我在邮件服务器上设置了postfix + SPF。 这是我的/etc/postfix-policyd-spf-python/policyd-spf.conf 。
debugLevel = 3 defaultSeedOnly = 1 HELO_reject = SPF_Not_Pass Mail_From_reject = Fail PermError_reject = False TempError_Defer = False Reject_Not_Pass_Domains = aol.com,hotmail.com, gmail.com, yahoo.com skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
我使用check_client_access和check_sender_access为各种客户端和发件人域设置了reject_unverified_sender 。
但是,我收到以下消息,没有被拒绝。 (我已经编辑了发件人和收件人地址。)
Sep 30 19:36:40 server2 policyd-spf[21248]: None; identity=helo; client-ip=202.212.75.207; helo=mail.saketoba.net; [email protected]; [email protected] Sep 30 19:36:40 server2 policyd-spf[21248]: Softfail; identity=mailfrom; client-ip=202.212.75.207; helo=mail.saketoba.net; [email protected]; [email protected] Sep 30 19:36:40 server2 policyd-spf[21248]: Action: prepend: Text: Received-SPF: Softfail (domain owner discourages use of this host) identity=mailfrom; client-ip=202.212.75.207; helo=mail.saketoba.net; [email protected]; [email protected] Sep 30 19:36:40 server2 postfix/smtpd[20716]: NOQUEUE: reject: RCPT from st2383.nas811.p-tokyo.nttpc.ne.jp[202.212.75.207]: 450 4.1.7 <[email protected]>: Sender address rejected: unverified address: host gmail-smtp-in.l.google.com[74.125.200.27] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail.saketoba.net>
根据我从手册页和在线帮助中Softfail情况, gmail.com的Softfail结果表示阻止在主机202.212.75.207使用客户端。 它是否正确? 如果是这样,为什么不立即拒绝这个消息?
谢谢。
我想我find了原因: gmail.com之前和yahoo.com之前在policyd-spf.conf的Reject_Not_Pass_Domains行。 删除空格后,我用gmail.com拒绝Softfail。 policyd-spf.conf的man页没有提到这个,但是对于“SPF IP白名单”( Whitelist )和“SPF域名白名单( Domain_Whitelist )”,它提到在逗号分隔列表中不应该有空格。