问题描述
我在服务器上激活了opendmarc,但它拒绝所有电子邮件。 我尝试使用Google和yahoo的电子邮件进行发送,但不起作用
有什么想法吗?
5.7.1 rejected by DMARC policy for remoteserver.domain.ltd
5.7.1 rejected by DMARC policy for yahoo.com
...
/etc/postfix/main.cf
allow_percent_hack = no
milter_default_action = accept
milter_protocol = 2
dmarc_milter =,inet:localhost:8893
#dmarc_milter =
smtpd_milters = inet:localhost:8891 $dmarc_milter
non_smtpd_milters = $smtpd_milters
/etc/opendmarc.conf
AuthservID OpenDMARC
IgnoreHosts /etc/opendmarc/ignore.hosts
PidFile /var/run/opendmarc.pid
RejectFailures true
RequiredHeaders true
Socket inet:8893@localhost
SoftwareHeader true
Syslog true
SyslogFacility mail
UMask 0002
UserID opendmarc:opendmarc
#SPFSelfValidate true
IgnoreHosts /etc/opendmarc/ignore.hosts
HistoryFile /var/run/opendmarc/opendmarc.dat
/etc/opendmarc/ignore.hosts
127.0.0.0/8
::1/128
localhost
192.168.0.0/24
/var/log/mail.log
Oct 16 22:40:14 myserver postfix/smtpd[25265]: connect from remoteserver.domain.ltd[22.22.22.22]
Oct 16 22:40:14 myserver postfix/smtpd[25265]: Anonymous TLS connection established from remoteserver.domain.ltd[22.22.22.22]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 16 22:40:14 myserver postfix/smtpd[25265]: warning: restriction `reject_authenticated_sender_login_mismatch' ignored: no SASL support
Oct 16 22:40:14 myserver postfix/smtpd[25265]: warning: restriction `reject_unauthenticated_sender_login_mismatch' ignored: no SASL support
Oct 16 22:40:14 myserver policyd-spf[25268]: None; identity=helo; client-ip=22.22.22.22; helo=remoteserver.domain.ltd; envelope-from=mail@remoteserver.domain.ltd; receiver=myserver@myserver.ltd
Oct 16 22:40:14 myserver policyd-spf[25268]: Pass; identity=mailfrom; client-ip=22.22.22.22; helo=remoteserver.domain.ltd; envelope-from=mail@remoteserver.domain.ltd; receiver=myserver@myserver.ltd
Oct 16 22:40:14 myserver postgrey[2548]: action=pass,reason=client AWL,client_name=remoteserver.domain.ltd,client_address=22.22.22.22,sender=mail@remoteserver.domain.ltd,recipient=myserver@myserver.ltd
Oct 16 22:40:14 myserver postfix/smtpd[25265]: C878281433: client=remoteserver.domain.ltd[22.22.22.22]
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: replace: header Message-ID: <f4d01e44d05cf2df477efc36b8969112@remoteserver.domain.ltd> from remoteserver.domain.ltd[22.22.22.22]; from=<mail@remoteserver.domain.ltd> to=<myserver@myserver.ltd> proto=ESMTP helo=<remoteserver.domain.ltd>: Message-ID: <f4d01e44d05cf2df477efc36b8969112@remoteserver.domain.ltd>
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: message-id=<f4d01e44d05cf2df477efc36b8969112@remoteserver.domain.ltd>
Oct 16 22:40:14 myserver opendkim[4159]: C878281433: s=mail d=remoteserver.domain.ltd SSL
Oct 16 22:40:14 myserver opendmarc[18621]: C878281433 ignoring Authentication-Results at 0 from myserver.myserver.ltd
Oct 16 22:40:14 myserver opendmarc[18621]: C878281433: remoteserver.domain.ltd fail
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: milter-reject: END-OF-MESSAGE from remoteserver.domain.ltd[22.22.22.22]: 5.7.1 rejected by DMARC policy for remoteserver.domain.ltd; from=<mail@remoteserver.domain.ltd> to=<myserver@myserver.ltd> proto=ESMTP helo=<remoteserver.domain.ltd>
Oct 16 22:40:14 myserver postfix/smtpd[25265]: disconnect from remoteserver.domain.ltd[22.22.22.22]
/var/run/opendmarc/opendmarc.dat
job 0EC0180962
reporter ptr_remoteserver.ltd
received 1602938133
ipaddr 22.22.22.22
from remoteserver.domain.ltd
mfrom remoteserver.domain.ltd
spf -1
pdomain remoteserver.domain.ltd
policy 16
rua -
pct 100
adkim 114
aspf 114
p 114
sp 0
align_dkim 5
align_spf 5
action 0
netstat -ltnp | grep:8893
tcp 0 0 127.0.0.1:8893 0.0.0.0:* LISTEN 14990/opendmarc
解决方法
似乎您正在使用CentOS。
确保正确设置了SPF和DKIM。您可以按照以下指南进行操作:https://www.linuxbabe.com/redhat/set-up-spf-dkim-postfix-centos
然后按照本指南设置OpenDMARC。 https://www.linuxbabe.com/redhat/opendmarc-postfix-centos-rhel
建议在 /etc/opendmarc.conf 文件中将 SPFSelfValidate 设置为 true ,因此OpenDMARC将在可能的情况下执行SPF检查。在标题中找不到SPF结果。
还建议在 /etc/opendmarc.conf 文件中设置 TrustedAuthservIDs 。
TrustedAuthservIDs mail.yourdomain.com
用真实的Postfix主机名替换主机名。这告诉OpenDMARC信任ID中的mail.yourdomain.com的身份验证结果。当您运行OpenDKIM来执行DKIM验证时,这是必需的。如果Postfix主机名未包含在TrustedAuthservID中,则OpenDMARC可能会忽略OpenDKIM生成的Authentication-Results标头。