我得到的日志输出如下:
"Jul 7 11:23:46 mail policyd-spf[19779]: 550 5.7.23 Message rejected
due to: SPF fail - not authorized. Please see
http://www.openspf.net/Why?s=mfrom;[email protected];ip=<IP>;r=<UNKNOWN>
Jul 7 11:23:46 mail postfix/smtpd[19773]: NOQUEUE: reject: RCPT from
remotemailserver.de[IP]: 550 5.7.23 <[email protected]>:
Recipient address rejected: Message rejected due to: SPF fail - not
authorized. Please see http://www.openspf.net/Why?s=mfrom;[email protected]
;ip=<IP>;r=<UNKNOWN>;; from=<[email protected]> to=<[email protected]>
proto=ESMTP helo=<remotemailserver.de>"
我的 policyd-spf.conf 如下所示:
# For a fully commented sample config file see policyd-spf.conf.commented
debugLevel = 1
TestOnly = 1
HELO_reject = Fail
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
remotemailserver.de 的 spf DNS 记录如下:
subdomain.remotemailserver.de. 508 IN TXT "v=spf1 include:_spf.remotemailserver.de ~all"
我绝对不是后缀专家,但根据https://manpages.debian.org/testing/postfix-policyd-spf-python/policyd-spf.conf.5.en.html设置HELO_reject并且Mail_From_reject不应对spf 记录Fail上的传入邮件进行硬故障。~all
我哪里错了?
答案1
这其实是我的一个误解。我以为 remotemailserver.de 的 sfp 条目被检查了。但实际上被检查的是 FROM 字段的邮件服务器。
在这种情况下,gmx.net 的 sfp 记录是 -all 记录,这意味着我得到了硬故障(正确)。