我有一个运行良好的 OpenSMTPD 配置,并且我向其中添加了 dkimproxy。
一切运行良好,邮件测试器等都报告我有正确的 DKIM 签名并且我的电子邮件分数是 10/10,等等。
问题是 ...
如果我尝试发送电子邮件[电子邮件保护]到[电子邮件保护]邮件服务器陷入循环,邮件永远无法发送。我看到了以下情况maillog:
Nov 15 08:34:13 mail dkimproxy.out[38686]: DKIM signing - signed; message-id=<[email protected]>, signer=<[email protected]>, from=<[email protected]>
Nov 15 08:34:13 mail smtpd[33463]: 4dea90938ef29e98 smtp message msgid=0b62ff80 size=104666 nrcpt=1 proto=ESMTP
Nov 15 08:34:13 mail smtpd[33463]: 4dea90938ef29e98 smtp envelope evpid=0b62ff80eb408785 from=<> to=<[email protected]>
Nov 15 08:34:13 mail smtpd[33463]: 4dea9092f4274d88 mta delivery evpid=6fe8c750a74f16ac from=<> to=<[email protected]> rcpt=<-> source="200.100.240.135" relay="200.100.240.135 (mail.mydomain.com)" delay=1s result="Ok" stat="250 2.0.0 0b62ff80 Message accepted for delivery"
... 像这样循环了大概 50 次 - 最终它因这个错误而放弃:
Nov 15 08:34:18 mail smtpd[33463]: warn: loop detected
Nov 15 08:34:18 mail smtpd[33463]: 4dea9097226c93aa smtp failed-command command="DATA" result="500 5.4.6 Routing loop detected: Loop detected"
Nov 15 08:34:18 mail smtpd[33463]: 4dea90969c6cf495 mta delivery evpid=49514d020281ac48 from=<> to=<[email protected]> rcpt=<-> source="200.100.240.135" relay="200.100.240.135 (mail.mydomain.com)" delay=1s result="PermFail" stat="500 5.4.6 Routing loop detected: Loop detected"
我不知道问题是什么。只有当我向自己或托管在此邮件服务器上的此域的其他用户发送电子邮件时才会发生这种情况。
# cat dkimproxy_in.conf
# specify what address/port DKIMproxy should listen on
listen 200.100.240.135:10025
# specify what address/port DKIMproxy forwards mail to
relay 200.100.240.135:10026
# cat dkimproxy_out.conf
# specify what address/port DKIMproxy should listen on
listen 200.100.240.135:10027
# specify what address/port DKIMproxy forwards mail to
relay 200.100.240.135:10028
# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
domain mydomain.com
# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)
# specify location of the private key
keyfile /root/dkim.private.key
# specify the selector (i.e. the name of the key record put in DNS)
selector selector1
# control how many processes DKIMproxy uses
# - more information on these options (and others) can be found by
# running `perldoc Net::Server::PreFork'.
#min_servers 5
#min_spare_servers 2
...这就是全部了...谢谢。
编辑-这是 opensmtpd.conf:
table aliases file:/usr/local/etc/mail/aliases
filter check_dyndns phase connect match rdns regex \
{ '.*\.dyn\..*', '.*\.dsl\..*' } \
disconnect "550 no residential connections"
filter check_rdns phase connect match !rdns \
disconnect "550 no rDNS"
filter check_fcrdns phase connect match !fcrdns \
disconnect "550 no FCrDNS"
listen on 200.100.240.135 filter { check_dyndns, check_rdns, check_fcrdns }
listen on 200.100.240.135 port 10028 tag DKIM
listen on 200.100.240.135 port submission
action "local_mail" mbox alias <aliases>
action "relay_dkim" relay host smtp://200.100.240.135:10027
action "outbound" relay helo mail.mydomain.com
match from any mail-from "[email protected]" action "local_mail"
match tag DKIM for any action "outbound"
match for any action "relay_dkim"
match from any for domain "mydomain.com" action "local_mail"
match for local action "local_mail"
match from any auth for any action "outbound"
match for any action "outbound"
答案1
此答案假设没有理由使用外部接口进行内部处理。问题不包括pf.conf在使用环回以外的接口时可能具有与正常邮件处理冲突的设置且应配置set skip on lo或等效配置的配置。
smtpd.conf:
# Verify this is the correct location of aliases, which normally is
# located in /etc/mail/aliases. If you have changed aliases
# from default, be sure to run newaliases.
table aliases file:/usr/local/etc/mail/aliases
filter check_dyndns phase connect match rdns regex \
{ '.*\.dyn\..*', '.*\.dsl\..*' } \
disconnect "550 no residential connections"
filter check_rdns phase connect match !rdns \
disconnect "550 no rDNS"
filter check_fcrdns phase connect match !fcrdns \
disconnect "550 no FCrDNS"
listen on 127.0.0.1 port 10028 tag DKIM
listen on 200.100.240.135 filter \
{ check_dyndns, check_rdns, check_fcrdns }
listen on 200.100.240.135 port submission
action "local_mail" mbox alias <aliases>
action "relay_dkim" relay host smtp+notls://127.0.0.1:10027
action "outbound" relay helo mail.mydomain.com
match tag DKIM for any action "outbound"
match mail-from "[email protected]" action "local_mail"
match from any for domain "mydomain.com" action "local_mail"
match from any auth for any action "outbound"
match for local action "local_mail"
match for any action "relay_dkim"
# I interpret this to be redundant:
# match for any action "outbound"
# This original configuration line seems nonsensical because
# "mail-from" is also "from any", so removed "from any"
# match from any mail-from "[email protected]" action "local_mail"
尽管dkimproxy_in.conf已配置,但目前没有对收到的消息中的 DKIM 标头进行身份验证,因为原始中没有配置smtpd.conf,所以我没有添加它。
dkimproxy_in.conf:
# specify what address/port DKIMproxy should listen on
listen 127.0.0.1:10025
# specify what address/port DKIMproxy forwards mail to
relay 127.0.0.1:10026
dkimproxy_out.conf:
# specify what address/port DKIMproxy should listen on
listen 127.0.0.1:10027
# specify what address/port DKIMproxy forwards mail to
relay 127.0.0.1:10028
# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
domain mydomain.com
# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)
# specify location of the private key
keyfile /root/dkim.private.key
# specify the selector (i.e. the name of the key record put in DNS)
selector selector1
# control how many processes DKIMproxy uses
# - more information on these options (and others) can be found by
# running `perldoc Net::Server::PreFork'.
#min_servers 5
#min_spare_servers 2