我正在使用 opendkim + postfix 作为我的网站的 MTA,一切正常:邮件由 DKIM 签名,gmail 将它们标记为“通过”
问题是当我使用此配置作为来自另一个虚拟机的中继(通过 ssmtp)时:
作为一个中继,邮件发送成功,但是从未由夫妇 postfix / opendkim 签名
对于每个测试,发送者和接收者都是相同的
以下是日志:直接(邮件已发送 + dkim ok):
> Apr 7 16:07:16 media-perso postfix/pickup[32522]: CD59C2408AC: uid=0
> from=<me@****.net> Apr 7 16:07:16 media-perso postfix/cleanup[32753]:
> CD59C2408AC: message-id=<20170407140716.CD59C2408AC@ip-***-***-***.eu>
> Apr 7 16:07:16 media-perso postfix/qmgr[32523]: CD59C2408AC:
> from=<me@****.net>, size=379, nrcpt=1 (queue active) Apr 7 16:07:17
> media-perso postfix/qmgr[32523]: CD59C2408AC: removed
当使用 postfix 中继时(邮件已发送,但没有 dkim 标志):
Apr 7 16:07:01 media-perso postfix/smtpd[32750]: connect from repl.****.com[149.***.***.***]
Apr 7 16:07:01 media-perso postfix/smtpd[32750]: 1BD99240365: client=repl.****.com[149.***.***.***]
Apr 7 16:07:02 media-perso postfix/cleanup[32753]: 1BD99240365: message-id=<>
Apr 7 16:07:02 media-perso postfix/qmgr[32523]: 1BD99240365: from=<me@****.net>, size=491, nrcpt=1 (queue active)
Apr 7 16:07:02 media-perso postfix/smtpd[32750]: disconnect from repl.****.com[149.***.***.***]
Apr 7 16:07:02 media-perso postfix/qmgr[32523]: 1BD99240365: removed
当然,无论如何我都想使用 DKIM 签名(直接 + 中继),这里是 ssmtp 配置:
root=postmaster
mailhub=mailhub ( postfix server )
hostname=FQDN
FromLineOverride=YES
UseSTARTTLS=YES ( i tried with/without this )
Posfix 配置:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = ip-***-176.eu, *****.net, media-perso, localhost.localdomain, localhost
myhostname = ip-****176.eu
mynetworks = hash:/etc/postfix/trusted_client
myorigin = *****.net
non_smtpd_milters = local:/opendkim/opendkim.sock
readme_directory = no
recipient_delimiter = +
relayhost =
slow_destination_concurrency_limit = 2
slow_destination_recipient_limit = 20
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scace
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_milters = local:/opendkim/opendkim.sock
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
我错过了什么?
配置:debian8
安装自:https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8
答案1
问题的根源是受信任的主机列表
如果 smtp 客户端不在该列表中,则不会打印任何错误或日志。邮件已发送,但没有 DKIM 签名
就我而言,这是我的配置
/etc/opendkim.conf
ExternalIgnoreList refile:/etc/opendkim/trusted.hosts
要解决此问题,只需在 /etc/opendkim/trusted.hosts 上添加客户端的 IP / fqdn
然后重新启动 opendkim 守护进程