Postfix SPF 检查失败

Postfix SPF 检查失败

我正在使用 postfix 从我自己的域发送邮件,并使用 postfix-policyd-spf-perl 检查 SPF。

仅当我从自己的域向自己的域发送电子邮件时,SPF 检查才会失败。

总之 :

  • mydomain -> gmail.com (SPF 有效,gmail 可以检查我的 SPF)
  • gmail.com -> mydomain(SPF 有效,我可以检查 gmail.com SPF)
  • mydomain -> mydomain(SPF 失败)

在日志中搜索后,我发现当我向自己的域发送电子邮件时,ipaddr 发件人是客户端,而不是服务器。如果我的邮件客户端不在公司网络中,则 ipaddr 不在保留 ip 地址范围内。

我认为这就是 SPF 失败的原因。

TLS 使用 let's encrypt 证书。LDAP 用于存储用户凭证。Dovecot 用作 LDA。OpenDKIM、OpenDMARC 和 SpamAssassin 用作过滤程序。

它们都有效(除了 OpenDMARC,因为有 SPF)。

我需要更改哪些配置文件才能使其正常工作?

主配置文件

compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost
local_transport = error:Local Transport Disabled
local_recipient_maps =
alias_maps =
inet_protocols = ipv4
smtputf8_enable = no

smtpd_milters = inet:dkim:8891, inet:dmarc:8891
non_smtpd_milters = inet:dkim:8891, inet:dmarc:8891

### DELIVERY

virtual_mailbox_domains = $mydomain
virtual_mailbox_maps = ldap:$config_directory/conf/ldap_users
virtual_transport = lmtp:spam:10025

### SMTP SERVER

## Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = inet:lda:24

## Restrictions
smtpd_client_restrictions =
        permit_sasl_authenticated,
        reject_unknown_client_hostname
smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        reject_invalid_helo_hostname,
        check_helo_access hash:$config_directory/conf/helo_access,
        permit
smtpd_sender_login_maps = ldap:$config_directory/conf/ldap_users
smtpd_sender_restrictions =
        reject_sender_login_mismatch,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        check_policy_service unix:private/policy, # SPF check
        check_policy_service inet:lda:7026,       # Quota check
        permit
smtpd_reject_unlisted_sender = yes

## Security
smtpd_client_new_tls_session_rate_limit = 10
smtpd_tls_CAfile = /etc/ssl/private/letsencrypt/mydomain/fullchain.pem
smtpd_tls_cert_file = /etc/ssl/private/letsencrypt/mydomain/cert.pem
smtpd_tls_dh1024_param_file = /etc/ssl/private/dh.pem
smtpd_tls_key_file = /etc/ssl/private/letsencrypt/mydomain/privkey.pem
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_session_cache

主配置文件

smtp      inet  n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=no
submission inet n       -       n       -       -       smtpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
policy    unix  -       n       n       -       0       spawn
  user=nobody argv=/usr/bin/postfix-policyd-spf-perl

谢谢

相关内容