不久前,我注意到来自我域的电子邮件不会立即由 google 发送,并且我从 google 服务器收到一条 smtp 错误消息。我不记得该消息的确切措辞,但谷歌搜索它,建议我需要设置 SPF 和 DKIP 记录。我做到了。它解决了谷歌不接受电子邮件的问题。然而现在,几周后,它打开了返回电子邮件的闸门。以下是我将域名替换为 mydomain.com 的一个示例
Return-Path: <MAILER-DAEMON>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-172-31-14-136
X-Spam-Level:
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,
RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0
Delivered-To: [email protected]
Received: from mail-wg0-f68.google.com (mail-wg0-f68.google.com [74.125.82.68])
by service.mydomain.com (Postfix) with ESMTPS id B2D5C3CD9
for <[email protected]>; Sun, 1 Mar 2015 04:20:12 +1300 (NZDT)
Authentication-Results: service.mydomain.com; dkim=pass
reason="2048-bit key; unprotected key"
header.d=googlemail.com [email protected] header.b=flcXD2tw;
dkim-adsp=pass; dkim-atps=neutral
Received: by wghb13 with SMTP id b13so6428727wgh.2
for <[email protected]>; Sat, 28 Feb 2015 07:20:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlemail.com; s=20120113;
h=mime-version:from:to:subject:message-id:date:content-type;
bh=thNUSyqg9cxzoVV3wQQPzs5jLQUlj/POqhrDqY/p1+s=;
b=flcXD2tw+G6XLYhwGlNqRunKXmEqanLfLfxserILW3WU+m5ezqkCcQFIeYEHAoIznM
QVIbSv2NWM9ypPc7iEVESIYUv2b2jBYz1kU46U+qZPYx7Gdw57RbZ7PgfnQpKcfoc101
eVbgX+vb5y9oIxIs6yjr9ggnoMn2/5P2UxdlF9QOY9ATaRHmLPupfTJHrdgzBPV696rR
033d6A6a8lFQRR9ReN4OKHHVNrwiiZpmSo0E8lAp+aU2VPrnQSK0fzFr5qdz3ZpVI7hl
c162Q9P+5uGggaSz70xc1vDaQRg3Ch7axLL3YGNSZjqkQGBEYOvCEyLgnYcPucvqPDpx
jiXQ==
X-Received: by 10.180.91.79 with SMTP id cc15mr9706181wib.37.1425136810420;
Sat, 28 Feb 2015 07:20:10 -0800 (PST)
MIME-Version: 1.0
Received: by 10.180.91.79 with SMTP id cc15mr6423807wib.37; Sat, 28 Feb 2015
07:20:10 -0800 (PST)
From: Mail Delivery Subsystem <[email protected]>
To: [email protected]
X-Failed-Recipients: [email protected]
Subject: Delivery Status Notification (Failure)
Message-ID: <[email protected]>
Date: Sat, 28 Feb 2015 15:20:10 +0000
Content-Type: text/plain; charset=UTF-8
Delivery to the following recipient failed permanently:
[email protected]
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain gone.bristol.ac.uk by aspmx.l.google.com. [173.194.78.27].
The error that the other server returned was:
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 q6si9283951wic.32 - gsmtp
----- Original message -----
X-Received: by 10.180.91.79 with SMTP id cc15mr9706178wib.37.1425136810390;
Sat, 28 Feb 2015 07:20:10 -0800 (PST)
X-Gm-Message-State: ALoCoQnh7/8Nv8/oHTiqX41mEzEmq5oNlGy3zy9p01XvfZJzOXyug+NN1QL8PqIJE56gTu5omL6Iy8tNn2AMT43KwsrGdBs94LPANr7ogrNhdcQTKEM2z86gPVU+j4dvqeA9AziAbSPqtFZXBhNv4pZmS8GMWor91A==
X-Received: by 10.180.91.79 with SMTP id cc15mr9706170wib.37.1425136810311;
Sat, 28 Feb 2015 07:20:10 -0800 (PST)
Return-Path: <[email protected]>
Received: from mail-we0-f174.google.com (mail-we0-f174.google.com. [74.125.82.174])
by mx.google.com with ESMTPS id ei1si9166190wib.92.2015.02.28.07.20.09
for <[email protected]>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sat, 28 Feb 2015 07:20:09 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 74.125.82.174 as permitted sender) client-ip=74.125.82.174;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 74.125.82.174 as permitted sender) [email protected]
Received: by wevm14 with SMTP id m14so25473931wev.13
for <[email protected]>; Sat, 28 Feb 2015 07:20:09 -0800 (PST)
X-Received: by 10.180.86.227 with SMTP id s3mr16337114wiz.58.1425126758697;
Sat, 28 Feb 2015 04:32:38 -0800 (PST)
X-Received: by 10.180.86.227 with SMTP id s3mr16337091wiz.58.1425126758539;
Sat, 28 Feb 2015 04:32:38 -0800 (PST)
Return-Path: <[email protected]>
Received: from psmtp.com (eu1sys200amx130.postini.com. [207.126.144.199])
by mx.google.com with SMTP id jw7si8639670wid.30.2015.02.28.04.32.24;
Sat, 28 Feb 2015 04:32:36 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 104.220.1.229 as permitted sender) client-ip=104.220.1.229;
Received: from 207.126.147.10 ([104.220.1.229]) by eu1sys200amx130.postini.com ([207.126.147.10]) with SMTP;
Sat, 28 Feb 2015 12:32:35 GMT
Message-ID: <[email protected]>
From: "Charlotte Freeman" <[email protected]>
Subject: Re: Afraid of awkward situations? New ED meds won't let you down!
