0

我在我的服务器上激活了 opendmarc,但它拒绝了所有电子邮件。我尝试使用来自 google 和 yahoo 的电子邮件发送,但它不起作用

知道有什么问题吗?

5.7.1 rejected by DMARC policy for remoteserver.domain.ltd
5.7.1 rejected by DMARC policy for yahoo.com
...

/etc/postfix/main.cf

allow_percent_hack = no
milter_default_action = accept
milter_protocol = 2
dmarc_milter = , inet:localhost:8893
#dmarc_milter =
smtpd_milters = inet:localhost:8891 $dmarc_milter
non_smtpd_milters = $smtpd_milters

/etc/opendmarc.conf

AuthservID OpenDMARC
IgnoreHosts /etc/opendmarc/ignore.hosts
PidFile /var/run/opendmarc.pid
RejectFailures true
RequiredHeaders true
Socket inet:8893@localhost
SoftwareHeader true
Syslog true
SyslogFacility mail
UMask 0002
UserID opendmarc:opendmarc
#SPFSelfValidate true
IgnoreHosts /etc/opendmarc/ignore.hosts
HistoryFile /var/run/opendmarc/opendmarc.dat

/etc/opendmarc/ignore.hosts

127.0.0.0/8
::1/128
localhost
192.168.0.0/24

/var/log/mail.log

Oct 16 22:40:14 myserver postfix/smtpd[25265]: connect from remoteserver.domain.ltd[22.22.22.22]
Oct 16 22:40:14 myserver postfix/smtpd[25265]: Anonymous TLS connection established from remoteserver.domain.ltd[22.22.22.22]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 16 22:40:14 myserver postfix/smtpd[25265]: warning: restriction `reject_authenticated_sender_login_mismatch' ignored: no SASL support
Oct 16 22:40:14 myserver postfix/smtpd[25265]: warning: restriction `reject_unauthenticated_sender_login_mismatch' ignored: no SASL support
Oct 16 22:40:14 myserver policyd-spf[25268]: None; identity=helo; client-ip=22.22.22.22; helo=remoteserver.domain.ltd; envelope-from=mail@remoteserver.domain.ltd; receiver=myserver@myserver.ltd
Oct 16 22:40:14 myserver policyd-spf[25268]: Pass; identity=mailfrom; client-ip=22.22.22.22; helo=remoteserver.domain.ltd; envelope-from=mail@remoteserver.domain.ltd; receiver=myserver@myserver.ltd
Oct 16 22:40:14 myserver postgrey[2548]: action=pass, reason=client AWL, client_name=remoteserver.domain.ltd, client_address=22.22.22.22, sender=mail@remoteserver.domain.ltd, recipient=myserver@myserver.ltd
Oct 16 22:40:14 myserver postfix/smtpd[25265]: C878281433: client=remoteserver.domain.ltd[22.22.22.22]
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: replace: header Message-ID: <f4d01e44d05cf2df477efc36b8969112@remoteserver.domain.ltd> from remoteserver.domain.ltd[22.22.22.22]; from=<mail@remoteserver.domain.ltd> to=<myserver@myserver.ltd> proto=ESMTP helo=<remoteserver.domain.ltd>: Message-ID: <f4d01e44d05cf2df477efc36b8969112@remoteserver.domain.ltd>
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: message-id=<f4d01e44d05cf2df477efc36b8969112@remoteserver.domain.ltd>
Oct 16 22:40:14 myserver opendkim[4159]: C878281433: s=mail d=remoteserver.domain.ltd SSL
Oct 16 22:40:14 myserver opendmarc[18621]: C878281433 ignoring Authentication-Results at 0 from myserver.myserver.ltd
Oct 16 22:40:14 myserver opendmarc[18621]: C878281433: remoteserver.domain.ltd fail
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: milter-reject: END-OF-MESSAGE from remoteserver.domain.ltd[22.22.22.22]: 5.7.1 rejected by DMARC policy for remoteserver.domain.ltd; from=<mail@remoteserver.domain.ltd> to=<myserver@myserver.ltd> proto=ESMTP helo=<remoteserver.domain.ltd>
Oct 16 22:40:14 myserver postfix/smtpd[25265]: disconnect from remoteserver.domain.ltd[22.22.22.22]

/var/run/opendmarc/opendmarc.dat

job 0EC0180962
reporter ptr_remoteserver.ltd
received 1602938133
ipaddr 22.22.22.22
from remoteserver.domain.ltd
mfrom remoteserver.domain.ltd
spf -1
pdomain remoteserver.domain.ltd
policy 16
rua -
pct 100
adkim 114
aspf 114
p 114
sp 0
align_dkim 5
align_spf 5
action 0

网络统计-ltnp | grep:8893

tcp        0      0 127.0.0.1:8893          0.0.0.0:*               LISTEN      14990/opendmarc
4

1 回答 1

0

看来您正在使用 CentOS。

确保正确设置了 SPF 和 DKIM。您可以遵循本指南:https ://www.linuxbabe.com/redhat/set-up-spf-dkim-postfix-centos

然后按照本指南设置 OpenDMARC。 https://www.linuxbabe.com/redhat/opendmarc-postfix-centos-rhel

建议在/etc/opendmarc.conf文件中将SPFSelfValidate设置为true,以便 OpenDMARC 在无法在标头中找到 SPF 结果时执行 SPF 检查。

还建议在/etc/opendmarc.conf文件中设置TrustedAuthservID 。

TrustedAuthservIDs mail.yourdomain.com

用您的真实 Postfix 主机名替换主机名。这告诉 OpenDMARC 信任 ID 中带有 mail.yourdomain.com 的身份验证结果。当您运行 OpenDKIM 进行 DKIM 验证时,这是需要的。如果 Postfix 主机名未包含在 TrustedAuthservIDs 中,则 OpenDMARC 可能会忽略 OpenDKIM 生成的 Authentication-Results 标头。

于 2020-10-18T15:01:42.437 回答