这是“为什么我的 opendmarc 几乎所有功能都失败了?“我真的很难理解到底发生了什么。”
接收端(例如 Gmail)已正确验证了发送邮件。我的系统似乎已正确验证了部分接收邮件(例如来自 Gmail 的邮件,尽管有时我的系统无法验证 Gmail,但不知道原因)。
这是我的邮件客户端收到的带有所有标头的完整电子邮件。它从我控制的一个域(unijobs.it)发送到我控制的另一个域(morpheu5.net),该域启用了 DKIM 签名,该域未启用签名,但 MTA 相同,并配置为验证 DKIM 签名和 DMARC opendmarc,它还会自我检查 SPF 记录。
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from mail.morpheu5.net ([172.18.0.14])
by 9f813b9f7008 with LMTP
id 5tWtJGjL4luwGQAA6DItRA
(envelope-from <[email protected]>)
for <[email protected]>; Wed, 07 Nov 2018 11:24:24 +0000
Received: from dhcp-10-248-111-49.eduroam.wireless.private.cam.ac.uk (global-5-142.nat-2.net.cam.ac.uk [131.111.5.142])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail.morpheu5.net (Postfix) with ESMTPSA id 24107100B2EB
for <[email protected]>; Wed, 7 Nov 2018 11:24:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unijobs.it; s=mail;
t=1541589864; bh=2smQQPcPgnXpmp5mA1IMZoy38oz3CAJ+c7rCDD9nDJM=;
h=From:Subject:Date:To:From;
b=QqUwksIMLQSQ9GPbHAQcPj+4YpYYp63bHw48aar2ZOrYI47qYKSMnV6gm3d/zBoH2
ylBBuHDu5JEkpFu5bOS/6a1TwnGfhKzAWc7mpDc9ZOb63Yg3g/E4DmmISfZ494i/fQ
6JWB2QhKqwPurPSOxjgokSWq1AfHFQbQPHVXjzfw=
Authentication-Results: mail.morpheu5.net; dmarc=fail (p=quarantine dis=none) header.from=unijobs.it
Authentication-Results: mail.morpheu5.net; spf=fail [email protected]
From: "Andrea Franceschini (UniJobs.it)" <[email protected]>
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: A test message for Server Fault
Message-Id: <[email protected]>
Date: Wed, 7 Nov 2018 11:24:23 +0000
To: [email protected]
X-Mailer: Apple Mail (2.3445.9.1)
X-Spam-Status: No, score=3.5 required=5.0 tests=DKIM_ADSP_ALL,
DNS_FROM_AHBL_RHSBL,UNPARSEABLE_RELAY autolearn=no autolearn_force=no
version=3.4.0
X-Spam-Level: ***
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on 226c07f01f2b
This is a drill. I repeat, this is a drill.
Please ignore.
这些日志毫无帮助:
postfix/submission/smtpd[109]: Anonymous TLS connection established from global-5-142.nat-2.net.cam.ac.uk[131.111.5.142]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
postfix/submission/smtpd[109]: 24107100B2EB: client=global-5-142.nat-2.net.cam.ac.uk[131.111.5.142], sasl_method=PLAIN, [email protected]
postfix/cleanup[120]: 24107100B2EB: message-id=<[email protected]>
opendmarc[24]: 24107100B2EB: SPF(mailfrom): [email protected] fail
opendmarc[24]: 24107100B2EB: unijobs.it fail
opendkim[25]: 24107100B2EB: DKIM-Signature field added (s=mail, d=unijobs.it)
postfix/qmgr[97]: 24107100B2EB: from=<[email protected]>, size=849, nrcpt=1 (queue active)
postfix/lmtp[121]: 24107100B2EB: to=<[email protected]>, relay=mopsmailer_dovecot[172.18.0.20]:24, delay=0.53, delays=0.47/0.02/0.02/0.02, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> 5tWtJGjL4luwGQAA6DItRA Saved)
postfix/qmgr[97]: 24107100B2EB: removed
我对“DKIM-Signature field Added”行之前的 SPF 和 DMARC 故障的位置有点困惑:是不是 opendmarc 正在尝试验证传出消息发出时,而不是入站消息传入时?
如果我“忽略经过身份验证的客户端”,当然可以“解决”这个问题,但那只是因为没有对从我的 MTA 发送给自身的消息进行检查。原则上,验证应该可以工作,对吗?
有关配置的信息,请参阅其他问题(见顶部)。