问题描述
我相信我已经在我的sendmail邮件服务器上成功配置了DKIM。但是,当来自该服务器的邮件收件人尝试验证其DKIM时,结果却好坏参半。例如,以下是在我的个人服务器上收到的来自运行opendkim的服务器的消息的标题:
From noreply@ohprs.org Wed Aug 12 00:01:31 2020
Return-Path: <noreply@ohprs.org>
Received: from mail.ohprs.org (mail.ohprs.org [98.102.63.107])
by server.novatec-inc.com (8.15.2/8.15.2) with ESMTPS id 07C41TWv015009
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)
for <mfoley@novatec-inc.com>; Wed,12 Aug 2020 00:01:30 -0400
Authentication-Results: server.novatec-inc.com;
dkim=pass (1024-bit key) header.d=ohprs.org header.i=@ohprs.org header.b=loMw2ZHp
Received: from common.hprs.local ([192.168.0.58])
by mail.hprs.local (8.15.2/8.15.2) with ESMTPS id 07C41SG2018241
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <sysadmin@mail.hprs.local>; Wed,12 Aug 2020 00:01:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ohprs.org;
s=hprsmail; t=1597204889;
bh=N1h2kkntuY1ypSooI+tmDO+9aSkot/zE4XjW0D7Ybos=;
h=Date:From:To:Subject;
b=loMw2ZHpbUOr/ERMQkuQ1KmoP7Qu24pai9bHk78UbFK5hVRH7NJP+GWcAFKgwIWZI
h4abdevU76fkRHq9P81PS1OqKXSrv4FrjBxKGAk36Esaj9s+rTqOGC5wezCCVIfblH
LHOH2Uo+RhqvYZmMPJoom2rS9hrqIqKqfbmw/o8M=
Received: from common.hprs.local (localhost [127.0.0.1])
by common.hprs.local (8.15.2/8.15.2) with ESMTP id 07C41SxQ031669
for <sysadmin@common.hprs.local>; Wed,12 Aug 2020 00:01:28 -0400
Received: (from root@localhost)
by common.hprs.local (8.15.2/8.15.2/Submit) id 07C41Sdb031667
for sysadmin; Wed,12 Aug 2020 00:01:28 -0400
这是“ dkim = pass”。该消息是由主机common.hprs.local发送的,该主机是192.168.0.0/24子网上的Linux主机。它使用mail.hprs.local(192.168.0.2)作为SMART_HOST,因此此消息是通过该服务器路由的。还要注意,它指定noreply@ohprs.org作为回复地址。 common.hprs.local的sendmail.mc具有:
MASQUERADE_AS(`ohprs.org')
FEATURE(`masquerade_envelope')
FEATURE(`masquerade_entire_domain')
现在,以下是直接从主机mail.ohprs.org发送的消息(实际上是运行opendkim的消息,应该是DKIM TXT记录所引用的消息):
From noreply@ohprs.org Sun Aug 16 12:42:11 2020
Return-Path: <noreply@ohprs.org>
Received: from mail.ohprs.org (mail.ohprs.org [98.102.63.107])
by server.novatec-inc.com (8.15.2/8.15.2) with ESMTPS id 07GGgAbd015207
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)
for <mfoley@novatec-inc.com>; Sun,16 Aug 2020 12:42:10 -0400
Authentication-Results: server.novatec-inc.com;
dkim=fail reason="signature verification Failed" (1024-bit key) header.d=ohprs.org header.i=@ohprs.org header.b=WaIQbsoS
Received: from mail.hprs.local (localhost [127.0.0.1])
by mail.hprs.local (8.15.2/8.15.2) with ESMTPS id 07GGg9jM015260
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <sysadmin@mail.hprs.local>; Sun,16 Aug 2020 12:42:09 -0400
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99.2 at mail
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ohprs.org;
s=hprsmail; t=1597596129;
bh=Be30ywlNvCV9FnZuPw8Yh2Gxy7fH76e6jeY7IVlhkT0=;
h=Date:From:To:Subject;
b=WaIQbsoS3P0FQB5knVddCuC72huJW0a0PVEad3rjY60r7Gkl7IlZXsbUH2KBgPJVs
QgyShnO1YAbzIlmNfqfCIaV0rJSKB0Xabmr3OnIVYjyogbu+gdegk3kf6PN+jU2Ucm
z/9FTCof/eBjT+ViTfH3xpWNzribuoC5ovAdtqaI=
Received: (from root@localhost)
by mail.hprs.local (8.15.2/8.14.9/Submit) id 07GGg94V015259
for sysadmin; Sun,16 Aug 2020 12:42:09 -0400
该服务器的公共FDQN是mail.ohprs.org。请注意,它具有“ dkim = fail”。为什么?
我的/etc/opendkim.conf是:
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain ohprs.org
Selector hprsmail
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
mode sv
PidFile /var/run/opendkim/opendkim.pid
Socket inet:8891@localhost
ReportAddress sysadmin@ohprs.org
SendReports yes
UserID opendkim:opendkim
为什么novatec-inc.com上的接收服务器能够为192.168.0.0/24子网中使用mail.hprs.local(192.168.0.2)作为SMART_HOST的主机验证DKIM,但是直接发送消息来自主机mail.hprs.local(mail.ohprs.org)的验证失败,即使该主机运行的是opendkim?
还要注意,在https://mxtoolbox.com/dkim.aspx上,带有选择器hprsdmail的ohprs.org会进行验证。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)