继承了一个运行 Postfix (2.9.6) 的 Ubuntu 服务器 (12.04),该服务器作为 Web 应用程序的仅出站邮件中继。
已将 SPF 和 DMARC 记录输入到公共 DNS(Route53)中。根据客户要求,努力正确配置 DKIM。我们代表他们发送邮件,但针对 Gmail 帐户的电子邮件已被延迟,因为我们的 IP 或 CNAME 记录不在他们的 DNS 中。他们已要求我们提供 DKIM 配置。这只是一种很好的做法。
目标:我正在确认我们的 Postfix 配置和 DNS(特别是 DKIM TXT 记录)是否配置为反映我们的 Postfix(main.cf)。
这似乎很明显,所以让我分享我们的配置、我发现的内容,也许有更多经验的人可以分享任何见解。
当前配置
主配置文件
myhostname = smtp.mydomain.com
myorigin = /etc/mailname...cat /etc/mailname = mail.mydomain.com
公共 DNS
我的域名.com MX 10 smtp.我的域名.com
mydomain.com TXT v=SPF1; a:smtp.mydomain.com -all
_dmarc.mydomain.com TXT v=DMARC1; p=none; rua:mailto:
mail._domainkey.mydomain.com TXT v=DKIM1; k=rsa; p=
smtp.mydomain.com A
mail.mydomain.com CNAME smtp.mydomain.com
从 UBUNTU/POSTFIX 服务器进行命令行电子邮件测试
echo“测试消息”| mail -s“测试电子邮件”[电子邮件保护]
Gmail 输出:
原始信息
Message ID: <id-string@**smtp.mydomain.co**m>
From: Ubuntu User <ubuntu_user@**mail.mydomain.com**>
To: [email protected]
SPF: PASS with IP 165.11.22.33
DMARC: 'FAIL'
标头
Delivered-To: [email protected]
Received: by 2002:ab0:1d8f:0:0:0:0:0 with SMTP id l15csp1726299uak;
Mon, 29 Oct 2018 15:40:23 -0700 (PDT)
X-Google-Smtp-Source: AJdET5fekgw1/THhdQd68d48F6YdbjAzHBIJX11Pw7EVfoNfVzcdig7100nYe4qzCo5Ip8RIeovT
X-Received: by 2002:a63:c45:: with SMTP id 5-v6mr15518118pgm.372.1540852823648;
Mon, 29 Oct 2018 15:40:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540852823; cv=none;
d=google.com; s=arc-20160816;
b=wS6zfKOrfEXcC0cvWje6qlDcrGX7eQ5NWiIrN7vVC5azOBPwAWpR4gniHnlc8uzK1u
UAHscndWVkniIM79rgMdot0mD72o0h/vwH4spaE6VwFHQcgg88PcskpXhykhK6JToF1U
0LRNde0BdJM4GX+Ri9c1aHwy0SiOgDQr3CLnynelBtUXfa5oOz8DLvdi0tPgZXU5oOQL
B1DybgHTq/cmAJzpVdkBBp3nCrU7Bj37cazjHzT6osDTQoRkUCXl3KY5jXmUxr+DZBzg
K1p4fuA9IOJNuufpCGoiJJzfpoRACYw8X86QL3aB7xH5jjFhbrsDgCPk/gAKQ1afdsxU
+Xsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=from:date:message-id:to:subject;
bh=PkbvdhgKiEAAhc+GiwM2ZnxMu+StJ76lWGj3Y9phfFA=;
b=KRDIVpwLAvIbW/N0CGCh++bcr5oayPJX9KqcPBKYEbf/LWLL5VABryAkmw369wx+9R
YKSwvxhRmLoMHWROsRM4ajdghUuoyF8n5lK0XbiHMy1Eh0K1VNtT5QJnR328ycYR4ECo
QkmmoODK2GN8RsjWw8UlC33XGS/2kc0X37O1wwyTqHo06VUNC27QElKiC7as5BNNGG2Y
SaDmnzD4Nq7b3BSnvhi/kLG2z9Pannolf+Pm5O6V71TimMus8dk71WeZ5ntdMdjFBrju
yc47X1zKnmfLpTevISfdzYB/cxW9Hj35/ojE3+9863DgIUrepuie8aHZGcCMwit2Y3/h
hTyA==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: best guess record for domain of ubuntu_user@**mail.mydomain.com** designates 165.22.33.44 as permitted sender) **[email protected]**;
dmarc=fail (p=NONE sp=NONE dis=NONE) **header.from=mydomain.com**
Return-Path: <[email protected]>
Received: from **smtp.mydomain.com** (smtp.mydomain.com. [165.22.33.44])
by mx.google.com with ESMTPS id g11-v6si8549874pgu.301.2018.10.29.15.40.23
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 29 Oct 2018 15:40:23 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of ubuntu_user@**mail.mydomain.com** designates 165.22.33.44 as permitted sender) client-ip=165.22.33.44;
Authentication-Results: mx.google.com;
spf=pass (google.com: best guess record for domain of ubuntu_user@**mail.mydomain.com** designates 165.22.33.44 as permitted sender) **[email protected]**;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mydomain.com
Received: by **smtp.mydomain.com** (Postfix, from userid 1016) id AF76AB605F1; Mon, 29 Oct 2018 15:40:22 -0700 (MST)
Subject: Test Email
To: <[email protected]>
X-Mailer: mail (GNU Mailutils 2.2)
Message-Id: <[email protected]>
Date: Mon, 29 Oct 2018 15:40:22 -0700 (MST)
From: Ubuntu User <[email protected]>
Test message
Mail-Tester.com 输出
echo "测试消息" | mail -s “测试电子邮件”@mail-tester.com
得分:8/10
[SPF] mail.mydomain.com does not allow your server 165.11.22.33 to use [email protected]
You do not have a SPF record, please add the following one to your domain mail.webassessor.com:
v=spf1 a mx ip4:162.42.66.34 ~all
The Name Server handling the domain name mail.webassessor.com is smtp.webassessor.com.
Your message is not signed with DKIM
注意:我已经安装了 openDKIM,但是尚未连接到 Postfix,因为我不想在解决这些问题之前中断邮件流。
参考资源
Postfix/DKIM
https://help.ubuntu.com/community/Postfix/DKIM
SPF 检查器
https://mxtoolbox.com/spf.aspx
DKIM 检查器
https://www.dmarcanalyzer.com/dkim/dkim-check/
https://protodave.com/tools/dkim-key-checker/
DMARC 检查器
https://dmarcian.com/dmarc-inspector/
我也在 postfix、opendkim、reddit 和其他网站上阅读了大量内容,仅供参考。
问题):
基本的:
问?我需要编辑 /etc/mailname 并更改为 smtp.mydomain.com 吗?
次要的(如果您有时间/见解,将不胜感激)
*问?我是否也应该在 smtp.mydomain.com 的 SPF 中添加 IP4?
问?使用 smtp.mydomain.com 会改变我的 dkim 记录配置吗?
问?使用 smtp.mydomain.com 会改变我的 dmarc 记录配置吗?
*问?还有什么可能遗漏?
如果您已经读到这里,我们非常感谢您抽出时间。谢谢。