后缀.OpenDmarc 拒绝所有邮件.5.7.1 被 DMARC 政策拒绝 [英] Postfix. OpenDmarc reject all mails. 5.7.1 rejected by DMARC policy

问题描述

我在我的服务器上激活了 opendmarc，但它拒绝了所有电子邮件.我试过用来自谷歌和雅虎的电子邮件发送，但它不起作用

I activated opendmarc on my server but it rejects all emails. I've tried sending with emails from google and yahoo and it doesn't work

知道哪里出了问题吗?

5.7.1 rejected by DMARC policy for remoteserver.domain.ltd
5.7.1 rejected by DMARC policy for yahoo.com
...

/etc/postfix/main.cf

allow_percent_hack = no
milter_default_action = accept
milter_protocol = 2
dmarc_milter = , inet:localhost:8893
#dmarc_milter =
smtpd_milters = inet:localhost:8891 $dmarc_milter
non_smtpd_milters = $smtpd_milters

/etc/opendmarc.conf

AuthservID OpenDMARC
IgnoreHosts /etc/opendmarc/ignore.hosts
PidFile /var/run/opendmarc.pid
RejectFailures true
RequiredHeaders true
Socket inet:8893@localhost
SoftwareHeader true
Syslog true
SyslogFacility mail
UMask 0002
UserID opendmarc:opendmarc
#SPFSelfValidate true
IgnoreHosts /etc/opendmarc/ignore.hosts
HistoryFile /var/run/opendmarc/opendmarc.dat

/etc/opendmarc/ignore.hosts

127.0.0.0/8
::1/128
localhost
192.168.0.0/24

/var/log/mail.log

Oct 16 22:40:14 myserver postfix/smtpd[25265]: connect from remoteserver.domain.ltd[22.22.22.22]
Oct 16 22:40:14 myserver postfix/smtpd[25265]: Anonymous TLS connection established from remoteserver.domain.ltd[22.22.22.22]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 16 22:40:14 myserver postfix/smtpd[25265]: warning: restriction `reject_authenticated_sender_login_mismatch' ignored: no SASL support
Oct 16 22:40:14 myserver postfix/smtpd[25265]: warning: restriction `reject_unauthenticated_sender_login_mismatch' ignored: no SASL support
Oct 16 22:40:14 myserver policyd-spf[25268]: None; identity=helo; client-ip=22.22.22.22; helo=remoteserver.domain.ltd; envelope-from=mail@remoteserver.domain.ltd; receiver=myserver@myserver.ltd
Oct 16 22:40:14 myserver policyd-spf[25268]: Pass; identity=mailfrom; client-ip=22.22.22.22; helo=remoteserver.domain.ltd; envelope-from=mail@remoteserver.domain.ltd; receiver=myserver@myserver.ltd
Oct 16 22:40:14 myserver postgrey[2548]: action=pass, reason=client AWL, client_name=remoteserver.domain.ltd, client_address=22.22.22.22, sender=mail@remoteserver.domain.ltd, recipient=myserver@myserver.ltd
Oct 16 22:40:14 myserver postfix/smtpd[25265]: C878281433: client=remoteserver.domain.ltd[22.22.22.22]
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: replace: header Message-ID: <f4d01e44d05cf2df477efc36b8969112@remoteserver.domain.ltd> from remoteserver.domain.ltd[22.22.22.22]; from=<mail@remoteserver.domain.ltd> to=<myserver@myserver.ltd> proto=ESMTP helo=<remoteserver.domain.ltd>: Message-ID: <f4d01e44d05cf2df477efc36b8969112@remoteserver.domain.ltd>
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: message-id=<f4d01e44d05cf2df477efc36b8969112@remoteserver.domain.ltd>
Oct 16 22:40:14 myserver opendkim[4159]: C878281433: s=mail d=remoteserver.domain.ltd SSL
Oct 16 22:40:14 myserver opendmarc[18621]: C878281433 ignoring Authentication-Results at 0 from myserver.myserver.ltd
Oct 16 22:40:14 myserver opendmarc[18621]: C878281433: remoteserver.domain.ltd fail
Oct 16 22:40:14 myserver postfix/cleanup[25147]: C878281433: milter-reject: END-OF-MESSAGE from remoteserver.domain.ltd[22.22.22.22]: 5.7.1 rejected by DMARC policy for remoteserver.domain.ltd; from=<mail@remoteserver.domain.ltd> to=<myserver@myserver.ltd> proto=ESMTP helo=<remoteserver.domain.ltd>
Oct 16 22:40:14 myserver postfix/smtpd[25265]: disconnect from remoteserver.domain.ltd[22.22.22.22]

/var/run/opendmarc/opendmarc.dat

job 0EC0180962
reporter ptr_remoteserver.ltd
received 1602938133
ipaddr 22.22.22.22
from remoteserver.domain.ltd
mfrom remoteserver.domain.ltd
spf -1
pdomain remoteserver.domain.ltd
policy 16
rua -
pct 100
adkim 114
aspf 114
p 114
sp 0
align_dkim 5
align_spf 5
action 0

netstat -ltnp |grep :8893

tcp        0      0 127.0.0.1:8893          0.0.0.0:*               LISTEN      14990/opendmarc

推荐答案

您似乎在使用 CentOS.

It seems you are using CentOS.

确保您正确设置了 SPF 和 DKIM.你可以按照这个指南:https://www.linuxbabe.com/redhat/set-up-spf-dkim-postfix-centos

Make sure you have SPF and DKIM set up properly. You can follow this guide: https://www.linuxbabe.com/redhat/set-up-spf-dkim-postfix-centos

然后按照本指南设置 OpenDMARC.https://www.linuxbabe.com/redhat/opendmarc-postfix-centos-雷尔

Then follow this guide to set up OpenDMARC. https://www.linuxbabe.com/redhat/opendmarc-postfix-centos-rhel

建议在 /etc/opendmarc.conf 文件中将 SPFSelfValidate 设置为 true，以便 OpenDMARC 在可以时执行 SPF 检查't 在标头中找到 SPF 结果.

It's recommended to set SPFSelfValidate to true in /etc/opendmarc.conf file, so OpenDMARC will perform SPF checks when it can’t find SPF results in the headers.

还建议在 /etc/opendmarc.conf 文件中设置 TrustedAuthservIDs.

It's also recommended to set the TrustedAuthservIDs in /etc/opendmarc.conf file.

TrustedAuthservIDs mail.yourdomain.com

用您真正的 Postfix 主机名替换主机名.这告诉 OpenDMARC 信任 ID 中带有 mail.yourdomain.com 的身份验证结果.当您运行 OpenDKIM 进行 DKIM 验证时，这是必需的.如果 Postfix 主机名未包含在 TrustedAuthservID 中，则 OpenDMARC 可能会忽略 OpenDKIM 生成的 Authentication-Results 标头.

Replace the hostname with your real Postfix hostname. This tells OpenDMARC to trust authentication result with mail.yourdomain.com in the ID. This is needed when you have OpenDKIM running to do DKIM verification. If the Postfix hostname isn’t included in the TrustedAuthservIDs, then OpenDMARC might ignore the Authentication-Results header generated by OpenDKIM.

这篇关于后缀.OpenDmarc 拒绝所有邮件.5.7.1 被 DMARC 政策拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！