我正在使用 postfix 从我自己的域发送邮件,并使用 postfix-policyd-spf-perl 检查 SPF。
仅当我从自己的域向自己的域发送电子邮件时,SPF 检查才会失败。
总之 :
- mydomain -> gmail.com (SPF 有效,gmail 可以检查我的 SPF)
- gmail.com -> mydomain(SPF 有效,我可以检查 gmail.com SPF)
- mydomain -> mydomain(SPF 失败)
在日志中搜索后,我发现当我向自己的域发送电子邮件时,ipaddr 发件人是客户端,而不是服务器。如果我的邮件客户端不在公司网络中,则 ipaddr 不在保留 ip 地址范围内。
我认为这就是 SPF 失败的原因。
TLS 使用 let's encrypt 证书。LDAP 用于存储用户凭证。Dovecot 用作 LDA。OpenDKIM、OpenDMARC 和 SpamAssassin 用作过滤程序。
它们都有效(除了 OpenDMARC,因为有 SPF)。
我需要更改哪些配置文件才能使其正常工作?
主配置文件
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost
local_transport = error:Local Transport Disabled
local_recipient_maps =
alias_maps =
inet_protocols = ipv4
smtputf8_enable = no
smtpd_milters = inet:dkim:8891, inet:dmarc:8891
non_smtpd_milters = inet:dkim:8891, inet:dmarc:8891
### DELIVERY
virtual_mailbox_domains = $mydomain
virtual_mailbox_maps = ldap:$config_directory/conf/ldap_users
virtual_transport = lmtp:spam:10025
### SMTP SERVER
## Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = inet:lda:24
## Restrictions
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_unknown_client_hostname
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_helo_hostname,
check_helo_access hash:$config_directory/conf/helo_access,
permit
smtpd_sender_login_maps = ldap:$config_directory/conf/ldap_users
smtpd_sender_restrictions =
reject_sender_login_mismatch,
reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
check_policy_service unix:private/policy, # SPF check
check_policy_service inet:lda:7026, # Quota check
permit
smtpd_reject_unlisted_sender = yes
## Security
smtpd_client_new_tls_session_rate_limit = 10
smtpd_tls_CAfile = /etc/ssl/private/letsencrypt/mydomain/fullchain.pem
smtpd_tls_cert_file = /etc/ssl/private/letsencrypt/mydomain/cert.pem
smtpd_tls_dh1024_param_file = /etc/ssl/private/dh.pem
smtpd_tls_key_file = /etc/ssl/private/letsencrypt/mydomain/privkey.pem
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_session_cache
主配置文件
smtp inet n - n - - smtpd
-o smtpd_sasl_auth_enable=no
submission inet n - n - - smtpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
policy unix - n n - 0 spawn
user=nobody argv=/usr/bin/postfix-policyd-spf-perl
谢谢