postfix/opendkim 无法在第二个域名上通过 php 签署电子邮件

postfix/opendkim 无法在第二个域名上通过 php 签署电子邮件

我有两个域名,example1.com分别称为example2.com

example1.com所有使用 dkim sign 发送的电子邮件上。在从 php 发送的电子邮件
example2.com没有dkim 签名,但如果从控制台发送电子邮件,电子邮件将被签名。

例如控制台命令:

php -r 'mail("[email protected]", "TEST", "TEST TEXT", "MIME-Version:
1.0\r\nContent-type: text/html; charset=\"utf-8\"\r\nFrom: no-reply <[email protected]>\r\n");'  

服务器

Centos 7
php-fpm + nginx

opendkim.conf

# grep "^[^#;]" /etc/opendkim.conf
AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
Socket                  inet:8891@localhost
PidFile                 /var/run/opendkim/opendkim.pid
UMask                   022
UserID                  opendkim:opendkim
TemporaryDirectory      /var/tmp

主配置文件

# grep "^[^#;]" /etc/postfix/main.cf 
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = example1.com
inet_interfaces = localhost
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
relay_domains = example1.com,example2.com
relayhost =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases


debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
milter_default_action   = accept
milter_protocol         = 2

可信主机

# grep "^[^#;]" /etc/opendkim/TrustedHosts
localhost
127.0.0.1
::1
example1.com
example2.com

键表

grep "^[^#;]" /etc/opendkim/KeyTable
default._domainkey.example1.com example1.com:default:/etc/opendkim/keys/example1.com/default
default._domainkey.example2.com example2.com:default:/etc/opendkim/keys/example2.com/default

签名表

# grep "^[^#;]" /etc/opendkim/SigningTable
*@example1.com default._domainkey.example1.com
*@example2.com default._domainkey.example2.com

运输

# grep "^[^#;]" /etc/postfix/transport 
example1.com smtp:mx.yandex.ru
example2.com smtp:mx.yandex.ru

php.ini

# grep sendmail_path /etc/php.ini
sendmail_path = /usr/sbin/sendmail.postfix -t -i

测试.php

<?php
$headers= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=\"utf-8\"\r\n";
$headers .= "From: no-reply <[email protected]>\r\n";
if (mail('[email protected]', 'TEST', 'TEST', $headers)){
    echo 'OK';
}
else {
    echo 'FAIL';
}

此配置仅用于发送电子邮件,对于接收电子邮件,我使用 pdd.yandex.ru
问题出在哪里example2.com

答案1

您可能需要在 sendmail 命令中指定“发件人:”标头。Opendkim 仅对具有一致“发件人:”标头的邮件进行签名。

相关内容