不好意思,这里是借花献佛,参考peng 老大的资料,增加升级的内容,目的大家互相切磋而已。
用redhat8.0自带的sendmail+sasl配置需要认证的邮件服务器,以及把sendmail8.12.5升级到sendmail.8.12.9
redhat8默认安装的是sendmail8.12.5.
系统安装时,选择的是custom,sendmail默认安装。
一、首先,要生成sendmail.cf文件,一般是编译sendmail.mc来生成sendmail.cf,这样的好处是通过编译,会查看出一些sendmail的设置错误
和漏洞。
# cd /etc/mail
# vi sendmail.mc
divert(-1)
dnl This is the sendmail macro config file. If you make changes to this file,
dnl you need the sendmail-cf rpm installed and then have to generate a
dnl new /etc/mail/sendmail.cf by running the following command:
dnl
dnl m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')
VERSIONID(`linux setup for Red Hat Linux')dnl
OSTYPE(`linux')
dnl Uncomment and edit the following line if your mail needs to be sent out
dnl through an external mail server:
dnl define(`SMART_HOST',`smtp.your.provider')
define(`confDEF_USER_ID',``8:12'')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl The '-t' option will retry delivery if e.g. the user runs over his quota.
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl This changes sendmail to only listen on the loopback device 127.0.0.1
dnl and not on any other network devices. Comment this out if you want
dnl to accept email over the network.
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl a kernel patch
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')
dnl We strongly recommend to comment this one out if you want to protect
dnl yourself from spam. However, the laptop and users on computers that do
dnl not have 24x7 DNS do need this.
dnl FEATURE(`accept_unresolvable_domains')
dnl FEATURE(`relay_based_on_MX')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Cwlocalhost.localdomain
其中:
1、2是打开注解的,是打开相应的认证机制,主要是为了支持outlook
3、4是添加的,设置相应的mta and msa的所用端口。
5、6要注掉。 5允许通过网络连接Sendmail,6 禁止不可解析的域名relay邮件
1、TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
2、define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
3、DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
4、DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
5、dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
6、dnl FEATURE(`accept_unresolvable_domains')
最后保存。
二、编译sendmail.mc 生成sendmail.cf文件
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# /etc/rc.d/init.d/sendmail restart --重起sendmail服务。
假如你在执行m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf 报错的话,那么检查是否安装sendmail-cf.*.rpm,redhat8.0自带的是
sendmail-cf-8.12.5-7.i386.rpm,在安装盘的第3张,安装方法:# rpm -ivh sendmail-cf-8.12.5-7.i386.rpm
三、检测编译结果。
1、检测SASL被编译到sendmail中。
#/usr/sbin/sendmail -d0.1 -bv root |grep SASL
输出类似如下:
NETUNIX NEWDB NIS PIPELINING SASL SCANF STARTTLS TCPWRAPPERS
保证你看到SASL就是正确的。
2、检测25端口:
[root@fyhtest mail]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 fyhtest.163.net ESMTP Sendmail 8.12.5/8.12.5; Thu, 10 Apr 2003 16:35:42 -0400
ehlo test
250-fyhtest.163.net Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
quit ---退出
只要输出有LOGIN PLAIN就OK!了,不然,就不能relay mail.
到这里,sendmail就配置完了,你可以天天加一个用户试试看。
邮件用户是系统用户.
#useradd test
#passwd test ----设置密码
设置你的foxmail or outlook,要设置上用户需要smtp认证。
把你的域名添加到/etc/mail/local-host-names中.
四、pop3安装。
redhat8.0中有它的rpm包,是imap-2001a-15.i386.rpm
# rpm -ivh imap-2001a-15.i386.rpm
修改/etc/xinetd.d/ipop3
把其中disable =yes更改为disable =no
修改/etc/xinetd.d/imap
把其中disable =yes更改为disable =no
# /etc/rc.d/init.d/xinetd restart --重起pop3服务
[root@fyhtest xinetd.d]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK POP3 localhost v2001.78rh server ready
[root@fyhtest xinetd.d]# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] localhost IMAP4rev1 2001.315rh at Thu, 10 Apr 2003 16:41:06
-0400 (EDT)
有以上显示,为正确。
五、其他设置。
要想更好的使用sendmail,常用到的一些设置:
1、限制最大邮件。
vi /etc/sendmail.cf
# maximum message size
O MaxMessageSize=5000000 (注:5M)
2、最大的群发数目。
vi /etc/sendmail.cf
# maximum number of recipients per SMTP envelope
O MaxRecipientsPerMessage=20 (注:20个)
3、域名文件----local-host-name
可以用他来实现虚拟域名或多域名支持。
/etc/mail/local-host-name
test.com
test1.com
4、mail别名文件--aliases。
vi /etc/aliases
系统内部别名:test:fangyh test是我的用户名,其他的是别名,用逗号隔开。
转发到其他的邮箱:test:test@sina.com
# newaliases --写到库中
5、邮件控制文件--access
relay、ok、reject和discard。relay可以实现转发。ok是用来允许用户的任意访问,它会覆盖任何其它已建立的检查(实际设置中,最好别设
这项,除非你对该用户是绝对信任的);reject可以实现对来访地址的拒绝,它根本就不容许该地址与你的邮件服务器进行连接通信;discard
的作用是在接收到传输的邮件消息后,偷偷地把它丢弃掉(在发送者看来,他的邮件的确是接收了,但他并不知道,发送的目的地址根本不可
能接收到他的邮件,服务器巧妙地欺骗了他。
vi /etc/mail/access.
localhost.localdomain RELAY ---允许
localhost RELAY
127.0.0.1 RELAY
peng@sina.com ok
@sexgirl.net reject
211.77.22.45 discard
# makemap hash access < access --写道库中
6、虚拟用户文件---virtusertable.
这个文件可以mail重名问题。
例如:你有两个域名,virt1.com and virt2.com,但是都有test这个用户:
test@virt1.com 和 test@virt2.com,这是两个用户。但对于系统用户来说,他只认系统用户test,只能通过一下改:
vi /etc/mail/virtusertable
test@virt2.com r010
这样就可以了。在新开一个用户r010,但是test@virt2.com在客户端的pop3 and smtp server的用户名和口令要用r010的。
# makemap hask virtusertable.db < virtusertable
如何升级sendmail,下面例子子是从sendmail8.12.5升级到sendmail8.12.9
首先下载
http://www.aucs.org/rpmcenter/packages/sendmail-8.12.9/sendmail-cf-8.12.9-rbt.rh8.0.i386.rpm
http://www.aucs.org/rpmcenter/packages/sendmail-8.12.9/sendmail-8.12.9-rbt.rh8.0.i386.rpm
sendmail-8.12.9-rbt.rh8.0.i386.rpm
sendmail-cf-8.12.9-rbt.rh8.0.i386.rpm
分别执行# rpm -U sendmail-8.12.9-rbt.rh8.0.i386.rpm
# rpm -U sendmail-cf-8.12.9-rbt.rh8.0.i386.rpm
重新生成/etc/mail/sendmail.cf
由于原来/etc/mail/sendmail.cf和/etc/mail/sendmail.mc存在,升级后的版本名分别为
/etc/mail/sendmail.cf.rpmnew和/etc/mail/sendmail.mc.rpmnew
这时修改/etc/mail/sendmail.mc.rpmnew,把其中
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
前面的dnl去掉,
然后在下面加上两行,
DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
再把
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
前都加上dnl
生成新sendmail.cf
# m4 /etc/mail/sendmail.mc.rpmnew > /etc/mail/sendmail.cf
# /etc/init.d/sendmail restart
pop3和imap不需要任何改变