我已更新我们的邮件服务器以使用 DMARC。因此,此后我们的 ERP 系统无法向 gmail.com 或 yahoo.com 发送电子邮件,但 Outlook 可以毫无问题地发送电子邮件。
以下是从我的域发送到 Gmail 且安全的电子邮件的标题:
Message ID <[email protected]>
Created at: Fri, Jul 16, 2021 at 11:30 AM (Delivered after 4 seconds)
From: me
To: [email protected]
Subject: Check1
SPF: PASS with IP 000.000.000.000 (mail server IP) Learn more
DKIM: 'PASS' with domain domain.com Learn more
DMARC: 'PASS' Learn more
但是当我们使用下面的代码从我们的 ERP 发送时:
defined('BASEPATH') OR exit('No direct script access allowed');
class SendPO extends CI_Controller {
var $role,$user,$brand;
public function __construct()
{
parent::__construct();
$this->load->helper('url');
}
public function index(){
$mailTo = "[email protected]";
$subject = "Mail check ";
$config = Array(
'protocol' => 'smtp',
'smtp_host' => 'mail.example.com',
'smtp_port' => 465,
'smtp_user' => '[email protected]',
'smtp_pass' => 'some-password',
'charset'=>'utf-8',
'validate'=>TRUE,
'wordwrap'=> TRUE,
'dkim_domain' => 'example.com',
'dkim_private' => '/home/ubuntu/mail.private',
'dkim_selector' => 'mail',
'dkim_passphrase' => '',
);
$this->load->library('email', $config);
$this->email->set_newline("\r\n");
$this->email->from("[email protected]");
$this->email->cc("[email protected]");
// replace my mail by user it is just for testing
$this->email->to($mailTo);
$this->email->subject($subject);
$msg="Mail check";
//echo $msg;
$this->email->message($msg);
$this->email->set_header('Reply-To', $userMail);
$this->email->set_mailtype('html');
$this->email->send();
}
}
?>
我看到这封邮件“已退回邮件:详情请参阅邮件记录”
The original message was received on Fri, 16 Jul 2021 11:22:05 +0200
来自 erp.domain.com [127.0.0.1]
----- The following addresses had permanent fatal errors -----
(reason: 550-5.7.26 Unauthenticated email from example.com is not accepted due)
----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.26 Unauthenticated email from example.com is not accepted due
<<< 550-5.7.26 to domain's DMARC policy. Please contact the administrator of
<<< 550-5.7.26 example.com domain if this was a legitimate mail.
Please
<<< 550-5.7.26 visit
<<< 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the
<<< 550 5.7.26 DMARC initiative. g11si7705633pfc.152 - gsmtp
554 5.0.0 服务不可用
Reporting-MTA: dns; erp.domain.com
Received-From-MTA: DNS; erp.domain.com
Arrival-Date: Fri, 16 Jul 2021 11:22:05 +0200
Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.7.26
Remote-MTA: DNS; gmail-smtp-in.l.google.com
Diagnostic-Code: SMTP; 550-5.7.26 Unauthenticated email from example.com is not accepted due
Last-Attempt-Date: Fri, 16 Jul 2021 11:22:05 +0200
Return-Path:
Received: from erp.example.com (erp.example.com [127.0.0.1])
by erp.example.com (8.15.2/8.15.2/Debian-3) with ESMTP id 16G9M5eY021733;
Fri, 16 Jul 2021 11:22:05 +0200
Received: (from www-data@localhost)
by erp.domain.com (8.15.2/8.15.2/Submit) id 16G9M5NP021732;
Fri, 16 Jul 2021 11:22:05 +0200
X-Authentication-Warning: erp.domain.com: www-data set sender to [email protected] using -f
To: [email protected]
Subject: =?UTF-8?Q?Vendor=20VPO=20Test=20?=
X-PHP-Originating-Script: 0:Email.php
User-Agent: CodeIgniter
Date: Fri, 16 Jul 2021 11:22:05 +0200
From:
Cc: [email protected]
Reply-To:
X-Sender: [email protected]
X-Mailer: CodeIgniter
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="B_ALT_60f14fbd23d53"
我已经做过测试https://www.mail-tester.com/显示 10/10
当我进行测试时https://toolbox.googleapps.com/它显示:
error
DKIM authentication DNS setup.
DKIM technology is used to help detection of unauthorized mail that pretends to be sent out from your domain.
Invalid format of DKIM record.
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjYVyZyyl6T...
error
SPF must allow Google servers to send mail on behalf of your domain.
Decision SPF fail - not authorized
Record v=spf1 mx a ip4:000.000.000.000 -all
warning
No Google mail exchangers were found. Relay host configuration?
If you intentionally set up a mail server somewhere on your premises that automatically forwards all incoming mail to Google you may disregard this warning. Otherwise - this is a serious configuration error as it causes disruption of mail flow.
0 mail.example.com
info_outline
Effective SPF Address Ranges.
The following IP addresses are taken from the includes and IP4/IP6 directives within this domain's SPF record.
example.com.
000.000.000.000
我认为原因在于此页面的一部分(由父域签名):
https://datatracker.ietf.org/doc/html/rfc6376#section-3.10
如果我的想法正确!有人能提供 SPF 记录的正确格式吗?
如果我错了!我希望有人能帮我弄清楚发生了什么
答案1
在其他人的帮助下我成功解决了这个问题...谢谢大家。注意:邮件服务器 IP 是 000.000.000.000 ERP 服务器 IP 是 111.111.111.111 显示的问题原因:550-5.7.26 由于域的 DMARC 策略,来自 example.com 的未经身份验证的电子邮件不被接受但 DKIM 和 DMARC 不是修复的目标。
问题的根本原因:ERP 失败[电子邮件保护]指定 111.111.111.111 (ERP 的 IP 地址) 不被允许,发送者)[电子邮件保护]
如何解决:1-更新 ERP“send-email.php”文件中的代码
$config = Array(
'protocol' => 'smtp',
'smtp_host' => 'mail.example.com',
'smtp_port' => 465,
'smtp_user' => '[email protected]',
'smtp_pass' => 'password',
'charset'=>'utf-8',
'validate'=>TRUE,
'wordwrap'=> TRUE,
'dkim_domain' => 'example.com',
'dkim_selector' => 'mail',
2- 为 ERP 服务器上的邮件服务守护程序配备中继发送功能,如下面的教程所示。 https://www.bonusbits.com/wiki/HowTo:Configure_SendMail_to_Use_SMTP_Relay
4- 更新托管公司 Cpanel 中的 DNS 记录以适应所做的修改。
- 在TXT部分更新:
主机记录:@ TXT 值:v=spf1 mx a ip4:000.000.000.000 ip4:111.111.111.111 ~all
并更新:主机记录:邮件 TXT 值:v=spf1 mx a ip4:000.000.000.000 ip4:111.111.111.111 -all
我再次感谢大家在过去几天里提供的信息和做出的努力:)