我在 VPS 上安装了 Postfix 和 Dovecot,并配置为将邮件转发到 Gmail 地址,并接受来自 gmail 的 smtp 请求,以便它可以代表该域发送。TLS 和身份验证正在工作,电子邮件正在到达,MX 域、SPR、DKIM、SPF,所有配置和工作。
但是,我只能向自己和少数域发送电子邮件。例如:
This is the mail system at host tomjn.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<matt@geekmatt.com>: host dc-cd3425bc.geekmatt.com[87.106.180.26] said:
550-Verification failed for <contact@tomjn.com> 550-The mail server could
not deliver mail to contact@tomjn.com. The account or domain may not
exist, they may be blacklisted, or missing the proper dns entries. 550
Sender verify failed (in reply to RCPT TO command)
Final-Recipient: rfc822; matt@geekmatt.com
Original-Recipient: rfc822;matt@geekmatt.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; dc-cd3425bc.geekmatt.com
Diagnostic-Code: smtp; 550-Verification failed for <contact@tomjn.com> 550-The
mail server could not deliver mail to contact@tomjn.com. The account or
domain may not exist, they may be blacklisted, or missing the proper dns
entries. 550 Sender verify failed
我不确定如何继续。这是远程服务器拒绝我的吗?我对远程服务器说不?
我查了一下地址验证,发现了这个:
然而,它是模棱两可的,当它说收件人是在谈论接收电子邮件的远程服务器吗?我的服务器收到验证请求?远程服务器收到验证请求?它是指电子邮件的发件人还是验证请求的发件人?它没有明确说明。谷歌搜索导致了几个问题的答案,例如“这是一个坏主意,每个人都应该停止使用它”,对于解决由于使用我不使用的东西(例如 SRS )引起的问题的人。
发送到 check-auth@verifier.port25.com 的电子邮件没有得到回应。
这是我用于 postfix 的 main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
readme_directory = no
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_auth_enable = yes
smtpd_helo_required = yes
#smtpd_pw_server_security_options = cram-md5,digest-md5,login,plain
#content_filter = smtp-amavis:[127.0.0.1]:10024
#smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated
smtpd_client_restrictions =
permit_mynetworks
permit_sasl_authenticated
REJECT
virtual_transport = lmtp:unix:private/dovecot-lmtp
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = tomjn.com
virtual_alias_domains = tomjn.com tomjn.co.uk
#alias_maps =
#alias_database = hash:/etc/aliases
myorigin = /etc/mailname
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
#mydestination = localhost.com, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 216.239.32.0/19 64.233.160.0/19 66.249.80.0/20 72.14.192.0/18 209.85.128.0/17 66.102.0.0/20 74.125.0.0/16 64.18.0.0/20 207.126.144.0/20 173.194.0.0/16 [2001:4860:4000::]/36 [2404:6800:4000::]/36 [2607:f8b0:4000::]/36 [2800:3f0:4000::]/36 [2a00:1450:4000::]/36 [2c0f:fb50:4000::]/36
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
旁注:是的,我知道谷歌应用程序,是的 DNS 配置正确,不,我只将 Dovecot 用于 TLS,而不是 IMAP/POP3,是的,存在 matt@geekmatt.com
是的,它被称为发件人验证。验证是由 geekmatt.com 邮件服务器完成的,而不是您的。根据错误消息,我可以得出结论
550-Verification failed for <contact@tomjn.com> 550-The mail server could
not deliver mail to contact@tomjn.com. The account or domain may not
exist, they may be blacklisted, or missing the proper dns entries. 550
Sender verify failed
是出口标准错误消息。
顺便说一句,并非所有发件人验证都不好。为了说明,我假设您想从 example.com 发送电子邮件到 example.net
在基本级别,example.net 邮件服务器必须验证发件人域是否存在。如果邮件服务器在此级别拒绝了您的电子邮件,则您的域有 1) 没有 DNS MX 和没有 DNS A 记录,或 2) 格式错误的 MX 记录,例如具有零长度 MX 主机名的记录。在 postfix 中,等效参数是reject_unknown_sender_domain
在高级级别,邮件服务器将尝试检查发件人地址是否存在。基本上,在接受您的电子邮件之前,example.net 邮件服务器将尝试telnet 到您的邮件服务器而不发送任何电子邮件。由于几个原因,这种检查被认为是错误的。
现在,看起来域 tomjn.com 在基本级别上未能遵守发件人验证。这里是tomjn.com的MX记录
% dig tomjn.com MX +short
1 178.62.28.136.tomjn.com.
% dig 178.62.28.136.tomjn.com
; <<>> DiG 9.9.5 <<>> 178.62.28.136.tomjn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, **status: NXDOMAIN,** id: 52812
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;178.62.28.136.tomjn.com. IN A
;; AUTHORITY SECTION:
tomjn.com. 1800 IN SOA NS1.DIGITALOCEAN.com. hostmaster.tomjn.com. 1410110590 3600 900 1209600 1800
在那里,您的 MX 记录没有有效的 A 记录。因此 geekmatt.com 拒绝您的电子邮件。
解决方案:修复您的 MX 记录
| 归档时间: |
|
| 查看次数: |
7850 次 |
| 最近记录: |