我正在使用Plesk(Onyx)與外部DNS組合。 我配置了郵件,一切似乎都沒問題,但我不確定郵件配置是否正確,因爲有時DMARC報告指出,SPF/DKIM驗證未通過。Plesk中的郵件配置 - DKIM,DMARC,SPF,DNS記錄
我CONFIGS:
DNS-記錄域 - mydomain.com和mail.mydomain.com(創建相同的DNS條目兩次,mydomain.com和子域mail.mydomain.com,除了MX-進入,其被配置爲僅用於mydomain.com):
反向DNS:
123.456.1.1 -> mail.mydomain.com
MX:mail.mydomain.com
SPF:
v=spf1 +a +mx -all
_dmarc:
v=DMARC1; p=none; pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1; adkim=s; aspf=r
域關鍵字:
o=-
default._domainkey:
v=DKIM1; p=SIGNATUREHERE;
PLESK /服務器相關:
- 主機名:
zeus.mydomain.com
- 郵件名:測試郵件
mail.mydomain.com
郵件信頭:
Delivered-To: [email protected]
Received: by 10.31.48.86 with SMTP id w83csp1454833vkw;
Fri, 6 Oct 2017 01:39:44 -0700 (PDT)
X-Google-Smtp-Source: AOwi7QAKFeawe3fGhxawUkAdVvaqjrBGMTZvJ466CoQNxwFGRk6xInOapHBRt14rI+zpCQmcl4z4
X-Received: by 10.223.184.246 with SMTP id c51mr1352887wrg.250.1507279184077;
Fri, 06 Oct 2017 01:39:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1507279184; cv=none;
d=google.com; s=arc-20160816;
b=SignatureHERE
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:mime-version:subject:to:from:date
:dkim-signature:message-id:arc-authentication-results;
bh=4lLj3bndoJBX1fsz99dGcUZLZyWwVlQLXwB3uGl3sKs=;
b=SignatureHERE
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=default header.b=RUVEDlBN;
spf=pass (google.com: domain of [email protected] designates 123.456.1.1 as permitted sender) [email protected];
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mydomain.com
Return-Path: <[email protected]>
Received: from mail.mydomain.com (mail.mydomain.com. [123.456.1.1])
by mx.google.com with ESMTPS id k10si874730wrg.550.2017.10.06.01.39.43
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 06 Oct 2017 01:39:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 123.456.1.1 as permitted sender) client-ip=123.456.1.1;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=default header.b=RUVEDlBN;
spf=pass (google.com: domain of [email protected] designates 123.456.1.1 as permitted sender) [email protected];
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mydomain.com
Message-Id: <[email protected]>
Received: from mydomain.com (unknown [188.93.221.133]) by mail.mydomain.com (Postfix) with ESMTPSA id 6821B3C00CF for <[email protected]>; Fri,
6 Oct 2017 10:39:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=default; t=1507279183; bh=4lLj3bndoJBX1fsz99dGcUZLZyWwVlQLXwB3uGl3sKs=; l=26539; h=From:To:Subject; b=RUVEDlBNkO7PgHEEmuAlCSgG+batl5Ple/8O94GKLu7StZJLLa01k4rbjlnKX+3R9
mWt8+kOAPthM6lro4Z23B7LMk2ueWDpkFJZX3zRnOUC9E7LiIIQXNz83s8N640T6e7
7a4nFVAWgS9bIu/+TyyInPHOsnbe0/IKZKAyJw9k=
Authentication-Results: zeus.mydomain.com;
spf=pass (sender IP is 188.93.221.133) [email protected] smtp.helo=mydomain.com
Received-SPF: pass (zeus.mydomain.com: connection is authenticated)
Date: Fri, 06 Oct 2017 10:39:43 +0200
From: MyDomain <[email protected]>
To: [email protected]
Subject: mydomain.com: Test Subject
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
我有什麼改變,如果我想使用f。即「[email protected]」作爲發件人地址/發件人地址?我是否需要將郵件名更改爲「mydomain.com」?如果我將郵件名更改爲「mydomain.com」,我可以安全刪除mail.mydomain.com的DNS條目嗎?有沒有辦法在PLESK中配置郵件名/確保PLESK不覆蓋它,如果進行了新的更新/升級?
編輯:unlocktheinbox的測試:https://www.unlocktheinbox.com/mail-tester/9YBYhi8wpqo=/
謝謝你的回答。我爲我的域添加了測試結果。只需將「mydomain.com」替換爲「lotsearch.de」即可。 – mfuesslin
我不認爲這是一個很好的SPF記錄。它可能在技術上驗證,但SPF記錄應包括您已授權發送傳出電子郵件的特定IP地址和/或主機服務。你是否看到我的意思是'ip4:'代表IP地址和/或'include:'代表主機 DKIM記錄是什麼?如果您指出主機名,查找起來會更容易。 –
是的,我看着,並相應地改變我的SPF。謝謝。通過「域對齊」,你的意思是說所有的東西都應該是同一個域(「mydomain.com」)?因此,我需要將主機名從「zeus.mydomain.com」更改爲「mydomain.com」,並將郵件名/郵件服務器配置更改爲通過「mail.mydomain.com」使用「mydomain.com」? – mfuesslin