Email
即使 spf DNs 記錄設置為 softfail,為什麼我的 postfix 會拒絕帶有 spf hardfail 的郵件?
我得到的日誌輸出如下:
"Jul 7 11:23:46 mail policyd-spf[19779]: 550 5.7.23 Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=xyz@gmx.de;ip=<IP>;r=<UNKNOWN> Jul 7 11:23:46 mail postfix/smtpd[19773]: NOQUEUE: reject: RCPT from remotemailserver.de[IP]: 550 5.7.23 <mail@mymailserver.de>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=xyz@gmx.de ;ip=<IP>;r=<UNKNOWN>;; from=<xyz@gmx.de> to=<mail@mymailserver.de> proto=ESMTP helo=<remotemailserver.de>"
我的 policyd-spf.conf 如下所示:
# For a fully commented sample config file see policyd-spf.conf.commented debugLevel = 1 TestOnly = 1 HELO_reject = Fail Mail_From_reject = Fail PermError_reject = False TempError_Defer = False skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
remotemailserver.de 的 spf DNS 記錄如下所示:
subdomain.remotemailserver.de. 508 IN TXT "v=spf1 include:_spf.remotemailserver.de ~all"
到目前為止,我還不是後綴專家,但根據https://manpages.debian.org/testing/postfix-policyd-spf-python/policyd-spf.conf.5.en.html設置
HELO_reject
並且Mail_From_reject
不Fail
應該對傳入的文件進行硬故障處理郵件在~all
spf 記錄上。我哪裡錯了?
這實際上是我的一個誤解。我假設已檢查 remotemailserver.de 的 sfp 條目。但檢查的是 FROM 欄位的郵件伺服器。
在這種情況下,gmx.net 的 sfp 記錄是 -all 記錄,這意味著我遇到了硬故障(正確)。