邮件系统PTR和TXT记录

最近收到很多用户反馈说收不到简历投递的邮件,国外用户居多。刚开始以为线路或者其它方面的问题,查看用户退信邮件日志都出现下面的错误,都是在正常连接到对方的服务器之后对方抛出的错误。从而排除了线路的问题。

Remote_host_said:_450_4.7.1_Client_host_rejected:_cannot_find_your_reverse_hostname,_[61.129.48.xx]

Remote_host_said:_451_Temporary_local_problem

手动在服务器上面测试也是出现下面的问题。

[[email protected] ~]# telnet mx.hc360.com 25
Trying 123.103.77.117...
Connected to mx.hc360.com.
Escape character is ‘^]‘.
220 hcmta4.hc360.org ESMTP Postfix
helo JobsMail1
250 hcmta4.hc360.org
mail from:<[email protected]>
250 2.1.0 Ok
rcpt to:<[email protected]>
450 4.7.1 Client host rejected: cannot find your reverse hostname, [61.129.48.xx]

错误日志很明显,是解析不到邮件服务器IP地址对应的域名。大家都知道MX记录(Mail Exchanger)是邮件交换记录。是根据收件人地址后缀定位互联上面邮件服务器并通过它发送邮件。如果一台邮件服务器没有MX记录,就没有办法发送和接收邮件。而PTR记录被用于邮件系统发送过程中的反向解析,很多邮件服务商在接收邮件的时候都要验证PTR记录来评判是否垃为圾邮件的标准。

然后我去服务上面解析PTR记录,确实没有解析到对应的PTR记录。查看原因是因为由于合同到期没有续费的原因导致的电信运营商把解析记录给屏蔽掉了,后来联系运营商重新续费开通之后解决了用户投递问题。PTR记录是ISP运营商做的,大致一个IP500-600元每年的收费。

下面以163为例,说明怎么样查看邮件服务器是否做了PTR记录。首先解析邮件服务器的MX记录,然后在解析MX记录对应的A记录,最后查看该A记录是否能解析到对应的域名。如果能解析到域名,说明做了PTR记录,否则没有做。

#解析MX记录
[[email protected] ~]# nslookup
> set type=mx
> 163.com
Server:        127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
163.com    mail exchanger = 10 163mx01.mxmail.netease.com.
163.com    mail exchanger = 10 163mx03.mxmail.netease.com.
163.com    mail exchanger = 10 163mx02.mxmail.netease.com.
163.com    mail exchanger = 50 163mx00.mxmail.netease.com.

Authoritative answers can be found from:
#解析MX记录对应的A记录
> set type=A
> 163mx01.mxmail.netease.com
Server:        127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
Name:    163mx01.mxmail.netease.com
Address: 220.181.14.139
Name:    163mx01.mxmail.netease.com
Address: 220.181.14.140
Name:    163mx01.mxmail.netease.com
Address: 220.181.14.141
Name:    163mx01.mxmail.netease.com
Address: 220.181.14.135
Name:    163mx01.mxmail.netease.com
Address: 220.181.14.138
Name:    163mx01.mxmail.netease.com
Address: 220.181.14.136
Name:    163mx01.mxmail.netease.com
Address: 220.181.14.142
Name:    163mx01.mxmail.netease.com
Address: 220.181.14.137
Name:    163mx01.mxmail.netease.com
Address: 220.181.14.143
#查看A记录对应的IP是否有PTR记录
> set type=PTR
> 220.181.14.139  
Server:        127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
139.14.181.220.in-addr.arpa    name = mr14139.mail.163.com.

Authoritative answers can be found from:
> 220.181.14.140
Server:        192.168.1.5
Address:    192.168.1.5#53

Non-authoritative answer:
140.14.181.220.in-addr.arpa    name = mr14140.mail.163.com.

说完了PTR记录,顺便说一下TXT记录,邮件的TXT记录是一种以IP地址认证电子邮件发件人身份的技术。也是非常高效的反垃圾邮件解决方案。邮件接收方会验证域名对应的TXT记录,来验证发件人的IP地址是否包含在TXT记录里面。如果在,就认为是一封正常的邮件,否则会认为是一封垃圾邮件进行退回。

为了提高邮件外发的成功率,下面以腾讯的企业邮箱为例来说明如何设置TXT记录。

技术图片

通过下面的方法可以查看腾讯企业邮箱TXT记录所包含的IP地址段。spf.mail.qq.com记录总共包括spf-a.mail.qq.com-spf-d.mail.qq.com四条记录,可以查看每条记录所包括的IP列表。

[[email protected] ~]# nslookup
> set type=txt
> zmzblog.com
Server:        192.168.1.110
Address:    192.168.1.110#53

Non-authoritative answer:
zmzblog.com    text = "v=spf1 include:spf.mail.qq.com ~all"

Authoritative answers can be found from:
com    nameserver = i.gtld-servers.net.
com    nameserver = j.gtld-servers.net.
com    nameserver = k.gtld-servers.net.
com    nameserver = l.gtld-servers.net.
com    nameserver = m.gtld-servers.net.
com    nameserver = a.gtld-servers.net.
com    nameserver = b.gtld-servers.net.
com    nameserver = c.gtld-servers.net.
com    nameserver = d.gtld-servers.net.
com    nameserver = e.gtld-servers.net.
com    nameserver = f.gtld-servers.net.
com    nameserver = g.gtld-servers.net.
com    nameserver = h.gtld-servers.net.
> set type=txt
> spf.mail.qq.com
Server:        192.168.1.110
Address:    192.168.1.110#53

Non-authoritative answer:
spf.mail.qq.com    text = "v=spf1 include:spf-a.mail.qq.com include:spf-b.mail.qq.com include:spf-c.mail.qq.com include:spf-d.mail.qq.com"

Authoritative answers can be found from:
mail.qq.com    nameserver = ns-tel1.qq.com.
mail.qq.com    nameserver = ns-tel2.qq.com.

> set type=txt
> spf-a.mail.qq.com
Server:        192.168.1.110
Address:    192.168.1.110#53

Non-authoritative answer:
spf-a.mail.qq.com    text = "v=spf1 ip4:103.7.28.0/24 ip4:103.7.29.0/24 ip4:112.90.139.0/24 ip4:112.95.234.0/24 ip4:113.108.11.0/24 ip4:113.108.67.0/24 ip4:119.147.16.0/24 ip4:119.147.193.0/24 ip4:119.147.194.0/24 ip4:119.147.20.0/24 ip4:120.196.211.0/24 ip4:59.78.209.0/24 ~all"

......
> set type=txt  
> spf-b.mail.qq.com
Server:        192.168.1.110
Address:    192.168.1.110#53

Non-authoritative answer:
spf-b.mail.qq.com    text = "v=spf1 ip4:14.17.32.0/24 ip4:14.17.43.0/24 ip4:14.17.44.0/24 ip4:183.60.2.0/24 ip4:183.60.52.0/24 ip4:183.60.61.0/24 ip4:183.60.8.0/24 ip4:183.62.104.0/24 ip4:184.105.206.0/24 ip4:184.105.67.0/24 ip4:203.205.160.0/24  ip4:58.250.132.0/24 ~all"
......

邮件系统PTR和TXT记录

原文地址:https://blog.51cto.com/sfzhang88/2517478