在OpenSMTPD中添加了dk变体.将邮件循环发送到我自己的域

Question

我有一个工作良好的OpenSMTPD配置，并在其中添加了dk变体。

一切运行良好，邮件测试等，所有的报告，我有适当的DKIM签名，我的电子邮件分数是10/10，等等。

问题是..。

如果我试图从user@mydomain.com发送电子邮件到other_user@mydomain.com，邮件服务器就会进入循环，而邮件永远不会被发送。我在maillog上看到了这个：

Nov 15 08:34:13 mail dkimproxy.out[38686]: DKIM signing - signed; message-id=<4dea9099466e00b7@mail.mydomain.com>, signer=<MAILER-DAEMON@mail.mydomain.com>, from=<MAILER-DAEMON@mail.mydomain.com>
Nov 15 08:34:13 mail smtpd[33463]: 4dea90938ef29e98 smtp message msgid=0b62ff80 size=104666 nrcpt=1 proto=ESMTP
Nov 15 08:34:13 mail smtpd[33463]: 4dea90938ef29e98 smtp envelope evpid=0b62ff80eb408785 from=<> to=<joey@mydomain.com>                                                               
Nov 15 08:34:13 mail smtpd[33463]: 4dea9092f4274d88 mta delivery evpid=6fe8c750a74f16ac from=<> to=<joey@mydomain.com> rcpt=<-> source="200.100.240.135" relay="200.100.240.135 (mail.mydomain.com)" delay=1s result="Ok" stat="250 2.0.0 0b62ff80 Message accepted for delivery"

..。像这样的循环可能会重复50次--最终它放弃了这个错误：

Nov 15 08:34:18 mail smtpd[33463]: warn: loop detected                                                                                                                                            
Nov 15 08:34:18 mail smtpd[33463]: 4dea9097226c93aa smtp failed-command command="DATA" result="500 5.4.6 Routing loop detected: Loop detected"                                                    
Nov 15 08:34:18 mail smtpd[33463]: 4dea90969c6cf495 mta delivery evpid=49514d020281ac48 from=<> to=<joey@mydomain.com> rcpt=<-> source="200.100.240.135" relay="200.100.240.135 (mail.mydomain.com)" delay=1s result="PermFail" stat="500 5.4.6 Routing loop detected: Loop detected"

我不知道这是什么问题。这只有当我发送电子邮件给自己或与此域的另一个用户，是托管在这个邮件服务器。

# cat dkimproxy_in.conf

# specify what address/port DKIMproxy should listen on
listen    200.100.240.135:10025

# specify what address/port DKIMproxy forwards mail to
relay     200.100.240.135:10026


# cat dkimproxy_out.conf 

# specify what address/port DKIMproxy should listen on
listen    200.100.240.135:10027

# specify what address/port DKIMproxy forwards mail to
relay     200.100.240.135:10028

# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
domain    mydomain.com

# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)

# specify location of the private key
keyfile   /root/dkim.private.key

# specify the selector (i.e. the name of the key record put in DNS)
selector  selector1

# control how many processes DKIMproxy uses
#  - more information on these options (and others) can be found by
#    running `perldoc Net::Server::PreFork'.
#min_servers 5
#min_spare_servers 2

..。这就是一切..。谢谢。

编辑-这里是opensmtpd.conf：

table aliases file:/usr/local/etc/mail/aliases

filter check_dyndns phase connect match rdns regex \
    { '.*\.dyn\..*', '.*\.dsl\..*' } \
    disconnect "550 no residential connections"

filter check_rdns phase connect match !rdns \
    disconnect "550 no rDNS"

filter check_fcrdns phase connect match !fcrdns \
    disconnect "550 no FCrDNS"

listen on 200.100.240.135 filter { check_dyndns, check_rdns, check_fcrdns }

listen on 200.100.240.135 port 10028 tag DKIM

listen on 200.100.240.135 port submission

action "local_mail" mbox alias <aliases>
action "relay_dkim" relay host smtp://200.100.240.135:10027
action "outbound" relay helo mail.mydomain.com
    
match from any mail-from "sensors@mydomain.com" action "local_mail"

match tag DKIM for any action "outbound"
match for any action "relay_dkim"

match from any for domain "mydomain.com" action "local_mail"
match for local action "local_mail"

match from any auth for any action "outbound"
match for any action "outbound"

Answer 1

这个答案是在没有理由对内部进程使用外部接口的情况下编写的。问题不包括pf.conf配置，当使用回送接口时，该配置的设置可能与正常邮件处理冲突，并且应该配置set skip on lo或等效配置。

smtpd.conf：

# Verify this is the correct location of aliases, which normally is
# located in /etc/mail/aliases. If you have changed aliases
# from default, be sure to run newaliases.
table aliases file:/usr/local/etc/mail/aliases

filter check_dyndns phase connect match rdns regex \
    { '.*\.dyn\..*', '.*\.dsl\..*' } \
    disconnect "550 no residential connections"

filter check_rdns phase connect match !rdns \
    disconnect "550 no rDNS"

filter check_fcrdns phase connect match !fcrdns \
    disconnect "550 no FCrDNS"

listen on 127.0.0.1 port 10028 tag DKIM
listen on 200.100.240.135 filter \
    { check_dyndns, check_rdns, check_fcrdns }
listen on 200.100.240.135 port submission

action "local_mail" mbox alias <aliases>
action "relay_dkim" relay host smtp+notls://127.0.0.1:10027
action "outbound" relay helo mail.mydomain.com

match tag DKIM for any action "outbound"
match mail-from "sensors@mydomain.com" action "local_mail"
match from any for domain "mydomain.com" action "local_mail"
match from any auth for any action "outbound"
match for local action "local_mail"
match for any action "relay_dkim"

# I interpret this to be redundant:
# match for any action "outbound"

# This original configuration line seems nonsensical because
# "mail-from" is also "from any", so removed "from any"
# match from any mail-from "sensors@mydomain.com" action "local_mail"

即使配置了dkimproxy_in.conf，目前在接收到的消息中没有对DKIM进行身份验证，因为这不是在原始smtpd.conf中配置的，所以我没有添加它。

dkimproxy_in.conf：

# specify what address/port DKIMproxy should listen on
listen    127.0.0.1:10025

# specify what address/port DKIMproxy forwards mail to
relay     127.0.0.1:10026

dkimproxy_out.conf：

# specify what address/port DKIMproxy should listen on
listen    127.0.0.1:10027

# specify what address/port DKIMproxy forwards mail to
relay     127.0.0.1:10028

# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
domain    mydomain.com

# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)

# specify location of the private key
keyfile   /root/dkim.private.key

# specify the selector (i.e. the name of the key record put in DNS)
selector  selector1

# control how many processes DKIMproxy uses
#  - more information on these options (and others) can be found by
#    running `perldoc Net::Server::PreFork'.
#min_servers 5
#min_spare_servers 2