To: [email protected]
Date: Sat, 28 Feb 2015 18:27:35 +0600
Mime-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit
X-pstn-mail-from: <[email protected]>
X-pstn-levels: (S: 0.00000/ 4.08422 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-dkim: 0 skipped:not-enabled
X-pstn-status: off
X-pstn-nxpr: disp=neutral, [email protected]
X-pstn-nxp: bodyHash=7f565d975b7ab6918b9cc998090b1e19665421b6, headerHash=4e9622b17df37a9b31ee0f1651d42a67c3d3570d, keyName=4, rcptHash=6bfa24bd4d3660f3d9132cffc038b04e7adf948c, sourceip=104.220.1.229, version=1
X-pstn-nxp: bodyHash=7f565d975b7ab6918b9cc998090b1e19665421b6, headerHash=4e9622b17df37a9b31ee0f1651d42a67c3d3570d, keyName=4, rcptHash=6bfa24bd4d3660f3d9132cffc038b04e7adf948c, sourceip=104.220.1.229, version=1
----- End of message -----
谷歌似乎接受并尝试发送来自我的域的垃圾邮件。在我看来,这些电子邮件不是通过我的 smtp 服务器进入系统的,因为电子邮件中没有与它匹配的 ips。看起来这些只是从收件人邮件系统退回到指定为发件人的地址(该地址在我的域中不存在,最终出现在包罗万象的邮箱中)。
我现在一天能收到几百个。这可能是因为我以某种方式错误配置了 SPF 吗?
这是我的 spf 记录:
v=spf1 a mx include:_spf.google.com ~all
我的大部分设置(除了我最近添加的 SPF 和 DKIP)都在这里描述:Postfix/Dovecot permissions on new files in a mailbox)
我相信您遇到的是反向散射电子邮件,请查看维基百科以获取详细说明。简而言之,当有人使用伪造的地址(在这种情况下是您的地址)发送垃圾邮件并且退回邮件发送回您的地址时,就会发生反向散射。许多邮件服务器通过标记他们发送的每封电子邮件来解决这个问题,使用一种称为退回地址标签验证(BATV)的技术,当他们收到退回的电子邮件时,邮件服务器可以判断它是否是以前发送的电子邮件的退回. 如果不是,它会拒绝它或将其标记为垃圾邮件,具体取决于您的配置方式。
查看原始邮件的标题,返回路径设置为您的地址,这意味着如果垃圾邮件发送者的电子邮件未能送达,退回的邮件将发送到您的地址。
Return-Path: <[email protected]>
原始 IP 似乎是 104.220.1.229,在 DNSBL 上进行快速搜索显示该 IP 已被许多人列为垃圾邮件的来源。
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 104.220.1.229 as permitted sender) client-ip=104.220.1.229;
解决方案 - 您可能需要设置 BATV 以防止将来出现此类分散的电子邮件。
除此之外,请查看您的 SPF 条目,您说您不使用 gmail 作为中继,那么为什么要放置 Gmail 的 SPF 记录?SPF 记录旨在添加作为您域的合法电子邮件来源的发件人主机列表。如果您不使用 gmail 进行中继,请将其从您的 SPF 记录中删除。仅在您的 SPF 记录中添加发送主机的 IP。