550-5.7.26 仅 ERP 不接受来自域的未经身份验证的电子邮件

550-5.7.26 仅 ERP 不接受来自域的未经身份验证的电子邮件

我已更新我们的邮件服务器以使用 DMARC。因此,此后我们的 ERP 系统无法向 gmail.com 或 yahoo.com 发送电子邮件,但 Outlook 可以毫无问题地发送电子邮件。

以下是从我的域发送到 Gmail 且安全的电子邮件的标题:

Message ID <[email protected]>

Created at: Fri, Jul 16, 2021 at 11:30 AM (Delivered after 4 seconds)

From: me

To: [email protected]

Subject: Check1

SPF: PASS with IP 000.000.000.000 (mail server IP) Learn more

DKIM: 'PASS' with domain domain.com Learn more

DMARC: 'PASS' Learn more

但是当我们使用下面的代码从我们的 ERP 发送时:

defined('BASEPATH') OR exit('No direct script access allowed');

class SendPO extends CI_Controller {
    var $role,$user,$brand;

    public function __construct()
    {
        parent::__construct();
        $this->load->helper('url');
    }

    public function index(){

        $mailTo = "[email protected]";
        $subject = "Mail check ";
   
        $config = Array(
            'protocol' => 'smtp',
            'smtp_host' => 'mail.example.com',
            'smtp_port' => 465,
            'smtp_user' => '[email protected]',
            'smtp_pass' => 'some-password',
            'charset'=>'utf-8',
            'validate'=>TRUE,
            'wordwrap'=> TRUE,
            'dkim_domain' => 'example.com',
            'dkim_private' => '/home/ubuntu/mail.private',
            'dkim_selector' => 'mail',
            'dkim_passphrase' => '',
        );

        $this->load->library('email', $config);
        $this->email->set_newline("\r\n");
 
        $this->email->from("[email protected]");
        $this->email->cc("[email protected]");
 
        // replace my mail by user it is just for testing
        $this->email->to($mailTo);
        $this->email->subject($subject);

        $msg="Mail check";
        //echo $msg;
        $this->email->message($msg);
        $this->email->set_header('Reply-To', $userMail);
        $this->email->set_mailtype('html');
        $this->email->send();
    }
}
?>

我看到这封邮件“已退回邮件:详情请参阅邮件记录”

The original message was received on Fri, 16 Jul 2021 11:22:05 +0200

来自 erp.domain.com [127.0.0.1]

----- The following addresses had permanent fatal errors -----

(reason: 550-5.7.26 Unauthenticated email from example.com is not accepted due)

----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.26 Unauthenticated email from example.com is not accepted due
<<< 550-5.7.26 to domain's DMARC policy. Please contact the administrator of
<<< 550-5.7.26 example.com domain if this was a legitimate mail. 
Please
<<< 550-5.7.26 visit
<<< 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the
<<< 550 5.7.26 DMARC initiative. g11si7705633pfc.152 - gsmtp

554 5.0.0 服务不可用

Reporting-MTA: dns; erp.domain.com
Received-From-MTA: DNS; erp.domain.com
Arrival-Date: Fri, 16 Jul 2021 11:22:05 +0200

Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.7.26
Remote-MTA: DNS; gmail-smtp-in.l.google.com
Diagnostic-Code: SMTP; 550-5.7.26 Unauthenticated email from example.com is not accepted due
Last-Attempt-Date: Fri, 16 Jul 2021 11:22:05 +0200


Return-Path:
Received: from erp.example.com (erp.example.com [127.0.0.1])
  by erp.example.com (8.15.2/8.15.2/Debian-3) with ESMTP id 16G9M5eY021733;
  Fri, 16 Jul 2021 11:22:05 +0200
Received: (from www-data@localhost)
  by erp.domain.com (8.15.2/8.15.2/Submit) id 16G9M5NP021732;
  Fri, 16 Jul 2021 11:22:05 +0200
X-Authentication-Warning: erp.domain.com: www-data set sender to [email protected] using -f
To: [email protected]
Subject: =?UTF-8?Q?Vendor=20VPO=20Test=20?=
X-PHP-Originating-Script: 0:Email.php
User-Agent: CodeIgniter
Date: Fri, 16 Jul 2021 11:22:05 +0200
From:
Cc: [email protected]
Reply-To:
X-Sender: [email protected]
X-Mailer: CodeIgniter
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="B_ALT_60f14fbd23d53"

我已经做过测试https://www.mail-tester.com/显示 10/10

当我进行测试时https://toolbox.googleapps.com/它显示:

error

DKIM authentication DNS setup.

DKIM technology is used to help detection of unauthorized mail that pretends to be sent out from your domain.
Invalid format of DKIM record.

v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjYVyZyyl6T...

error

SPF must allow Google servers to send mail on behalf of your domain.

Decision SPF fail - not authorized

Record v=spf1 mx a ip4:000.000.000.000 -all

warning

No Google mail exchangers were found. Relay host configuration?

If you intentionally set up a mail server somewhere on your premises that automatically forwards all incoming mail to Google you may disregard this warning. Otherwise - this is a serious configuration error as it causes disruption of mail flow.

0 mail.example.com

info_outline

Effective SPF Address Ranges.
The following IP addresses are taken from the includes and IP4/IP6 directives within this domain's SPF record.

example.com.

000.000.000.000

我认为原因在于此页面的一部分(由父域签名):

https://datatracker.ietf.org/doc/html/rfc6376#section-3.10

如果我的想法正确!有人能提供 SPF 记录的正确格式吗?

如果我错了!我希望有人能帮我弄清楚发生了什么

答案1

在其他人的帮助下我成功解决了这个问题...谢谢大家。注意:邮件服务器 IP 是 000.000.000.000 ERP 服务器 IP 是 111.111.111.111 显示的问题原因:550-5.7.26 由于域的 DMARC 策略,来自 example.com 的未经身份验证的电子邮件不被接受但 DKIM 和 DMARC 不是修复的目标。

问题的根本原因:ERP 失败[电子邮件保护]指定 111.111.111.111 (ERP 的 IP 地址) 不被允许,发送者)[电子邮件保护]

如何解决:1-更新 ERP“send-email.php”文件中的代码

$config = Array(
    'protocol' => 'smtp',
    'smtp_host' => 'mail.example.com',
    'smtp_port' => 465,
    'smtp_user' => '[email protected]',
    'smtp_pass' => 'password',
    'charset'=>'utf-8',
    'validate'=>TRUE,
    'wordwrap'=> TRUE,
    'dkim_domain' => 'example.com',
    'dkim_selector' => 'mail',

2- 为 ERP 服务器上的邮件服务守护程序配备中继发送功能,如下面的教程所示。 https://www.bonusbits.com/wiki/HowTo:Configure_SendMail_to_Use_SMTP_Relay

4- 更新托管公司 Cpanel 中的 DNS 记录以适应所做的修改。

  • 在TXT部分更新:

主机记录:@ TXT 值:v=spf1 mx a ip4:000.000.000.000 ip4:111.111.111.111 ~all

并更新:主机记录:邮件 TXT 值:v=spf1 mx a ip4:000.000.000.000 ip4:111.111.111.111 -all

我再次感谢大家在过去几天里提供的信息和做出的努力:)

相关内容