我正在使用Plesk(Onyx)与外部DNS组合。 我配置了邮件,一切似乎都没问题,但我不确定邮件配置是否正确,因为有时DMARC报告指出,SPF/DKIM验证未通过。Plesk中的邮件配置 - DKIM,DMARC,SPF,DNS记录
我CONFIGS:
DNS-记录域 - mydomain.com和mail.mydomain.com(创建相同的DNS条目两次,mydomain.com和子域mail.mydomain.com,除了MX-进入,其被配置为仅用于mydomain.com):
反向DNS:
123.456.1.1 -> mail.mydomain.comMX:mail.mydomain.com
SPF:
v=spf1 +a +mx -all_dmarc:
v=DMARC1; p=none; pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1; adkim=s; aspf=r域关键字:
o=-default._domainkey:
v=DKIM1; p=SIGNATUREHERE;
PLESK /服务器相关:
- 主机名:
zeus.mydomain.com - 邮件名:测试邮件
mail.mydomain.com
邮件信头:
Delivered-To: [email protected]
Received: by 10.31.48.86 with SMTP id w83csp1454833vkw;
Fri, 6 Oct 2017 01:39:44 -0700 (PDT)
X-Google-Smtp-Source: AOwi7QAKFeawe3fGhxawUkAdVvaqjrBGMTZvJ466CoQNxwFGRk6xInOapHBRt14rI+zpCQmcl4z4
X-Received: by 10.223.184.246 with SMTP id c51mr1352887wrg.250.1507279184077;
Fri, 06 Oct 2017 01:39:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1507279184; cv=none;
d=google.com; s=arc-20160816;
b=SignatureHERE
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:mime-version:subject:to:from:date
:dkim-signature:message-id:arc-authentication-results;
bh=4lLj3bndoJBX1fsz99dGcUZLZyWwVlQLXwB3uGl3sKs=;
b=SignatureHERE
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=default header.b=RUVEDlBN;
spf=pass (google.com: domain of [email protected] designates 123.456.1.1 as permitted sender) [email protected];
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mydomain.com
Return-Path: <[email protected]>
Received: from mail.mydomain.com (mail.mydomain.com. [123.456.1.1])
by mx.google.com with ESMTPS id k10si874730wrg.550.2017.10.06.01.39.43
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 06 Oct 2017 01:39:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 123.456.1.1 as permitted sender) client-ip=123.456.1.1;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=default header.b=RUVEDlBN;
spf=pass (google.com: domain of [email protected] designates 123.456.1.1 as permitted sender) [email protected];
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mydomain.com
Message-Id: <[email protected]>
Received: from mydomain.com (unknown [188.93.221.133]) by mail.mydomain.com (Postfix) with ESMTPSA id 6821B3C00CF for <[email protected]>; Fri,
6 Oct 2017 10:39:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=default; t=1507279183; bh=4lLj3bndoJBX1fsz99dGcUZLZyWwVlQLXwB3uGl3sKs=; l=26539; h=From:To:Subject; b=RUVEDlBNkO7PgHEEmuAlCSgG+batl5Ple/8O94GKLu7StZJLLa01k4rbjlnKX+3R9
mWt8+kOAPthM6lro4Z23B7LMk2ueWDpkFJZX3zRnOUC9E7LiIIQXNz83s8N640T6e7
7a4nFVAWgS9bIu/+TyyInPHOsnbe0/IKZKAyJw9k=
Authentication-Results: zeus.mydomain.com;
spf=pass (sender IP is 188.93.221.133) [email protected] smtp.helo=mydomain.com
Received-SPF: pass (zeus.mydomain.com: connection is authenticated)
Date: Fri, 06 Oct 2017 10:39:43 +0200
From: MyDomain <[email protected]>
To: [email protected]
Subject: mydomain.com: Test Subject
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
我有什么改变,如果我想使用f。即“[email protected]”作为发件人地址/发件人地址?我是否需要将邮件名更改为“mydomain.com”?如果我将邮件名更改为“mydomain.com”,我可以安全删除mail.mydomain.com的DNS条目吗?有没有办法在PLESK中配置邮件名/确保PLESK不覆盖它,如果进行了新的更新/升级?
编辑:unlocktheinbox的测试:https://www.unlocktheinbox.com/mail-tester/9YBYhi8wpqo=/
谢谢你的回答。我为我的域添加了测试结果。只需将“mydomain.com”替换为“lotsearch.de”即可。 – mfuesslin
我不认为这是一个很好的SPF记录。它可能在技术上验证,但SPF记录应包括您已授权发送传出电子邮件的特定IP地址和/或主机服务。你是否看到我的意思是'ip4:'代表IP地址和/或'include:'代表主机 DKIM记录是什么?如果您指出主机名,查找起来会更容易。 –
是的,我看着,并相应地改变我的SPF。谢谢。通过“域对齐”,你的意思是说所有的东西都应该是同一个域(“mydomain.com”)?因此,我需要将主机名从“zeus.mydomain.com”更改为“mydomain.com”,并将邮件名/邮件服务器配置更改为通过“mail.mydomain.com”使用“mydomain.com”? – mfuesslin