上针对特定 IP 的 SPF 检查?,可以将特定 IP 地址列入 SPF 检查白名单。只需设置
ip4:a.b.c.d
在SPF 本地规则选项。