为什么我的 postfix 会拒绝带有 spf hardfail 的邮件,即使 spf DNs 记录设置为 softfail?

为什么我的 postfix 会拒绝带有 spf hardfail 的邮件,即使 spf DNs 记录设置为 softfail?

我得到的日志输出如下:

"Jul  7 11:23:46 mail policyd-spf[19779]: 550 5.7.23 Message rejected
due to: SPF fail - not authorized. Please see 
http://www.openspf.net/Why?s=mfrom;[email protected];ip=<IP>;r=<UNKNOWN>
Jul  7 11:23:46 mail postfix/smtpd[19773]: NOQUEUE: reject: RCPT from
remotemailserver.de[IP]: 550 5.7.23 <[email protected]>:
Recipient address rejected: Message rejected due to: SPF fail - not
authorized. Please see http://www.openspf.net/Why?s=mfrom;[email protected]
;ip=<IP>;r=<UNKNOWN>;; from=<[email protected]> to=<[email protected]>
proto=ESMTP helo=<remotemailserver.de>"

我的 policyd-spf.conf 如下所示:

#  For a fully commented sample config file see policyd-spf.conf.commented

debugLevel = 1 
TestOnly = 1

HELO_reject = Fail
Mail_From_reject = Fail

PermError_reject = False
TempError_Defer = False

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

remotemailserver.de 的 spf DNS 记录如下:

subdomain.remotemailserver.de.   508     IN      TXT     "v=spf1 include:_spf.remotemailserver.de ~all"

我绝对不是后缀专家,但根据https://manpages.debian.org/testing/postfix-policyd-spf-python/policyd-spf.conf.5.en.html设置HELO_reject并且Mail_From_reject不应对spf 记录Fail上的传入邮件进行硬故障。~all

我哪里错了?

答案1

这其实是我的一个误解。我以为 remotemailserver.de 的 sfp 条目被检查了。但实际上被检查的是 FROM 字段的邮件服务器。

在这种情况下,gmx.net 的 sfp 记录是 -all 记录,这意味着我得到了硬故障(正确)。

相关内容