后缀、转发和 SPF
Postfix, forwarding and SPF
我一直在用 dovecot+postfix 实现转发代理,一切顺利,public IP 是 AAA.AAA.AAA.AAA
xxxxxx.com.ar 有此 SPF 记录
“v=spf1 mx AAA.AAA.AAA.AAA -all”
MX 指向相同的 AAA.AAA.AAA.AAA IP,但是 google(我从 Zoho Mail 收到的报告也少很多但相同)正在为错误而烦恼? DMARC 拒绝:
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
<org_name>google.com</org_name>
<email>noreply-dmarc-support@google.com</email>
<extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
<report_id>733545798811562331</report_id>
<date_range>
<begin>1616544000</begin>
<end>1616630399</end>
</date_range>
</report_metadata>
<policy_published>
<domain>xxxxxx.com.ar</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>reject</p>
<sp>reject</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>AAA.AAA.AAA.AAA</source_ip>
<count>4</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
**<spf>fail</spf>**
</policy_evaluated>
</row>
<identifiers>
<header_from>xxxxxx.com.ar</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>xxxxxx.com.ar</domain>
<result>pass</result>
<selector>default</selector>
</dkim>
<spf>
<domain>mail.minte.com.ar</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
最奇怪的事情:看看 google 如何从这个域读取有效的电子邮件:
任何帮助将不胜感激,恐怕 google 将结束标记 AAA.AAA.AAA.AAA 为 SPAMMER
谢谢!!
正如 Zoho 支持团队所说,问题出在 SPF 对齐上。
On analyzing the attached DMARC report, we see that email sent using the source IP "XXX.XXX.XXX.XXX" had passed the SPF & DKIM authentication.
Please be informed that DMARC policy is evaluated based on "SPF authentication & SPF Alignment" or "DKIM authentication & DKIM Alignment".
In the below attached report, we see the SPF Authentication is passed but SPF alignment fails as the From domain "client.com.ar" & Return Path domain "server.com" are different and that's the reason its mentioned as fail.
To know more about DMARC policy,
https://postmarkapp.com/guides/dmarc#how-does-dmarc-work
这是由于后缀应用了 SRS,所以回复是@forwarder-domain.com,因此破坏了 SPF 与发件人域的对齐。
似乎无解
我一直在用 dovecot+postfix 实现转发代理,一切顺利,public IP 是 AAA.AAA.AAA.AAA
xxxxxx.com.ar 有此 SPF 记录 “v=spf1 mx AAA.AAA.AAA.AAA -all”
MX 指向相同的 AAA.AAA.AAA.AAA IP,但是 google(我从 Zoho Mail 收到的报告也少很多但相同)正在为错误而烦恼? DMARC 拒绝:
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
<org_name>google.com</org_name>
<email>noreply-dmarc-support@google.com</email>
<extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
<report_id>733545798811562331</report_id>
<date_range>
<begin>1616544000</begin>
<end>1616630399</end>
</date_range>
</report_metadata>
<policy_published>
<domain>xxxxxx.com.ar</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>reject</p>
<sp>reject</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>AAA.AAA.AAA.AAA</source_ip>
<count>4</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
**<spf>fail</spf>**
</policy_evaluated>
</row>
<identifiers>
<header_from>xxxxxx.com.ar</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>xxxxxx.com.ar</domain>
<result>pass</result>
<selector>default</selector>
</dkim>
<spf>
<domain>mail.minte.com.ar</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
最奇怪的事情:看看 google 如何从这个域读取有效的电子邮件:
任何帮助将不胜感激,恐怕 google 将结束标记 AAA.AAA.AAA.AAA 为 SPAMMER
谢谢!!
正如 Zoho 支持团队所说,问题出在 SPF 对齐上。
On analyzing the attached DMARC report, we see that email sent using the source IP "XXX.XXX.XXX.XXX" had passed the SPF & DKIM authentication. Please be informed that DMARC policy is evaluated based on "SPF authentication & SPF Alignment" or "DKIM authentication & DKIM Alignment". In the below attached report, we see the SPF Authentication is passed but SPF alignment fails as the From domain "client.com.ar" & Return Path domain "server.com" are different and that's the reason its mentioned as fail. To know more about DMARC policy, https://postmarkapp.com/guides/dmarc#how-does-dmarc-work
这是由于后缀应用了 SRS,所以回复是@forwarder-domain.com,因此破坏了 SPF 与发件人域的对齐。
似乎无解