我面临以下问题: 我的网站有联系表格。人们通过联系表格联系我。每次发送联系表格后我都会收到一封电子邮件。大约一周以来,Outlook 会将我自己的电子邮件(从我的网站发送)标记为垃圾邮件。
这些电子邮件的标题有:
tests=ALL_TRUSTED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_REPLYTO,URIBL_BLOCKED autolearn=no
这个问题的主要目的:
退出URIBL_BLOCKED列表并让 spamassassin 不添加URIBL_BLOCKED标题。
以下是我的故障排除:
我的resolve.conf有:
# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 62.149.128.4
nameserver 62.149.132.4
nameserver 2001:4860:4860::8888
有人告诉我,原因可能是 DNS 问题。许多黑名单服务不允许来自免费 DNS 服务器的查询,这可能包括我的 VPS 提供商使用的 DNS。
对于电子邮件服务器,我被建议使用自己的递归解析器。例如Unbound。
这就是我决定选择的原因Unbound。
我安装了Unbound。它的配置是:
]# cat /etc/unbound/unbound.conf | egrep -v "^\s*(#|$)"
server:
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 4
interface: 0.0.0.0
interface-automatic: no
port: 53
so-reuseport: yes
ip-transparent: yes
cache-max-ttl: 86400
do-ip4: yes
do-udp: yes
do-tcp: yes
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
chroot: ""
username: "unbound"
directory: "/etc/unbound"
log-time-ascii: yes
pidfile: "/var/run/unbound/unbound.pid"
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
unwanted-reply-threshold: 10000000
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
module-config: "ipsecmod validator iterator"
trust-anchor-signaling: yes
trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-clean-additional: yes
val-permissive-mode: no
val-log-level: 1
include: /etc/unbound/local.d/*.conf
ipsecmod-enabled: no
ipsecmod-hook: "/usr/libexec/ipsec/_unbound-hook"
python:
remote-control:
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
include: /etc/unbound/conf.d/*.conf
现在/etc/resolv.conf看起来像:
# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
;nameserver 62.149.128.4
;nameserver 62.149.132.4
;nameserver 2001:4860:4860::8888
nameserver ::1
nameserver 127.0.0.1
options trust-ad
安装 Unbound 之前进行连接测试:
dig ubuntu.com @localhost -> 135 msec
# host -tA 2.0.0.127.multi.uribl.com
安装 Unbound 后进行连接测试:
dig ubuntu.com @localhost -> 0 msec
# host -tA 2.0.0.127.multi.uribl.com
安装Unboud之前的黑名单查询:
2.0.0.127.multi.uribl.com has address 127.0.0.1
安装Unboud后的黑名单查询:
2.0.0.127.multi.uribl.com has address 127.0.0.14
当我跑步时spamd retstart我得到:
# spamd retstart
server socket setup failed, retry 1: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 2: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 3: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 4: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 5: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 6: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 7: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 8: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 9: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
然后我重新启动了整个 VPS 机器并重新运行:
host -tA 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com has address 127.0.0.1
# unbound-control dump_cache日志:
[1651605758] unbound-control[12193:0] warning: control-enable is 'no' in the config file.
[1651605758] unbound-control[12193:0] error: connect: Connection refused for 127.0.0.1
其他日志:
# netstat -antup |grep unbound
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 12181/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 12181/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 12181/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 12181/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 12181/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 11927/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 11927/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 11927/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 11927/unbound
知道我还能做什么来从 uribl 中取消列出吗?
请帮忙
更新: 从我上次在服务器上进行更改后等待了大约 12 个小时,测试的结果是:
# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 62.149.128.122]"
nslookup -q=txt 2.0.0.127.multi.uribl.com
Server: 62.149.128.4
Address: 62.149.128.4#53
Non-authoritative answer:
2.0.0.127.multi.uribl.com text = "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 62.149.128.123]"
Authoritative answers can be found from:
所以看起来我不再在该列表中了……但是 Spamassassin 仍在触发URIBL_BLOCKED规则
根据评论的建议,我修复了resolv.conf文件:新resolv.conf:
#options trust-ad
#; generated by /usr/sbin/dhclient-script
#search localdomain
#nameserver 62.149.128.4
#nameserver 62.149.132.4
#nameserver 2001:4860:4860::8888
nameserver ::1
nameserver 127.0.0.1
options trust-ad