我运行一个 Postfix 服务器,它将一个地址转发到一个 gmail 地址。
# /etc/aliases
localuser: [email protected]
几个月来,这种方法一直有效。但如果发件人的 SPF 记录存在硬失败,则转发将不起作用:
gmail-smtp-in.l.google.com[ said: 550-5.7.26 The
MAIL FROM domain [example.com] has an SPF record with a hard fail 550-5.7.26
policy (-all) but it fails to pass SPF checks with the ip: 550-5.7.26
[...]. To best protect our users from spam and 550-5.7.26
phishing, the message has been blocked. Please visit 550-5.7.26
https://support.google.com/mail/answer/81126#authentication for more 550
5.7.26 information. -
gsmtp (in reply to end of DATA command)
我怎样才能解决这个问题?
答案1
正如OP自己的答案所建议的那样,解决方案是安装postsrsd以重写发件人的“Return‑Path:”标头。
Debian 11 上的这个完整示例对我有用:
apt install postsrsd- 编辑
/etc/default/postsrsd:- 取消注释该行
SRS_EXCLUDE_DOMAINS=并添加您的域,以空格或逗号分隔:SRS_EXCLUDE_DOMAINS=example.com,.example.com,example.org
- 取消注释该行
systemctl restart postsrsd- 编辑
/etc/postfix/main.cf以添加
# Use postsrsd to rewrite the Return-Path: header sender_canonical_maps = tcp:localhost:10001 sender_canonical_classes = envelope_sender recipient_canonical_maps = tcp:localhost:10002 recipient_canonical_classes= envelope_recipient,header_recipient
postfix reload
建议额外安装“Postfix SRS 转发代理”事后转发可能没有必要。它不适合我。查看它的描述,看看你是否需要或想要它。
答案2
我找到了这个解决方案:
我postsrsd通过 apt 安装。
我安装了Postfix SRS 转发代理通过本地编译并将二进制文件复制到/usr/local/bin/postforward。
我改变了文件
# /etc/aliases
someuser: "|/usr/local/bin/postforward -path /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [email protected]"
称呼newaliases。
现在电子邮件获得 SRS 重写:
ARC-Authentication-Results: i=1; mx.google.com;
spf=none (google.com: relayhost.example.com does not designate permitted sender hosts) smtp.mailfrom="[email protected]"
...
Return-Path: <[email protected]>