DKIM 文件域空

gmail 的郵件簽名失敗。不知道為什麼。它通過 Telnet 傳遞，但郵件命令失敗。以下是原始郵件回复：

Delivered-To: user@test.com
Received: by 10.100.177.142 with SMTP id j14csp1917050pjb;
       Tue, 2 May 2017 08:11:12 -0700 (PDT)
X-Received: by 10.200.41.8 with SMTP id y8mr27532431qty.220.1493737872152;
       Tue, 02 May 2017 08:11:12 -0700 (PDT)
Return-Path: <user@mpx.test.com>
Received: from test1.mpx.test.com (ec2-xx-xx-xx-xx.compute-1.amazonaws.com. [xx.xx.xx.xx])
       by mx.google.com with ESMTPS id k43si17514690qta.19.2017.05.02.08.11.12
       for <user@test.com>
       (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
       Tue, 02 May 2017 08:11:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of user@mpx.test.com designates xx.xx.xx.xx as permitted sender) client-ip=xx.xx.xx.xx;
Authentication-Results: mx.google.com;
      dkim=fail header.i=@mpx.test.com;
      spf=pass (google.com: domain of user@mpx.test.com designates xx.xx.xx.xx as permitted sender) smtp.mailfrom=user@mpx.test.com;
      dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=test.com
Received: from mongobkp3.test.local (mongobkp3.test.local [xx.xx.xx.xx]) by test1.mpx.test.com (Postfix) with ESMTP id D18F2611B2 for <user@test.com>; Tue,
 2 May 2017 15:11:11 +0000 (UTC)
X-DKIM: Sendmail DKIM Filter v2.8.3 test11.mpx.test.com D18F2611B2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mpx.test.com; s=ggmx2; t=1493737871; bh=ehVmMHs7ThAQbbHJS1xFhiviXLfcCW/H8SCDhdqpBjk=; h=Date:To:MIME-Version:Content-Type:Content-Transfer-Encoding:
    Message-Id:From; b=nQANMdy69jSkfQW/jOaZqKsN8gLj5GhiH4CQv8NXy5orGi5eqVt4RpBnz2ZVlUdUX
    qrfZGXHR1YufY8Ij0IM6eZvlC8uP4H37N0ItKXkLSLMT2PZb2gkIL/QY+6ToKkkiWO
    n3HTj7HWpdWxIp8uXrLuX03080v38lgPD0nds3lg=
Received: by mongobkp3.test.local (Postfix, from userid 1085) id CC0AE41E78; Tue,

我的 master.cf 看起來像這樣：

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd   -v
#  -o content_filter=dksign
submission inet n       -       n       -       -       smtpd
587       inet  n       -       n       -       -       smtpd   -v
#  -o smtpd_enforce_tls=yes
 -o smtpd_sasl_auth_enable=yes
#  -o content_filter=dksign
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
       -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
 flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -       n       n       -       -       pipe
 flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus     unix  -       n       n       -       -       pipe
 user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
 flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
 flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
 flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

我的 main.cf 看起來像這樣：

# RR: Mon Apr 29, 2013 => added 72.172.71.2/32 to support (LA) Duo VPN
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = test1.mpx.test.com
mydomain = mpx.test.com
masquerade_domains = !jetsetter.com !parkandbond.com !testcity.com !testtaste.com !wsjselect.com !mx.test.com !qatools.test.com test.com $mydomain

mynetworks =
XX.XX.XX.XX
XX.XX.XX.XX
XX.XX.XX.XX
$myhostname
smtpd_delay_reject = yes
smtpd_helo_required = yes
soft_bounce = no
strict_rfc821_envelopes = yes
local_header_rewrite_clients = permit_mynetworks
smtp_generic_maps = pcre:/etc/postfix/generic
unknown_local_recipient_reject_code = 550
broken_sasl_auth_clients = no
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
#smtpd_enforce_tls = no
#smtpd_tls_CAfile = /etc/postfix/cacert.pem
#smtpd_tls_cert_file = /etc/postfix/mx1-cert.pem
#smtpd_tls_key_file = /etc/postfix/mx1-key.pem
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
#tls_random_source = dev:/dev/urandom
#smtpd_tls_security_level = may
mailbox_size_limit = 102400000
message_size_limit = 51200000
queue_minfree = 76800000
smtpd_client_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unknown_client
smtpd_helo_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_invalid_hostname,
 reject_non_fqdn_hostname
smtpd_sender_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unlisted_sender,
 reject_non_fqdn_sender,
 reject_unknown_sender_domain
smtpd_recipient_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unlisted_recipient,
 reject_non_fqdn_recipient,
 reject_unauth_destination,
 reject_unknown_recipient_domain
# check_recipient_access hash:/etc/postfix/filtered_domains
smtpd_data_restrictions =
 permit_mynetworks,
 reject_unauth_pipelining,
 permit_sasl_authenticated
smtpd_end_of_data_restrictions =
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
postscreen_upstream_proxy_protocol = haproxy
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/mail.mpx.test.com.tld.key
smtpd_tls_cert_file = /etc/ssl/certs/mail.mpx.test.com.tld.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtp_tls_security_level = encrypt
smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom

更新！： 如果我複制 smtp_generic_maps，然後 dkim 會通過，但是我的電子郵件中的 from 域顯示為通過我的中繼伺服器發送它的主機。我想知道域映射的工作方式是否有問題：

(.*)@(.*)\.test\.local/        $1@mpx.test.com

經過多次故障排除後，我意識到問題在於映射。當您使用 mailx 從外部客戶端接收到中繼伺服器/etc/postfix/generic的電子郵件時，您可以在文件中映射以將郵件作為您的域發送出去。然而，解決問題的更簡單方法是使用帶有 mailx 的 -r 選項從客戶端發送郵件並將發件人指定為具有您要發送的域的人。例如：

mailx -r testuser@<domainyouwant> -S "test" enduser@<whereever>

這將通過 DKIM 簽名並作為您要發送的使用者發送。

引用自：https://serverfault.com/questions/847819