我在Ubuntu 13.10上设置了dovecot后缀。 我通过节点应用程序发送电子邮件(使用电子邮件模板)。
如果我从[email protected]发送电子邮件到[email protected] ( 电子邮件1 ),spflogging通过。 如果我从[email protected]发送电子邮件到[email protected] ( 电子邮件2 ),spflogging失败。
我的spflogging:
v=spf1 a mx ~all
我已经通过指定IP尝试了一个变体,但是对于电子邮件1和2 ,我得到了相同的pass / softfail。
我已将我的@ mydomain.com电子邮件链接到gmail,所以我可以从那里阅读它们,并从gmail检查标题。
这是电子邮件1的标题,它通过:
Delivered-To: [email protected] Received: by 10.220.131.9 with SMTP id v9csp9729vcs; Thu, 3 Apr 2014 02:07:44 -0700 (PDT) X-Received: by 10.204.243.137 with SMTP id lm9mr3945288bkb.33.1396516062351; Thu, 03 Apr 2014 02:07:42 -0700 (PDT) Return-Path: <[email protected]> Received: from mydomain.com (mydomain.com. [81.4.107.88]) by mx.google.com with ESMTPS id de1si2116722bkc.265.2014.04.03.02.07.41 for <[email protected]> (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 03 Apr 2014 02:07:41 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates 81.4.107.88 as permitted sender) client-ip=81.4.107.88; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 81.4.107.88 as permitted sender) [email protected] Received: from [127.0.0.1] (mydomain [127.0.0.1]) (Authenticated sender: username) by mydomain.com (Postfix) with ESMTPA id 2FE0730A095F for <[email protected]>; Thu, 3 Apr 2014 05:07:41 -0400 (EDT) X-Mailer: Nodemailer (0.6.1; +http://github.com/andris9/nodemailer; smtp/0.3.23) Date: Thu, 03 Apr 2014 09:07:41 GMT Message-Id: <[email protected]> From: [email protected] To: [email protected] Subject: Welcome to mydomain
以下是电子邮件2的标题,该标题失败:
Delivered-To: [email protected] Received: by 10.220.131.9 with SMTP id v9csp9756vcs; Thu, 3 Apr 2014 02:08:20 -0700 (PDT) X-Received: by 10.220.103.141 with SMTP id k13mr2007429vco.25.1396516099631; Thu, 03 Apr 2014 02:08:19 -0700 (PDT) Authentication-Results: mx.google.com; spf=softfail (google.com: best guess record for domain of transitioning [email protected] does not designate <unknown> as permitted sender) [email protected] Received-SPF: softfail (google.com: best guess record for domain of transitioning [email protected] does not designate <unknown> as permitted sender) Received: by 10.220.241.77 with POP3 id ld13mf1851813vcb.12; Thu, 03 Apr 2014 02:08:19 -0700 (PDT) X-Gmail-Fetch-Info: [email protected] 3 mail.mydomain.com 110 support Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from [127.0.0.1] (mydomain [127.0.0.1]) (Authenticated sender: username) by mydomain.com (Postfix) with ESMTPA id 2DF0730A095E for <[email protected]>; Thu, 3 Apr 2014 05:07:41 -0400 (EDT) X-Mailer: Nodemailer (0.6.1; +http://github.com/andris9/nodemailer; smtp/0.3.23) Date: Thu, 03 Apr 2014 09:07:41 GMT Message-Id: <[email protected]> From: [email protected] To: [email protected] Subject: New user signed-up Content-Type: multipart/alternative; boundary="----Nodemailer-0.6.1-?=_1-1396516061189" MIME-Version: 1.0
我不认为问题是发送电子邮件的node.js代码,因为它们都使用相同的传输和login。 这是一个简化但仍然很长的代码版本:
var transport = nodemailer.createTransport("SMTP", { service: "mydomain.com", auth: { user: "username", pass: "password" } }) //THIS EMAIL FAILS SPF CHECK exports.send_new_registration = function(username, email){ emailTemplates(templatesDir, function(err, template) { console.log("Attempting to send email."); if (err) { console.log(err); } else { var locals = { email : email, username :username }; // Send a single email template('new_user', locals, function(err, html, text) { if (err) { console.log(err); } else { transport.sendMail({ from: '[email protected]', to: '[email protected]', subject: "New user signed-up", html: html, // generateTextFromHTML: true, text: text }, function(err, responseStatus) { if (err) { console.log(err); } else { console.log(responseStatus.message); } }); } }); } //THIS EMAIL PASSES SPF CHECK exports.send_confirmation_email = function(email, token){ var link = "https://mydomain.com/email-confirmation/" + token; emailTemplates(templatesDir, function(err, template) { console.log("Attempting to send email."); if (err) { console.log(err); } else { var locals = { link : link }; // Send a single email template('register', locals, function(err, html, text) { if (err) { console.log(err); } else { transport.sendMail({ from: '[email protected]', to: email, subject: "Welcome to mydomain", html: html, // generateTextFromHTML: true, text: text }, function(err, responseStatus) { if (err) { console.log(err); } else { console.log(responseStatus.message); } }); } }); } }); }
我不认为这是相关的,但我还没有得到TLS在Postfix上工作。 我也试图让postfix-policyd-spf-perl工作,但是还没有成功。 当从我自己的帐户发送电子邮件到我自己的帐户时,会添加一个额外的标题。 我猜这是相关的,但我不确定。
作为一个参考,如果我添加check_policy_service unix:private/policy-spf到我的/etc/postfix/main.cf ,我在从[email protected]到[email protected]的邮件中看到的额外的头是:
Received-SPF: softfail (mydomain.com: Sender is not authorized by default to use '[email protected]' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=mydomain.com; identity=mailfrom; envelope- from="[email protected]"; helo="[an_ip]"; client-ip=a_diff_ip
我只是添加这是因为我不知道这是否与谷歌softfail检查有关…
编辑:为了清楚的问题,我不清楚为什么如果我发送电子邮件到一个Gmail帐户,它通过了SPF检查,但如果我发送一个电子邮件到我自己的域,它失败。
SPF不失败。 你误解了结果。
当邮件发送到GMail帐户时,Google正在进行检查(正确)。 谷歌也通过POP3检索时添加检查。 它不知道它来自哪里,因此它是一个软的失败。
我不确定Google为什么要检查POP3检索的电子邮件,但不应该这样做。
您需要将其发送到自己的SPF检查地址,并直接获取,而不是让Google播放标题。