即使定义了SPF记录，也始终不获取任何(没有SPF记录)

Question

我正在尝试为我的域创建SPF记录，并使我的邮件服务器能够评估它。我使用邮件服务器上的Postfix和policyd (Python)来评估记录。目前，我已经通过我的私有DNS服务器为我的域发布了一个SPF记录，您可以使用nslookup命令在服务器上看到该记录。

我目前遇到的问题是，无论我发布的SPF记录如何，都在电子邮件头中返回“无(无SPF记录)”。我正在寻找一个传球或失败，以便我可以相应地修正记录，但它似乎没有评估它在这一点上。任何帮助都将不胜感激！

我已经尝试以几种不同的格式(如下所示)为web1和mail.example.com发布了几个不同的记录(在不同的时间)，但我认为这是一个配置问题。IP地址"XXX.XX.XX.XXX“指向"web1”主机，地址"YYY.YY.YY.YY“指向"mail.example.com”主机，即邮件服务器。

mail.example.com。在TXT "v=spf1 include:mail.example.com -all“中 mail.example.com。在TXT中"v=spf2.0/pra include:mail.example.com -all“ mail.example.com。在TXT "v=spf1 a ip4:XXX.XX.XX.XXX -all“中 mail.example.com。在TXT中"v=spf2.0/pra a ip4:XXX.XX.XX.XXX -all“ example.com。在TXT "v=spf1 -all“中 mail.example.com。在TXT中"v=spf1 a include:web1 1 -all“ mail.example.com。在TXT "v=spf1 a ip4:YYY.YY.YY.YY -all“中

下面是我试图发送电子邮件时的日志输出：

Apr  5 09:17:33 mail postfix/smtpd[9114]: connect from web1[XXX.XX.XX.XXX]
Apr  5 09:17:33 mail policyd-spf[9119]: Starting
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "request=smtpd_access_policy"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "protocol_state=RCPT"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "protocol_name=ESMTP"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "client_address=XXX.XX.XX.XXX"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "client_name=web1"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "reverse_client_name=web1"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "helo_name=web1"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "sender=noreply@mail.example.com"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "recipient=bowser@mail.example.com"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "recipient_count=0"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "queue_id="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "instance=239a.5ca7556d.9e4db.0"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "size=0"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "etrn_domain="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "stress="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "sasl_method="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "sasl_username="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "sasl_sender="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "ccert_subject="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "ccert_issuer="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "ccert_fingerprint="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "encryption_protocol="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "encryption_cipher="
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: "encryption_keysize=0"
Apr  5 09:17:33 mail policyd-spf[9119]: Read line: ""
Apr  5 09:17:33 mail policyd-spf[9119]: Found the end of entry
Apr  5 09:17:33 mail policyd-spf[9119]: Config: {'Mail_From_reject': 'Fail', 'Void_Limit': 2, 'Lookup_Time': 20, 'HELO_reject': 'Fail', 'Header_Type': 'SPF', 'defaultSeedOnly': 1, 'PermError_reject': 'False', 'debugLevel': 4, 'skip_addresses': '127.0.0.0/8,::ffff:127.0.0.0/104,::1', 'TempError_Defer': 'False'}
Apr  5 09:17:33 mail policyd-spf[9119]: Cached data for this instance: []
Apr  5 09:17:43 mail policyd-spf[9119]: spfcheck: pyspf result: "['None', '', 'helo']"
Apr  5 09:17:43 mail policyd-spf[9119]: None; identity=helo; client-ip=XXX.XX.XX.XXX; helo=web1; envelope-from=noreply@mail.example.com; receiver=bowser@mail.example.com
Apr  5 09:17:43 mail policyd-spf[9119]: Header type: SPF; Authres ID (for AR): None
Apr  5 09:17:43 mail policyd-spf[9119]: spfcheck: pyspf result: "['None', '', 'mailfrom']"
Apr  5 09:17:43 mail policyd-spf[9119]: None; identity=mailfrom; client-ip=XXX.XX.XX.XXX; helo=web1; envelope-from=noreply@mail.example.com; receiver=bowser@mail.example.com
Apr  5 09:17:43 mail policyd-spf[9119]: Header type: SPF; Authres ID (for AR): None
Apr  5 09:17:43 mail policyd-spf[9119]: Action: prepend: Text: Received-SPF: None (no SPF record) identity=mailfrom; client-ip=XXX.XX.XX.XXX; helo=web1; envelope-from=noreply@mail.example.com; receiver=bowser@mail.example.com
Apr  5 09:17:43 mail postfix/smtpd[9114]: CBCB723ADE: client=web1[XXX.XX.XX.XXX]
Apr  5 09:17:43 mail postfix/cleanup[9133]: CBCB723ADE: message-id=<310009219.518.1554470379582@web1>
Apr  5 09:17:43 mail postfix/qmgr[9111]: CBCB723ADE: from=<noreply@mail.example.com>, size=3718, nrcpt=1 (queue active)
Apr  5 09:17:43 mail postfix/smtpd[9114]: disconnect from web1[XXX.XX.XX.XXX]
Apr  5 09:17:43 mail postfix/local[9134]: CBCB723ADE: to=<bowser@mail.example.com>, relay=local, delay=10, delays=10/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Apr  5 09:17:43 mail postfix/qmgr[9111]: CBCB723ADE: removed

下面是我的postconf -n输出：

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
mydomain = example.com
myhostname = mail.example.com
mynetworks = YYY.YY.YY.YY, 127.0.0.0/8 [::1]/128
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_recipient_restrictions = check_policy_service unix:private/policyd-spf,   permit_sasl_authenticated,      reject_unauth_destination,      warn_if_reject
unknown_local_recipient_reject_code = 550

这是我的政策-spf.conf文件：

#  For a fully commented sample config file see policyd-spf.conf.commented

debugLevel = 4
defaultSeedOnly = 1

HELO_reject = Fail
Mail_From_reject = Fail

PermError_reject = False
TempError_Defer = False

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

Answer 1

1. 我是spf的新手，但是第一行创建了一个无尾循环，因为它包含了自己。

mail.example.com。在TXT "v=spf1 include:mail.example.com -all“中

1. 我很好奇： 包括:web1 1

web1不是FQDN，但必须包含FQDN IIRC吗？

PS:更多的人会发现你的帖子，所以请张贴你的解决方案或删除它，这样人们就可以找到有用的信息，而不是孤立的问题。

Answer 2

SPF表示发件人策略框架，如RFC 7208中所指定的。这是以v=spf1为前缀的DNS TXT记录的设置。令人困惑的是，微软推出了SenderID，但由于各种原因从来没有真正流行起来，参见链接，但在v=spf2.0上有前缀。SenderID实际上已经死了，所以要像RFC 7208那样关注SPF，并使用前缀v=spf1。

另一件需要澄清的事情是SPF记录意味着什么:它提供了一个授权系统列表，这些系统可以为域发送电子邮件。因此，您在问题中为域、example.com设置了记录，而不是为mail.example.com设置记录(mail.example.com将是该域的授权发送系统之一)。

把这些加在一起，一个可能的SPF记录是，

example.com. IN TXT "v=spf1 a:mail.example.com -all"

最后，请注意，您建议的一些解决方案具有include:mail.example.com，但include:条目将包含/插入在给定的DNS名称中找到的SPF记录，而不是该名称的机器。相反，a:mail.example.com很可能是你的意思。