Php

Postfix/OpenDKIM 未簽名 PHP 發送的電子郵件

  • February 12, 2015

我們為電子郵件安全/可驗證性安裝了 SPF、DKIM 和 DMARC 記錄。

當通過控制台或郵件客戶端(如 Outlook 或 Mac 的 Mail)發送時,它會完全處理並通過所有三個通道。

當通過 Zend Framework 1.12 的 SendMail 函式發送它失敗 (php)。

我們是否在某些時候錯過了配置 php 電子郵件的簽名?我們要查看什麼文件?還是必須有不同的安裝/附加組件?

我們在 Cent OS 6 上使用 OpenDKIM 和 Postfix

後綴 -n 結果:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain
mydomain = example.com
myhostname = server1.example.com
mynetworks = 127.0.0.0/32
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = 
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_mynetworks,  permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_transport = dovecot

這是我從 Port25 電子郵件檢查器得到的結果。除了 zend 時缺少 DKIM 之外,一切都是一樣的。

非 Zend 正常標頭: DKIM 簽名

Return-Path: <darius@example.com>
Received: from server1.example.com (123.123.123.123 (my server ip)) by verifier.port25.com id hrh7ri20i3gm for <check-auth@verifier.port25.com>; Thu, 12 Feb 2015 02:01:13 -0500 (envelope-from <darius@example.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=darius@example.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=darius@example.com
Authentication-Results: verifier.port25.com; dkim=pass (matches From: darius@example.com) header.d=example.com
Authentication-Results: verifier.port25.com; sender-id=pass header.From=darius@example.com
Received: from [111.111.1.111] (cpe-11-11-111-111.socal.res.rr.com [76.94.200.240])
   by server1.example.com (Postfix) with ESMTPSA id 33F233800A9
   for <check-auth@verifier.port25.com.>; Wed, 11 Feb 2015 23:01:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com;
   s=default; t=1423724471;
   bh=qMnrIAg7afoneBTtI0hU9OrDkqChYZOD1f4AUvZtdGw=;
   h=From:Subject:Date:To;
   b=g4lXm/vQ54wq/B0fCAf/U3Hj3hi2N2jojst+5lURCfykwhvzjqCm/Z5VGz3rcu
   MoZCfxEkCI4OyQqW2kch93h93h93j3kbuCg3Pehl2WlgoLJy2S8CMR68ygNU52+P88
   IG/vq2YShK6ctLUxRq4O79IYzKcInRiXuWOtuV3A=
From: Darius <darius@example.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Give me a test result. Thank you.
Message-Id: <68D428E0-84CD-46EC-B326-2FC15BE565AE@example.com>
Date: Wed, 11 Feb 2015 23:01:00 -0800
To: check-auth@verifier.port25.com.
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
X-Mailer: Apple Mail (2.2070.6)

這是標題結果的 Zend 版本: 沒有DKIM 簽名

Return-Path: <apache@example.com>
Received: from server1.example.com (xxx.xxx.xxx.xxx (my server ip)) by verifier.port25.com id hr9du620i3gl for <check-auth-darius=example.com@verifier.port25.com>; Tue, 10 Feb 2015 14:28:35 -0500 (envelope-from <apache@example.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=apache@example.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=noreply@example.com
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=pass header.From=noreply@example.com
Received: by server1.example.com (Postfix, from userid 500)
   id 08E073800AA; Tue, 10 Feb 2015 11:28:25 -0800 (PST)
To: check-auth-darius=example.com@verifier.port25.com
Subject: mydomain Test
X-PHP-Originating-Script: 5004:Sendmail.php
From: mydomain Test <noreply@example.com>
Date: Tue, 10 Feb 2015 11:28:24 -0800
Content-Type: multipart/alternative;
boundary="=_af78e87ff18206603cb724d073777150"
MIME-Version: 1.0
Message-Id: <20150210192825.08E073800AA@server1.example.com>

當通過控制台或郵件客戶端(如 Outlook 或 Mac 的 Mail)發送時,它會完全處理並通過所有三個通道。

此行為是預期的,因為您將此配置放置在main.cf

smtpd_milters = inet:localhost:8891

當通過 Zend Framework 1.12 的 SendMail 函式發送它失敗 (php)。

這種行為也是意料之中的,因為您將此配置放置在main.cf

non_smtpd_milters =

解釋

預設情況下,OpenDKIM 通過milter與 postfix 結合使用。啟用/禁用 milter 應用程序由smtpd_miltersnon_smtpd_milters參數控制。對於通過 smtpd 發送郵件的應用,對應參數為smtpd_milters,對於 sendmail,對應參數為non_smtpd_milters

解決方案

替換non_smtpd_milters =

non_smtpd_milters = inet:localhost:8891

引用自:https://serverfault.com/questions/666993