Email

即使 spf DNs 記錄設置為 softfail,為什麼我的 postfix 會拒絕帶有 spf hardfail 的郵件?

  • July 8, 2021

我得到的日誌輸出如下:

"Jul  7 11:23:46 mail policyd-spf[19779]: 550 5.7.23 Message rejected
due to: SPF fail - not authorized. Please see 
http://www.openspf.net/Why?s=mfrom;id=xyz@gmx.de;ip=<IP>;r=<UNKNOWN>
Jul  7 11:23:46 mail postfix/smtpd[19773]: NOQUEUE: reject: RCPT from
remotemailserver.de[IP]: 550 5.7.23 <mail@mymailserver.de>:
Recipient address rejected: Message rejected due to: SPF fail - not
authorized. Please see http://www.openspf.net/Why?s=mfrom;id=xyz@gmx.de
;ip=<IP>;r=<UNKNOWN>;; from=<xyz@gmx.de> to=<mail@mymailserver.de>
proto=ESMTP helo=<remotemailserver.de>"

我的 policyd-spf.conf 如下所示:

#  For a fully commented sample config file see policyd-spf.conf.commented

debugLevel = 1 
TestOnly = 1

HELO_reject = Fail
Mail_From_reject = Fail

PermError_reject = False
TempError_Defer = False

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

remotemailserver.de 的 spf DNS 記錄如下所示:

subdomain.remotemailserver.de.   508     IN      TXT     "v=spf1 include:_spf.remotemailserver.de ~all"

到目前為止,我還不是後綴專家,但根據https://manpages.debian.org/testing/postfix-policyd-spf-python/policyd-spf.conf.5.en.html設置HELO_reject並且Mail_From_rejectFail應該對傳入的文件進行硬故障處理郵件在~allspf 記錄上。

我哪裡錯了?

這實際上是我的一個誤解。我假設已檢查 remotemailserver.de 的 sfp 條目。但檢查的是 FROM 欄位的郵件伺服器。

在這種情況下,gmx.net 的 sfp 記錄是 -all 記錄,這意味著我遇到了硬故障(正確)。

引用自:https://serverfault.com/questions/1069020