Email
將 dkimproxy 添加到 OpenSMTPD … 發送到我自己的域時的郵件循環
我有一個執行良好的 OpenSMTPD 配置,並在其中添加了 dkimproxy。
一切執行良好,郵件測試器等都報告說我有正確的 DKIM 簽名,我的電子郵件分數是 10/10 等。
問題是 …
如果我嘗試從 user@mydomain.com 向 other_user@mydomain.com 發送電子郵件,則郵件伺服器進入循環並且郵件永遠不會發送。我看到這個
maillog
:Nov 15 08:34:13 mail dkimproxy.out[38686]: DKIM signing - signed; message-id=<4dea9099466e00b7@mail.mydomain.com>, signer=<MAILER-DAEMON@mail.mydomain.com>, from=<MAILER-DAEMON@mail.mydomain.com> Nov 15 08:34:13 mail smtpd[33463]: 4dea90938ef29e98 smtp message msgid=0b62ff80 size=104666 nrcpt=1 proto=ESMTP Nov 15 08:34:13 mail smtpd[33463]: 4dea90938ef29e98 smtp envelope evpid=0b62ff80eb408785 from=<> to=<joey@mydomain.com> Nov 15 08:34:13 mail smtpd[33463]: 4dea9092f4274d88 mta delivery evpid=6fe8c750a74f16ac from=<> to=<joey@mydomain.com> rcpt=<-> source="200.100.240.135" relay="200.100.240.135 (mail.mydomain.com)" delay=1s result="Ok" stat="250 2.0.0 0b62ff80 Message accepted for delivery"
…並且它可能會一遍又一遍地循環 50 次 - 最終它放棄了這個錯誤:
Nov 15 08:34:18 mail smtpd[33463]: warn: loop detected Nov 15 08:34:18 mail smtpd[33463]: 4dea9097226c93aa smtp failed-command command="DATA" result="500 5.4.6 Routing loop detected: Loop detected" Nov 15 08:34:18 mail smtpd[33463]: 4dea90969c6cf495 mta delivery evpid=49514d020281ac48 from=<> to=<joey@mydomain.com> rcpt=<-> source="200.100.240.135" relay="200.100.240.135 (mail.mydomain.com)" delay=1s result="PermFail" stat="500 5.4.6 Routing loop detected: Loop detected"
我不知道問題是什麼。僅當我向自己或在此郵件伺服器上託管的具有此域的其他使用者發送電子郵件時,才會發生這種情況。
# cat dkimproxy_in.conf # specify what address/port DKIMproxy should listen on listen 200.100.240.135:10025 # specify what address/port DKIMproxy forwards mail to relay 200.100.240.135:10026 # cat dkimproxy_out.conf # specify what address/port DKIMproxy should listen on listen 200.100.240.135:10027 # specify what address/port DKIMproxy forwards mail to relay 200.100.240.135:10028 # specify what domains DKIMproxy can sign for (comma-separated, no spaces) domain mydomain.com # specify what signatures to add signature dkim(c=relaxed) signature domainkeys(c=nofws) # specify location of the private key keyfile /root/dkim.private.key # specify the selector (i.e. the name of the key record put in DNS) selector selector1 # control how many processes DKIMproxy uses # - more information on these options (and others) can be found by # running `perldoc Net::Server::PreFork'. #min_servers 5 #min_spare_servers 2
……這就是一切……謝謝。
編輯 - 這是 opensmtpd.conf:
table aliases file:/usr/local/etc/mail/aliases filter check_dyndns phase connect match rdns regex \ { '.*\.dyn\..*', '.*\.dsl\..*' } \ disconnect "550 no residential connections" filter check_rdns phase connect match !rdns \ disconnect "550 no rDNS" filter check_fcrdns phase connect match !fcrdns \ disconnect "550 no FCrDNS" listen on 200.100.240.135 filter { check_dyndns, check_rdns, check_fcrdns } listen on 200.100.240.135 port 10028 tag DKIM listen on 200.100.240.135 port submission action "local_mail" mbox alias <aliases> action "relay_dkim" relay host smtp://200.100.240.135:10027 action "outbound" relay helo mail.mydomain.com match from any mail-from "sensors@mydomain.com" action "local_mail" match tag DKIM for any action "outbound" match for any action "relay_dkim" match from any for domain "mydomain.com" action "local_mail" match for local action "local_mail" match from any auth for any action "outbound" match for any action "outbound"
假設沒有理由將外部介面用於內部流程,則編寫此答案。該問題不包括
pf.conf
在使用環回以外的介面時可能具有與正常郵件處理衝突的設置並且應該具有set skip on lo
或等效配置的配置。
smtpd.conf
:# Verify this is the correct location of aliases, which normally is # located in /etc/mail/aliases. If you have changed aliases # from default, be sure to run newaliases. table aliases file:/usr/local/etc/mail/aliases filter check_dyndns phase connect match rdns regex \ { '.*\.dyn\..*', '.*\.dsl\..*' } \ disconnect "550 no residential connections" filter check_rdns phase connect match !rdns \ disconnect "550 no rDNS" filter check_fcrdns phase connect match !fcrdns \ disconnect "550 no FCrDNS" listen on 127.0.0.1 port 10028 tag DKIM listen on 200.100.240.135 filter \ { check_dyndns, check_rdns, check_fcrdns } listen on 200.100.240.135 port submission action "local_mail" mbox alias <aliases> action "relay_dkim" relay host smtp+notls://127.0.0.1:10027 action "outbound" relay helo mail.mydomain.com match tag DKIM for any action "outbound" match mail-from "sensors@mydomain.com" action "local_mail" match from any for domain "mydomain.com" action "local_mail" match from any auth for any action "outbound" match for local action "local_mail" match for any action "relay_dkim" # I interpret this to be redundant: # match for any action "outbound" # This original configuration line seems nonsensical because # "mail-from" is also "from any", so removed "from any" # match from any mail-from "sensors@mydomain.com" action "local_mail"
儘管
dkimproxy_in.conf
已配置,但目前在收到的消息中沒有對 DKIM 標頭進行身份驗證,因為原始文件中沒有配置smtpd.conf
,所以我沒有添加它。
dkimproxy_in.conf
:# specify what address/port DKIMproxy should listen on listen 127.0.0.1:10025 # specify what address/port DKIMproxy forwards mail to relay 127.0.0.1:10026
dkimproxy_out.conf
:# specify what address/port DKIMproxy should listen on listen 127.0.0.1:10027 # specify what address/port DKIMproxy forwards mail to relay 127.0.0.1:10028 # specify what domains DKIMproxy can sign for (comma-separated, no spaces) domain mydomain.com # specify what signatures to add signature dkim(c=relaxed) signature domainkeys(c=nofws) # specify location of the private key keyfile /root/dkim.private.key # specify the selector (i.e. the name of the key record put in DNS) selector selector1 # control how many processes DKIMproxy uses # - more information on these options (and others) can be found by # running `perldoc Net::Server::PreFork'. #min_servers 5 #min_spare_servers 2