为何此传入消息会失败?
postfix/smtpd[4776]: connect from mail-mw2nam10on2073.outbound.protection.outlook.com[40.107.94.73]
postfix/smtpd[4776]: Anonymous TLS connection established from mail-mw2nam10on2073.outbound.protection.outlook.com[40.107.94.73]: TLSv1.2 with cipher <snip>4 (256/256 bits)
postfix/smtpd[4776]: 631A5453D55: client=mail-mw2nam10on2073.outbound.protection.outlook.com[40.107.94.73]
postfix/cleanup[4781]: 631A5453D55: message-id=<414<snip>MDC019E7.cnb.Corp.net>
opendkim[849]: 631A5453D55: mail-mw2nam10on2073.outbound.protection.outlook.com [40.107.94.73] not internal
opendkim[849]: 631A5453D55: not authenticated
opendkim[849]: 631A5453D55: DKIM verification successful
opendmarc[840]: 631A5453D55 ignoring Authentication-Results at 1 from ip-<snip>.ec2.internal
opendmarc[840]: 631A5453D55: SPF(mailfrom): [email protected] fail
opendmarc[840]: 631A5453D55: cnb.com fail
postfix/cleanup[4781]: 631A5453D55: milter-reject: END-OF-MESSAGE from mail-mw2nam10on2073.outbound.protection.outlook.com[40.107.94.73]: 5.7.1 rejected by DMARC policy for cnb.com; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<NAM10-MW2-obe.outbound.protection.outlook.com>
postfix/smtpd[4776]: disconnect from mail-mw2nam10on2073.outbound.protection.outlook.com[40.107.94.73]
看来 cnb.com 的 DNS 具有 MS 在此处提到的正确 MS 记录 (spf.protection.outlook.com): https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide
# dig cnb.com txt|grep spf
cnb.com. 290 IN TXT "v=spf1 include:spf.protection.outlook.com include:cnb.com._nspf.vali.email include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all"
它们来自此处 40.107.0.0/16 网络内的 IP:
https://mxtoolbox.com/SuperTool.aspx?action=spf:spf.protection.outlook.com&newAppVersion=1
他们的 SPF 配置是不是出了什么问题,还是我这边出了问题?
答案1
看起来 DNS 查询无法从世界某个地方到达 NS 服务器,失败率接近 8%,这可能与防火墙规则的流量有关,如以下查询所示: