OpenDMARC RFC5322 要求錯誤:不完全是一個日期欄位
我已經為我的企業設置了一個電子郵件伺服器,只要通過 Thunderbird 訪問電子郵件地址,一切都可以正常工作。我有一位員工擁有他們以前擁有的 Outlook 許可證,並且更喜歡使用它。嘗試通過 Outlook 將帳戶連接為 POP3 時,我收到以下日誌消息:
Aug 14 04:04:00 ikana dovecot: pop3(dylan@micro-analysts.com)<240303></Eu1gs6svtFsEUYj>: Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=963 Aug 14 04:04:00 ikana postfix/submission/smtpd[240304]: connect from <employee IP> Aug 14 04:04:00 ikana postfix/submission/smtpd[240304]: Anonymous TLS connection established from <employee IP>: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 14 04:04:00 ikana postfix/submission/smtpd[240304]: ADB8717A1CB: client=<employee IP>, sasl_method=PLAIN, sasl_username=dylan@micro-analysts.com Aug 14 04:04:00 ikana postfix/cleanup[240307]: ADB8717A1CB: message-id=<> Aug 14 04:04:00 ikana opendmarc[229281]: ADB8717A1CB: RFC5322 requirement error: not exactly one Date field Aug 14 04:04:00 ikana postfix/cleanup[240307]: ADB8717A1CB: milter-reject: END-OF-MESSAGE from <employee IP>: 5.7.1 Command rejected; from=<dylan@micro-analysts.com> to=<dylan@micro-analysts.com> proto=ESMTP helo=<{hostname redacted}> Aug 14 04:04:00 ikana postfix/submission/smtpd[240304]: disconnect from <employee IP> ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=0/1 commands=6/7
伺服器是 Ubuntu Server 20.04 映像。我看到 milter 是拒絕連接的原因,但我不確定這將是什麼規則。我目前已經安裝了 Spam Assassin 的簡單安裝,沒有更改規則或分數。
我對 spamass-milter 的配置位於
/etc/default/spamass-milter
:# spamass-milt startup defaults # OPTIONS are passed directly to spamass-milter. # man spamass-milter for details # Non-standard configuration notes: # See README.Debian if you use the -x option with sendmail # You should not pass the -d option in OPTIONS; use SOCKET for that. # Default, use the spamass-milter user as the default user, ignore # messages from localhost # The domain after the -e option is the default domain to use if the user is logging # in/sending mail without a full email address. Otherwise, the domain used by the # client will be passed to spam assassin. OPTIONS="-e maaonline.net -u spamass-milter -i 127.0.0.1 -R 'Blocked for spam'" # Reject emails with spamassassin scores > 15. OPTIONS="${OPTIONS} -r 10" # Do not modify Subject:, Content-Type: or body. #OPTIONS="${OPTIONS} -m" # Scan attachments up to 5MB OPTIONS="${OPTIONS} -- --max-size=5242880" ###################################### # If /usr/sbin/postfix is executable, the following are set by # default. You can override them by uncommenting and changing them # here. ###################################### # SOCKET="/var/spool/postfix/spamass/spamass.sock" # SOCKETOWNER="postfix:postfix" # SOCKETMODE="0660" ######################################
我的垃圾郵件刺客配置位於
/etc/defaut/spamassassin
:# /etc/default/spamassassin # Duncan Findlay # WARNING: please read README.spamd before using. # There may be security risks. # Prior to version 3.4.2-1, spamd could be enabled by setting # ENABLED=1 in this file. This is no longer supported. Instead, please # use the update-rc.d command, invoked for example as "update-rc.d # spamassassin enable", to enable the spamd service. # Options # See man spamd for possible options. The -d option is automatically added. # SpamAssassin uses a preforking model, so be careful! You need to # make sure --max-children is not set to anything higher than 5, # unless you know what you're doing. OPTIONS="--create-prefs --max-children 5 --helper-home-dir --nouser-config --virtual-config-dir=/var/vmail/%d/%l/spamassassin --username=vmail" # Pid file # Where should spamd write its PID to file? If you use the -u or # --username option above, this needs to be writable by that user. # Otherwise, the init script will not be able to shut spamd down. PIDFILE="/var/run/spamd.pid" # Set nice level of spamd #NICE="--nicelevel 15" # Cronjob # Set to anything but 0 to enable the cron job to automatically update # spamassassin's rules on a nightly basis CRON=1
我真的不知道此時 Outlook 正在發送什麼,也不知道為什麼在 Thunderbird 能夠順利登錄帳戶時它會出現問題。
感謝 Michael Hampton 的評論,我已經解決了這個問題:這與我最初認為的垃圾郵件刺客無關。我忘記了 OpenDMARC 本身就是一個 milter,並假設拒絕電子郵件的 milter 是我剛剛設置的那個 - Spam Assassin。事實證明,在添加帳戶或更改現有帳戶的設置時,Outlook 會向正在添加/修改的地址發送預設測試電子郵件,以測試其發送和接收電子郵件的能力。事實證明,這封測試電子郵件沒有
Date
標頭,並且我的 opendmarc 配置RequiredHeaders
設置為true
,導致它拒絕測試電子郵件,因為它違反了 RFC5322。Outlook 沒有在電子郵件中添加目前日期以遵循規範,而是在此測試電子郵件中不包含日期。在 Outlook 上設置帳戶後,它確實包含日期設置,因此,如果您有有限數量的使用者需要使用 Outlook 進行設置,我想您可以禁用 OpenDMARC 的設置,將它們全部設置好,然後然後重新打開它,因為日期應該在所有新電子郵件中。