Postfix 虚拟域 - 邮件由第二台服务器发送

Postfix 虚拟域 - 邮件由第二台服务器发送

我在具有两个域名(每个域名都有自己的 IP)的 VPS 上设置了 Postfix

域 1 - 194.xxx.xxx.1

域2-194.xxx.xxx.2

当我通过域 2 发送邮件时 - 我收到 dmarc 报告,称该邮件使用域 1 的邮件服务器。并且该邮件被阻止。

我不知道为什么会发生这种情况......邮件的标题如下所示:

Return-Path 
X-Spam-Checker-Version SpamAssassin 3.4.0 (2014-02-07) on server1.domain1.com
X-Spam-Level 
X-Spam-Status No, score=0.0 required=5.0 tests=NO_RELAYS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0
X-Original-To [email protected]
Delivered-To [email protected]
Received by server1.domain1.com (Postfix)
    id xyz Thu,  7 Jul 2016 164833 +0200 (CEST)
Date Thu,  7 Jul 2016 164833 +0200 (CEST)
From [email protected] (Mail Delivery System)
Subject Undelivered Mail Returned to Sender
To [email protected]

我的 master-cf 条目:

194.xxx.xxx.1:submission    inet    n   -   -   -   -   smtpd
    -o myhostname=server1.domain1.com
    -o smtpd_sasl_auth_enable=yes 

194.xxx.xxx.2:submission    inet    n   -   -   -   -   smtpd
        -o smtp_helo_name=mail.domain2.com
        -o myhostname=mail.domain2.com
        -o smtpd_tls_security_level=encrypt    
        -o smtpd_sasl_auth_enable=yes

主配置文件

# Disable SSLv2 and SSLv3 leaving TLSv1, TLSv1.1 and TLSv1.2 enabled.
smtpd_tls_mandatory_protocols = SSLv3, TLSv1

# Configure the allowed cipher list
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

# Enable EECDH key exchange for Forward Security
smtpd_tls_eecdh_grade=ultra

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
myorigin = /etc/mailname
append_dot_mydomain = no
readme_directory = no
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
#myhostname = server1.domain1.com
#mydestination = server1.domain1.com, localhost.domain1.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

## server will announce STARTTLS ##
smtp_tls_note_starttls_offer = yes 

# TLS parameters
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# HELO parameters
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
     reject_non_fqdn_hostname,
     reject_invalid_hostname,
     permit

# 'encrypt' will enforce SSL. Not recommended for live servers ##
smtpd_tls_security_level = may
#smtpd_tls_security_level = encrypt 

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# neue restrictions 10.06.16
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   permit
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
# smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost = 
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
allow_percent_hack = no
tls_random_source = dev:/dev/urandom

# multi ip on für not resolve meldubg im log
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C RESOLV_MULTI=on

感谢任何帮助或为我指明正确的方向!

麦克风


!!编辑!!

我向 gmx.net (德国免费邮件) 和 hotmail 发送了一封邮件。在 gmx 上,我有此标题 (邮件已通过)

Return-Path: <[email protected]>
Received: from server1.domain1.com ([194.xxx.xxx.1]) by mx-ha.gmx.net
 (mxgmx110) with ESMTPS (Nemesis) id 0Llpue-1amr0r3TPM-00ZNcb for
 <[email protected]>; Sat, 09 Jul 2016 18:02:49 +0200
Received: from [192.168.xxx.xxx] (cli-5b7ee90b [91.xx.xx.xx])
    by mail.domain2.com (Postfix) with ESMTPSA id E1D9512027A
    for <[email protected]>; Sat,  9 Jul 2016 18:02:47 +0200 (CEST)
To: "R.T." <[email protected]>
From: User <[email protected]>
Subject: test666

如您所见,返回路径是正确的:domain2.com

但第一个“已接收:来自 server1.domain1.com ([194.xxx.xxx.1])”指向 domain1.com 的服务器

第二条消息为“已接收:来自 [192.168.xxx.xxx] (cli-5b7ee90b [91.xx.xx.xx]),发送方为 mail.domain2.com (Postfix)”

来自正确的服务器:mail.domain2.com。

我尝试了一切 - 我检查了一切 - 我不知道为什么会发生这种情况 - 我检查了 server1.domain1.com 的邮件标题并且它们都很好 - 只有在 mail.domain2.com 上使用 smtp 时才会发生这种情况。

正如报告所述 - 邮件被拒绝,因为标题来自域2,但发件人和ip来自域1

但是。hotmail、yahoo、apple 和 google 都阻止了我来自 domain2 的邮件。

答案1

您提供的任何配置都与您遇到的问题无关。

根据DMARC规则拒绝邮件意味着SPF不遵守规则。您应该修改SPF两个域的邮件以包含另一个域,以便两个服务器都可以发送邮件。

在进行SPF更改时,放松规则总是一个好主意,DMARC这样当消息SPF验证失败时就不会被拒绝。这样,您就可以在使规则更加严格之前监控和解决问题。

相关内容