邮件签名失败的Gmail。 不知道为什么。 它通过Telnet但邮件命令失败。 以下是原始邮件回复:
Delivered-To: [email protected] Received: by 10.100.177.142 with SMTP id j14csp1917050pjb; Tue, 2 May 2017 08:11:12 -0700 (PDT) X-Received: by 10.200.41.8 with SMTP id y8mr27532431qty.220.1493737872152; Tue, 02 May 2017 08:11:12 -0700 (PDT) Return-Path: <[email protected]> Received: from test1.mpx.test.com (ec2-xx-xx-xx-xx.compute-1.amazonaws.com. [xx.xx.xx.xx]) by mx.google.com with ESMTPS id k43si17514690qta.19.2017.05.02.08.11.12 for <[email protected]> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 May 2017 08:11:12 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates xx.xx.xx.xx as permitted sender) client-ip=xx.xx.xx.xx; Authentication-Results: mx.google.com; dkim=fail [email protected]; spf=pass (google.com: domain of [email protected] designates xx.xx.xx.xx as permitted sender) [email protected]; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=test.com Received: from mongobkp3.test.local (mongobkp3.test.local [xx.xx.xx.xx]) by test1.mpx.test.com (Postfix) with ESMTP id D18F2611B2 for <[email protected]>; Tue, 2 May 2017 15:11:11 +0000 (UTC) X-DKIM: Sendmail DKIM Filter v2.8.3 test11.mpx.test.com D18F2611B2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mpx.test.com; s=ggmx2; t=1493737871; bh=ehVmMHs7ThAQbbHJS1xFhiviXLfcCW/H8SCDhdqpBjk=; h=Date:To:MIME-Version:Content-Type:Content-Transfer-Encoding: Message-Id:From; b=nQANMdy69jSkfQW/jOaZqKsN8gLj5GhiH4CQv8NXy5orGi5eqVt4RpBnz2ZVlUdUX qrfZGXHR1YufY8Ij0IM6eZvlC8uP4H37N0ItKXkLSLMT2PZb2gkIL/QY+6ToKkkiWO n3HTj7HWpdWxIp8uXrLuX03080v38lgPD0nds3lg= Received: by mongobkp3.test.local (Postfix, from userid 1085) id CC0AE41E78; Tue, 我的master.cf看起来像这样:
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -v # -o content_filter=dksign submission inet n - n - - smtpd 587 inet n - n - - smtpd -v # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes # -o content_filter=dksign # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - nn - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - nn - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 cyrus unix - nn - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # See the Postfix UUCP_README file for configuration details. # uucp unix - nn - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - nn - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - nn - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
我的main.cf看起来像这样:
# RR: Mon Apr 29, 2013 => added 72.172.71.2/32 to support (LA) Duo VPN queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = test1.mpx.test.com mydomain = mpx.test.com masquerade_domains = !jetsetter.com !parkandbond.com !testcity.com !testtaste.com !wsjselect.com !mx.test.com !qatools.test.com test.com $mydomain mynetworks = XX.XX.XX.XX XX.XX.XX.XX XX.XX.XX.XX $myhostname smtpd_delay_reject = yes smtpd_helo_required = yes soft_bounce = no strict_rfc821_envelopes = yes local_header_rewrite_clients = permit_mynetworks smtp_generic_maps = pcre:/etc/postfix/generic unknown_local_recipient_reject_code = 550 broken_sasl_auth_clients = no smtpd_sasl_application_name = smtpd smtpd_sasl_auth_enable = no smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous #smtpd_enforce_tls = no #smtpd_tls_CAfile = /etc/postfix/cacert.pem #smtpd_tls_cert_file = /etc/postfix/mx1-cert.pem #smtpd_tls_key_file = /etc/postfix/mx1-key.pem #smtpd_tls_received_header = yes #smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache #tls_random_source = dev:/dev/urandom #smtpd_tls_security_level = may mailbox_size_limit = 102400000 message_size_limit = 51200000 queue_minfree = 76800000 smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unlisted_sender, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unlisted_recipient, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_recipient_domain # check_recipient_access hash:/etc/postfix/filtered_domains smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, permit_sasl_authenticated smtpd_end_of_data_restrictions = unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES postscreen_upstream_proxy_protocol = haproxy milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/ssl/private/mail.mpx.test.com.tld.key smtpd_tls_cert_file = /etc/ssl/certs/mail.mpx.test.com.tld.crt smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtp_tls_security_level = encrypt smtpd_tls_loglevel = 1 #smtpd_tls_received_header = yes tls_random_source = dev:/dev/urandom
更新!:如果我复制了smtp_generic_maps,那么dkim通过,但是我的电子邮件中的来自域的域显示为通过我的中继服务器发送的主机。 我想知道是否有什么与域映射如何工作:
(.*)@(.*)\.test\.local/ [email protected]
经过很多故障排除后,我意识到问题在于映射。 当您使用mailx从外部客户端接收到中继服务器的电子邮件时,在/etc/postfix/generic文件中,您可以映射将邮件作为域名发送出去。 但是,解决此问题的更简单方法是使用-x选项与mailx发送来自客户端的邮件,并将发件人指定为具有要发送的域的用户。 例如:
mailx -r testuser@<domainyouwant> -S "test" enduser@<whereever>
这将通过DKIM签名并作为您想要发送的用户发送。
哦,谷歌把他们所需的密钥长度增加到512.你的看起来像128。
编辑:
哦对不起。 128是SSL而不是DKIM。 我的错。
你能捕获邮件客户端之间的对话的文本,并将其与您的远程logintesting的文本进行比较? 这可能是有希望的。
当你说telnet的时候,你是否特意指telnet或者其他什么东西,比如openssl s_client? 如果你的telnettesting是清晰的,而你的邮件客户端使用的是SSL,那么这可能与它有关系吗? 可能不会。 这将是奇怪的。