|
|
|
Welcome to my blog!
| 邮件发送失败一案例 |
如果发送邮件失败
1.从ip入手,察看ip是否被列入了黑名单,http://www.dnsstuff.com,很多的反垃圾网站的查询黑名单的接口都是用这里的,查询的格式如下:http://www.dnsstuff.com/tools/ip4r.ch?ip=221.144.3.52
2.今天收到一封退信,偶第一次看到这样退信,退信内容如下
"undeliverable to spider_bug@163.com
Server response to MAIL FROM:
550 MI:SPF mx28,wKjR6rA7UPUUw_RFBwNCAQ==.57551S2 1173668628 http://mail.163.com/help/help_spam_16.htm"
解决方法:
我的邮件服务器和163.com的邮件是可以正常互发的,为什么这次退信呢,我的imail上的信箱设置为转发到spider_bug@163.com,难道是转发的时候出问题了,我查了日志,邮件在整个发送的过程中,的确已经到我的imail邮件服务器上,也提示成功转发,但最后被163.com退回来了,由此判断,问题出在转发的时候。根据退信内容,163给出了出错的原因,断定为SPF有问题,网上查了一下RFC 4408的一些资料,SPF说明如下:
"1. Introduction
The current E-Mail infrastructure has the property that any host
injecting mail into the mail system can identify itself as any domain
name it wants. Hosts can do this at a variety of levels: in
particular, the session, the envelope, and the mail headers.
Although this feature is desirable in some circumstances, it is a
major obstacle to reducing Unsolicited Bulk E-Mail (UBE, aka spam).
Furthermore, many domain name holders are understandably concerned
about the ease with which other entities may make use of their domain
names, often with malicious intent.
This document defines a protocol by which domain owners may authorize
hosts to use their domain name in the "MAIL FROM" or "HELO" identity.
Compliant domain holders publish Sender Policy Framework (SPF)
records specifying which hosts are permitted to use their names, and
compliant mail receivers use the published SPF records to test the
authorization of sending Mail Transfer Agents (MTAs) using a given
"HELO" or "MAIL FROM" identity during a mail transaction.
An additional benefit to mail receivers is that after the use of an
identity is verified, local policy decisions about the mail can be
made based on the sender's domain, rather than the host's IP address.
This is advantageous because reputation of domain names is likely to
be more accurate than reputation of host IP addresses. Furthermore,
if a claimed identity fails verification, local policy can take
stronger action against such E-Mail, such as rejecting it."
什么是SPF
就是Sender Policy Framework。SPF可以防止别人伪造你来发邮件,是一个反伪造性邮件的解决方案。当你定义了你的domain name的SPF记录之后,接收邮件方会根据你的SPF记录来确定连接过来的IP地址是否被包含在SPF记录里面,如果在,则认为是一封正确的邮件,否则则认为是一封伪造的邮件。关于更详细的信息请参考RFC4408(http://www.ietf.org/rfc/rfc4408.txt)
如何增加SPF记录
非常简单,在DNS里面添加TXT记录即可。登陆http://www.openspf.org/wizard.html 在里面输入你的域名,点击Begin,然后会自动得到你域名的一些相关信息。
a 你域名的A记录,一般选择yes,因为他有可能发出邮件。
mx 一般也是yes,MX服务器会有退信等。
ptr 选择no,官方建议的。
a: 有没有其他的二级域名?比如:bbs.extmail.org和www不在一台server上,则填入bbs.extmail.org。否则清空。
mx: 一般不会再有其他的mx记录了。
ip4: 你还有没有其他的ip发信?可能你的smtp服务器是独立出来的,那么就填入你的IP地址或者网段。
include: 如果有可能通过一个isp来发信,这个有自己的SPF记录,则填入这个isp的域名,比如:sina.com
~all: 意思是除了上面的,其他的都不认可。当然是yes了。
好了,点击Continue.....
自动生成了一条SPF记录,比如extmail.org的是
v=spf1 a mx ~all
并且在下面告诉你如何在你的bind里面添加一条
extmail.org. IN TXT "v=spf1 a mx ~all"
加入你的bind,然后ndc reload即可。
检查一下:
dig -t txt extmail.org
|
| [ 阅读全文 | 回复(0) | 引用通告 | 编辑 ] |
Post by badboy 发表于 2007-8-15 0:12:00
|
|
 | |
