我在具有两个域名(每个域名都有自己的 IP)的 VPS 上设置了 Postfix
域 1 - 194.xxx.xxx.1
域2-194.xxx.xxx.2
当我通过域 2 发送邮件时 - 我收到 dmarc 报告,称该邮件使用域 1 的邮件服务器。并且该邮件被阻止。
我不知道为什么会发生这种情况......邮件的标题如下所示:
Return-Path
X-Spam-Checker-Version SpamAssassin 3.4.0 (2014-02-07) on server1.domain1.com
X-Spam-Level
X-Spam-Status No, score=0.0 required=5.0 tests=NO_RELAYS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0
X-Original-To [email protected]
Delivered-To [email protected]
Received by server1.domain1.com (Postfix)
id xyz Thu, 7 Jul 2016 164833 +0200 (CEST)
Date Thu, 7 Jul 2016 164833 +0200 (CEST)
From [email protected] (Mail Delivery System)
Subject Undelivered Mail Returned to Sender
To [email protected]
我的 master-cf 条目:
194.xxx.xxx.1:submission inet n - - - - smtpd
-o myhostname=server1.domain1.com
-o smtpd_sasl_auth_enable=yes
194.xxx.xxx.2:submission inet n - - - - smtpd
-o smtp_helo_name=mail.domain2.com
-o myhostname=mail.domain2.com
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
主配置文件
# Disable SSLv2 and SSLv3 leaving TLSv1, TLSv1.1 and TLSv1.2 enabled.
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
# Configure the allowed cipher list
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
# Enable EECDH key exchange for Forward Security
smtpd_tls_eecdh_grade=ultra
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
myorigin = /etc/mailname
append_dot_mydomain = no
readme_directory = no
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
#myhostname = server1.domain1.com
#mydestination = server1.domain1.com, localhost.domain1.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
## server will announce STARTTLS ##
smtp_tls_note_starttls_offer = yes
# TLS parameters
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# HELO parameters
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
# 'encrypt' will enforce SSL. Not recommended for live servers ##
smtpd_tls_security_level = may
#smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# neue restrictions 10.06.16
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
# smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
allow_percent_hack = no
tls_random_source = dev:/dev/urandom
# multi ip on für not resolve meldubg im log
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C RESOLV_MULTI=on
感谢任何帮助或为我指明正确的方向!
麦克风
!!编辑!!
我向 gmx.net (德国免费邮件) 和 hotmail 发送了一封邮件。在 gmx 上,我有此标题 (邮件已通过)
Return-Path: <[email protected]>
Received: from server1.domain1.com ([194.xxx.xxx.1]) by mx-ha.gmx.net
(mxgmx110) with ESMTPS (Nemesis) id 0Llpue-1amr0r3TPM-00ZNcb for
<[email protected]>; Sat, 09 Jul 2016 18:02:49 +0200
Received: from [192.168.xxx.xxx] (cli-5b7ee90b [91.xx.xx.xx])
by mail.domain2.com (Postfix) with ESMTPSA id E1D9512027A
for <[email protected]>; Sat, 9 Jul 2016 18:02:47 +0200 (CEST)
To: "R.T." <[email protected]>
From: User <[email protected]>
Subject: test666
如您所见,返回路径是正确的:domain2.com
但第一个“已接收:来自 server1.domain1.com ([194.xxx.xxx.1])”指向 domain1.com 的服务器
第二条消息为“已接收:来自 [192.168.xxx.xxx] (cli-5b7ee90b [91.xx.xx.xx]),发送方为 mail.domain2.com (Postfix)”
来自正确的服务器:mail.domain2.com。
我尝试了一切 - 我检查了一切 - 我不知道为什么会发生这种情况 - 我检查了 server1.domain1.com 的邮件标题并且它们都很好 - 只有在 mail.domain2.com 上使用 smtp 时才会发生这种情况。
正如报告所述 - 邮件被拒绝,因为标题来自域2,但发件人和ip来自域1
但是。hotmail、yahoo、apple 和 google 都阻止了我来自 domain2 的邮件。
答案1
您提供的任何配置都与您遇到的问题无关。
根据DMARC
规则拒绝邮件意味着SPF
不遵守规则。您应该修改SPF
两个域的邮件以包含另一个域,以便两个服务器都可以发送邮件。
在进行SPF
更改时,放松规则总是一个好主意,DMARC
这样当消息SPF
验证失败时就不会被拒绝。这样,您就可以在使规则更加严格之前监控和解决问题。