昨天,安裝了iRedmail,版本號爲:9.0.4。
安裝完成後各個功能正常,給QQ郵箱發郵件,立馬收到了,這速度,真快。可是,收郵件的時候卻非常非常慢。如果有人收不到郵件,看看是不是你的端口映射有問題。好了,下面總結下安裝按成後需要做的工作,這些東西都是在官方文檔裏找到的答案。對於郵箱服務器,最重要的還是DNS解析把,別讓人家把你當成垃圾郵件給阻擋了。其實,有時候,你的郵件能躺在人家的垃圾郵箱裏也是種幸福,畢竟你是小衆羣體。
DNS的配置,官方的說法:
A record for server hostname
What is an A recordrecords map a FQDN (fully qualified domain name) to an IP
address. This is usually the most often used record type in any
DNS system. This is the DNS record you should add if you want
to point a domain name to a web server.
添加方法:在A記錄裏面增加一個mail 然後指向郵件服務器的IP。比如:
A mail.abc.com ---->12.12.12.1 TTL 和優先級默認。abc.com 視爲你的域名。
---------------------------分割線----------------------------
Reverse PTR record for server
IP address
What is a reverse PTR record
PTR record or more appropriately a reverse PTR record is a
process of resolving an IP address to its associated hostname.
This is the exact opposite of the process of resolving a hostname
to an IP address ( A record). Example, when you ping a name
mail.mydomain.com it will get resolved to the ip address using the
DNS to something like 192.168.1.5 . Reverse PTR record does the
opposite; it looks up the hostname for the given IP address. In
the example above the PTR record for IP address 192.168.1.5
will get resolved to mail.mydomain.com .
第二步:增加PTR
方法:增加一個MX記錄,解析值爲:mail.abc.com. <---com後面有個.有的DNS廠家會自動給你補上,有的不會。
NAME PRIORITY TYPE DATA
mydomain.com. 10 mx mail.abc.com.
-----------------------分割線-------------------------
SPF record for your mail domain name
What is a SPF record SPF is a spam and phishing scam fighting method which uses
DNS SPF-records to define which hosts are permitted to send
e-mails for a domain. For details on SPF, please see
http://www.openspf.org/
This works by defining a DNS SPF-record for the e-mail domain
name specifying which hosts (e-mail servers) are permitted to
send e-mail from the domain name.
Other e-mail servers can lookup this record when receiving an
e-mail from this domain name to verify that sending e-mail server is connecting from a permitted IP address.
第三步:增加SPF解析
方法:
@ TXT "v=spf1 mx mx:mydomain.com -all"
@ TXT "v=spf1 ip4:192.168.1.100 -all"
在根域名下增加一個TXT解析,上面兩種方法都可以,我都加上去了。
--------------------分割線------------------------
DKIM record for your mail domain name
What is a DKIM recordDKIM allows an organization to take responsibility for amessage in a way that can be verified by a recipient. The
organization can be a direct handler of the message, such as the
author's, the originating sending site's, or an intermediary's
along the transit path. However, it can also be an indirect
handler, such as an independent service that is providing
assistance to a direct handler. DKIM defines a domain-level
digital signature authentication framework for email through the
use of public-key cryptography and using the domain name
service as its key server technology (RFC4871). It permits
verification of the signer of a message, as well as the integrity of
its contents. DKIM will also provide a mechanism that permits
potential email signers to publish information about their email
signing practices; this will permit email receivers to make
additional assessments of unsigned messages. DKIM's
authentication of email identity can assist in the global control of
"spam" and "phishing".
A person or organization has an "identity" -- that is, a
constellation of characteristics that distinguish them from any
other identity. Associated with this abstraction can be a label
used as a reference, or "identifier". This is the distinction
between a thing and the name of the thing. DKIM uses a domain
name as an identifier, to refer to the identity of a responsible
person or organization. In DKIM, this identifier is called the
Signing Domain IDentifier (SDID) and is contained in the
DKIM-Signature header fields d= tag. Note that the same
identity can have multiple identifiers.
好長啊,我都沒看。
第四部:增加DKIM解析
方法:增加一個TXT記錄,二級域名填dkim._domainkey.mydomain.com. 改成你的域名。
txt值爲:v=DKIM1; p=××××××××××××××××××××××
那一串××××怎麼來的?
#amavisd -c /etc/amavisd/amavisd.conf showkeys 運行此命令得來的。
另外安裝完成的時候,在當前目錄裏面有個pis文件。裏面有詳細的參數,要啥有啥。種類齊全。
------------------------分割線--------------------
DNS搞定之後,就是端口映射了,這個不想在這裏說了。我就說說浪費我一下午的時間來搞接受郵件慢的問題。
貼上錯誤日誌:tail -20 /var/log/maillog
May 4 09:32:50 mx postfix/smtpd[6996]: NOQUEUE: reject: RCPT from smtpbg329.qq.com[14.17.43.214]: 451 4.7.1 <**@wode.com>: Recipient address rejected: Intentional policy rejection, please try again later; from=<k*(**@foxmail.com> to=<**@wode.com> proto=ESMTP helo=<smtpbg329.qq.com>
基本有用的信息就這些。
一看就是被規則阻止掉了,在百度上搜了下這個錯誤,查出來了個“呵呵”。結果去Bing查詢,查處不少有用的東西,有個帖子的鏈接把我引導了iRedMail的官網,我也想在官網查,可是官網沒有論壇,哎。
鏈接:http://www.iredmail.com/docs/manage.iredapd.html
裏面先是說了白名單,黑名單種種,我傻乎乎的跟着配,結果,人家是@anyone ->@anyone
跟空的iptables一樣。
最後幾行小字看到了想要的東西:
It queries SPF and MX records of specified mail domain names, then store all
converted IP addresses/networks defined in SPF/MX records in SQL tableiredapd.greylisting_whitelists.
To whitelist IP addresses/networks of some mail domain, for example,outlook.com, microsoft.com, please run command like below:
# cd /opt/iredapd/tools/
# python spf_to_greylist_whitelists.py outlook.com microsoft.com
If you want to whitelist more mail domains, just run the command with the domain names like above sample.
Since iRedAPD-1.8.0, we have SQL table iredapd.greylisting_whitelist_domainsto store these mail domain names. if you run spf_to_greylist_whitelists.pywithout any argument, it will fetch all mail domains stored in sql table
greylisting_whitelist_domains instead of fetching from command line arguments.
# python spf_to_greylist_whitelists.py
You should setup a cron job to run this script, so that it can keep the IP addresses/networks up to date. iRedMail sets up the cron job to run every 10 minutes, like below:
*/10 * * * * /usr/bin/python /opt/iredapd/tools/spf_to_greylist_whitelists.py &>/dev/null
進入tools文件夾,執行命令:
python spf_to_greylist_whitelists.py outlook.com microsoft.com 126.com 163.com qq.com foxmail.com 臥槽,終於解決了。