550-5.7.26来自域的未经认证的电子邮件仅在ERP上不被接受

Question

我已经更新了我们的邮件服务器使用DMARC。因此，在此之后，我们的企业资源规划系统不能发送电子邮件到gmail.com或yahoo.com，但Outlook发送电子邮件没有任何问题。

下面是从我的域发送到Gmail的邮件的标题，并安全地发送：

Message ID <4bcfe9f3-0eb7-98cf-dcaf-0440d4a5e67f@domain.com>

Created at: Fri, Jul 16, 2021 at 11:30 AM (Delivered after 4 seconds)

From: me

To: me@gmail.com

Subject: Check1

SPF: PASS with IP 000.000.000.000 (mail server IP) Learn more

DKIM: 'PASS' with domain domain.com Learn more

DMARC: 'PASS' Learn more

但是，当我们使用下面的代码从我们的ERP发送：

defined('BASEPATH') OR exit('No direct script access allowed');

class SendPO extends CI_Controller {
    var $role,$user,$brand;

    public function __construct()
    {
        parent::__construct();
        $this->load->helper('url');
    }

    public function index(){

        $mailTo = "me@gmail.com";
        $subject = "Mail check ";
   
        $config = Array(
            'protocol' => 'smtp',
            'smtp_host' => 'mail.example.com',
            'smtp_port' => 465,
            'smtp_user' => 'erp.email@example.com',
            'smtp_pass' => 'some-password',
            'charset'=>'utf-8',
            'validate'=>TRUE,
            'wordwrap'=> TRUE,
            'dkim_domain' => 'example.com',
            'dkim_private' => '/home/ubuntu/mail.private',
            'dkim_selector' => 'mail',
            'dkim_passphrase' => '',
        );

        $this->load->library('email', $config);
        $this->email->set_newline("\r\n");
 
        $this->email->from("me@example.com");
        $this->email->cc("me@example.com");
 
        // replace my mail by user it is just for testing
        $this->email->to($mailTo);
        $this->email->subject($subject);

        $msg="Mail check";
        //echo $msg;
        $this->email->message($msg);
        $this->email->set_header('Reply-To', $userMail);
        $this->email->set_mailtype('html');
        $this->email->send();
    }
}
?>

我看到这封邮件“退回的邮件:详情见抄本”。

The original message was received on Fri, 16 Jul 2021 11:22:05 +0200

来自erp.domain.com

----- The following addresses had permanent fatal errors -----

(reason: 550-5.7.26 Unauthenticated email from example.com is not accepted due)

----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.26 Unauthenticated email from example.com is not accepted due
<<< 550-5.7.26 to domain's DMARC policy. Please contact the administrator of
<<< 550-5.7.26 example.com domain if this was a legitimate mail. 
Please
<<< 550-5.7.26 visit
<<< 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the
<<< 550 5.7.26 DMARC initiative. g11si7705633pfc.152 - gsmtp

554 5.0.0服务不可用

Reporting-MTA: dns; erp.domain.com
Received-From-MTA: DNS; erp.domain.com
Arrival-Date: Fri, 16 Jul 2021 11:22:05 +0200

Final-Recipient: RFC822; me@gmail.com
Action: failed
Status: 5.7.26
Remote-MTA: DNS; gmail-smtp-in.l.google.com
Diagnostic-Code: SMTP; 550-5.7.26 Unauthenticated email from example.com is not accepted due
Last-Attempt-Date: Fri, 16 Jul 2021 11:22:05 +0200


Return-Path:
Received: from erp.example.com (erp.example.com [127.0.0.1])
  by erp.example.com (8.15.2/8.15.2/Debian-3) with ESMTP id 16G9M5eY021733;
  Fri, 16 Jul 2021 11:22:05 +0200
Received: (from www-data@localhost)
  by erp.domain.com (8.15.2/8.15.2/Submit) id 16G9M5NP021732;
  Fri, 16 Jul 2021 11:22:05 +0200
X-Authentication-Warning: erp.domain.com: www-data set sender to me@example.com using -f
To: me@gmail.com
Subject: =?UTF-8?Q?Vendor=20VPO=20Test=20?=
X-PHP-Originating-Script: 0:Email.php
User-Agent: CodeIgniter
Date: Fri, 16 Jul 2021 11:22:05 +0200
From:
Cc: me@example.com
Reply-To:
X-Sender: me@domain.com
X-Mailer: CodeIgniter
X-Priority: 3 (Normal)
Message-ID: <60f14fbd23c93@example.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="B_ALT_60f14fbd23d53"

我在https://www.mail-tester.com/上做了测试，结果显示10/10

当我在https://toolbox.googleapps.com/上进行测试时，它显示：

error

DKIM authentication DNS setup.

DKIM technology is used to help detection of unauthorized mail that pretends to be sent out from your domain.
Invalid format of DKIM record.

v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjYVyZyyl6T...

error

SPF must allow Google servers to send mail on behalf of your domain.

Decision SPF fail - not authorized

Record v=spf1 mx a ip4:000.000.000.000 -all

warning

No Google mail exchangers were found. Relay host configuration?

If you intentionally set up a mail server somewhere on your premises that automatically forwards all incoming mail to Google you may disregard this warning. Otherwise - this is a serious configuration error as it causes disruption of mail flow.

0 mail.example.com

info_outline

Effective SPF Address Ranges.
The following IP addresses are taken from the includes and IP4/IP6 directives within this domain's SPF record.

example.com.

000.000.000.000

我认为原因是这个页面的一部分(由父域签名)：

https://datatracker.ietf.org/doc/html/rfc6376#section-3.10

如果我的想法是正确的！会有人为SPF记录提供正确的格式吗？

如果我错了！我希望能帮你弄清楚到底发生了什么

Answer 1

我在别人的帮助下成功地解决了这个问题.谢谢各位亲爱的。注意:邮件服务器IP为000.000.000.000 ERP是111.111.111.111显示问题的原因: 550-5.7.26来自example.com的未经身份验证的电子邮件由于域的DMARC策略而不被接受，但是DKIM和DMARC并不是要修复的目标。

问题的根本原因: ERP失败作为me@example.com的域指定111.111.111.111 (ERP的IP地址)是不允许的，发送者) smtp.mailfrom=me@example.com

如何解决: 1-更新了ERP "send-email.php“文件中的代码

$config = Array(
    'protocol' => 'smtp',
    'smtp_host' => 'mail.example.com',
    'smtp_port' => 465,
    'smtp_user' => 'system-mail@example.com',
    'smtp_pass' => 'password',
    'charset'=>'utf-8',
    'validate'=>TRUE,
    'wordwrap'=> TRUE,
    'dkim_domain' => 'example.com',
    'dkim_selector' => 'mail',

安装在ERP服务器上的邮件服务守护进程具有中继发送功能，如下面的教程所示。https://www.bonusbits.com/wiki/HowTo:Configure_SendMail_至_使用_SMTP_继电器

更新托管公司Cpanel中的DNS记录，以适应所做的修改。

• 在TXT部分中更新：

主机记录：@ TXT值: v=spf1 mx a ip4 4:000.000.000.000 ip4:111.111.111.111 ~all

更新:主机记录:邮件TXT值: v=spf1 mx a ip4 4:000.000.000.000 ip4:111.111.111.111 -all

我再次感谢大家在过去几天中所提供的信息和作出的努力:)