我使用Postfix作为我的应用程序的邮件服务器。我为我的邮件域设置了TLS,DKIM,SPF和TXT记录,即; mail.xyz.com。此邮件域指向Postfix服务器。
问题是,如果我使用我的域名的某些邮件ID发送电子邮件,例如riky@xyz.com,它运行良好,邮件将被发送到任何邮件服务器,如Gmail或Yahoo等。但如果我发送邮件形式的其他域邮件ID如riky@gmail.com邮件出现时警告签名发件人是垃圾邮件发送者或有时邮件未送达我收到邮件服务器未授权的邮件faliure消息使用riky@gmail.com或riky@yahoo.com发送邮件
我做了一些研究,并了解了SPF,TXT,DKIM和TLS。我已将所有这些添加到所需的服务器,但问题仍然存在。
亚马逊SES或其他一些电子邮件API以某种方式对此进行了管理,以便我们可以从其他邮件ID发送邮件,并且邮件会显示在收件箱中,如下所示: xxxx@greymeter.in来自amazonses.com
任何人都可以帮助我,因为它已成为我们面临的最大挑战。
我的main.cf是:
$# nano /etc/postfix/main.cf
GNU nano 2.0.9 File: /etc/postfix/main.cf
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
#local_recipient_maps =
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# The data_directory parameter specifies the location of Postfix-writable
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
myhostname = mail.xyz.com
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
mydomain =xyz.com
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
# Enable IPv4, and IPv6 if supported
inet_protocols = all
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
proxy_interfaces = 10.2.11.292, 120.18.12.73, 18.75.58.218
#proxy_interfaces = 1.2.3.4
unknown_local_recipient_reject_code = 550
#relay_domains = $mydestination
relay_domains =
#smtpd_use_tls = yes
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
smtpd_banner = mail.xyz.com ESMTP
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no
#
sample_directory = /usr/share/doc/postfix-2.6.6/samples
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
#For TLS set up For xyz.com
# TLS parameters
smtpd_tls_CAfile = /etc/postfix/tls/xyz_com.crt
smtpd_tls_cert_file = /etc/postfix/tls/xyz_com.crt
smtpd_tls_key_file = /etc/postfix/tls/xyz_com.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_CAfile = /etc/postfix/tls/xyz_com.crt
smtp_tls_cert_file = /etc/postfix/tls/xyz_com.crt
smtp_tls_key_file = /etc/postfix/tls/xyz_com.key
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
# TLS end
# Added 16 April,2015
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
# Added for DKIM
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
#milter_protocol = 2
早期回应将受到高度赞赏。
由于
答案 0 :(得分:0)
简单地说,你不能做你想做的事。
您试图说明您的服务器有权发送电子邮件作为Yahoo或Gmail地址,而不是雅虎或Google的授权。如果允许这样做,那么任何人都可以站起来一个SMTP服务器并发送伪装成任何Yahoo或Gmail地址的电子邮件(或者就此而言,任何其他电子邮件地址)。这就是网络钓鱼,这是一件非常糟糕的事情。
如上所述,亚马逊SES可以(有点)侥幸逃脱。但即使这个漏洞正在关闭,因为更多的大型发件人采用DMARC阻止这种网络钓鱼邮件。有了DMARC p =拒绝政策,甚至亚马逊SES电子邮件也会被退回。大型电子邮件服务提供商(如亚马逊SES)目前正在调整这些反网络钓鱼标准。
您最好的选择是专门从您控制的域发送电子邮件,并将其视为技术限制。