前提:架設 synology Mail Server 後發現我不能將信件轉傳到 gmail
原因是因為沒有 PTR (IP 反解 / Reverse DNS record),導致 Gmail(還有其他大型郵件伺服器,像 Yahoo、Outlook)直接把你的信擋掉
而寄信的信箱會收到拒收回函如下
This is the mail system at host quantoyo.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<XXXXXXX@gmail.com>: host gmail-smtp-in.l.google.com[74.125.204.26] said:
550-5.7.26 Your email has been blocked because the sender is
unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with
either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [quantoyo.com] with ip:
[106.104.168.235] = did not pass 550-5.7.26 550-5.7.26 For instructions
on setting up authentication, go to 550 5.7.26
https://support.google.com/mail/answer/81126#authentication
41be03b00d2f7-b47640a4e1esi3960484a12.545 - gsmtp (in reply to end of DATA
command)或這樣
This is the mail system at host quantoyo.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<XXXXXXX@gmail.com>: host gmail-smtp-in.l.google.com[64.233.188.27] said:
550-5.7.25 [106.104.168.235] The IP address sending this message does not
have a 550-5.7.25 PTR record setup, or the corresponding forward DNS entry
does not 550-5.7.25 match the sending IP. As a policy, Gmail does not
accept messages 550-5.7.25 from IPs with missing PTR records. For more
information, go to 550-5.7.25
https://support.google.com/a?p=sender-guidelines-ip 550-5.7.25 To learn
more about Gmail requirements for bulk senders, visit 550 5.7.25
https://support.google.com/a?p=sender-guidelines.
d2e1a72fcca58-76e7d25c609si6014285b3a.448 - gsmtp (in reply to end of DATA
command)這邊遇到了幾個問題
- DKIM / SPF
這是需要到 Nas 上的 Synology Mail Server / 安全性 / 認證勾起 “啟用SPF” 與 “啟用DKIM”,並且在DKIM 下方產生出密鑰。
再到GoDaddy 上的DNS 加上一個TXT 將密鑰內容如下格式貼上即可
- PTR 問題才是有點無解的問題
PTR 就是 IP 反解 / Reverse DNS record 的意思,有的伺服器不只要看 domain 對應的IP ,還要看 IP 對應的 domain。
但是一般家用的光纖,ISP 業者並不願意協助修改
如果是企業用戶可以直接到這裡申請
https://eservice.seed.net.tw/ip_check.htm
這邊提供另一個有副作用的做法,就是使用 google 提供的 SMTP 伺服器來寄信,但有一天500 封信的限制。
- 申請一個gmail 帳號,並開啟兩步驟認證 (OTP)
- google 目前刻意隱藏起來 app password 可以到這邊申請
https://myaccount.google.com/apppasswords
3. 將取得的16 個字密碼記住等等會用到
4. 登入 Synology Mail Server 管理介面
找到 SMTP
開啟 外寄信件透過 “SMTP relay” 填上:
- 伺服器位址:
smtp.gmail.com - Port:587
- TLS/SSL:勾選
- 需要身份驗證:使用 Gmail 帳號 + 應用程式密碼(要先在 Google 帳號裡產生 App Password)
到此,可以寄信看看了…
副作用:寄件者會變成剛剛使用的 gmail 帳號。