3.third-party mail relay
附另外一篇文章(文章荟萃)----sendmail 8.9.3 mail relay规则简介
公司防火墙上sendmail配置举例
divert(-1)
include(`/usr/lib/sendmail-cf/m4/cf.m4')
dnl let's define our OS type. This one is mandatory.
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noexpn,novrfy')dnl
define(`confTO_QUEUERETURN', `4d')dnl
define(`confTO_QUEUEWARN', `4h')dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY') dnl
FEATURE(`redirect')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`local_procmail')dnl
FEATURE(`nouucp')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
FEATURE(`domaintable',`hash -o /etc/mail/domaintable')
FEATURE(`access_db', `hash -o /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
MAILER(procmail)dnl
MAILER(smtp)dnl
use_cw_file
默认为/etc/sendmail.cw文件,指明了属于本地域处理的域名,发到这个域下的邮件为本地邮件。不要在
防火墙上设置company.com到sendmai.cw中,在内部网段上的邮件服务器上设置它。更新该文件不需要重
启sendmail
* How do I make all my addresses appear to be from a single host?
Using the V8 configuration macros, use:
MASQUERADE_AS(my.dom.ain)
This will cause all addresses to be sent out as being from the indicated domain.
If you're using version 8.7 sendmail, and you want to hide this information in the envelope
as well as the headers, use:
FEATURE(masquerade_envelope)
If you also want to masquerade the recipients, use
FEATURE(allmasquerade)
Mailertable
用这个特性可跨越DNS和DNS MX记录而relay mail。也可跨越Smart_host(DSxxxx)项.
如 company.com relay:[192.168.11.1]
从防火墙上接收的发往company.com的邮件relay到192.168.11.1
Include a "mailer table" which can be used to override
routing for particular domains. The argument of the
FEATURE may be the key definition. If none is specified,
the definition used is:
hash -o /etc/mailertable
Keys in this database are fully qualified domain names
or partial domains preceded by a dot -- for example,
"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".
Values must be of the form:
mailer:domain
where "mailer" is the internal mailer name, and "domain"
is where to send the message. These maps are not
reflected into the message header. As a special case,
the forms:
local:user
will forward to the indicated user using the local mailer,
local:
will forward to the original user in the e-mail address
using the local mailer, and
error:code message
will give an error message with the indicated code and
message.
Domaintable
域替换操作。
如果容易打错,发往company.com的邮件误写为compayn.com则加入一行
compayn.com company.com
Access.db
数据库记录包含两部分:the key and the action:
the key能是用户名,域名,或IP地址。
The action能是ok, relay,reject discard, or and RFC821 message
如:
cyberspammer.com 550 we don't accept mail form spammers
okay.cyberspammer.com OK
sendmail.org OK
128.32 relay
foobar.com reject
garbage@spam.org discard
Virtusertable
Virtusertable用在这样的场合中:
发往本地系统的用户的邮件被重定向到另一个用户.注意一定要是本地用户的邮件,否则不检查virtusertable
数据库文件.如:
在该防火墙上设定company.com到/etc/sendmail.cw中,然后在/etc/mail/virtusertable 加一行
user1@company.com otheruser@otherdomain.com
virtusertable is a domain-specific form of aliasing, allowing multiple virtual domains to be
hosted on one machine. For example,
if the virtuser table contained:
info@foo.com foo-info
info@bar.com bar-info
@baz.org jane@elsewhere.net
then mail addressed to info@foo.com will be sent to the
address foo-info, mail addressed to info@bar.com will be
delivered to bar-info, and mail addressed to anyone at
baz.org will be sent to jane@elsewhere.net. The username
from the original address is passed as %1 allowing:
@foo.org %1@elsewhere.com
meaning someone@foo.org will be sent to someone@elsewhere.com.
All the host names on the left hand side (foo.com, bar.com,
and baz.org) must be in $=w. The default map definition is:
hash -o /etc/virtusertable
FEATURE(genericstable,`hash -o /etc/mail/genericstable'):
Use a hashed table with masquerading information. The unhashed file looks like this:
bg bganslan@myisp.net
root bganslan@myisp.net
nobody bganslan@myisp.net
This file will tell sendmail to rewrite the FROM addresses of your mail, so you will be able
to relay all you mail over your ISPs mail server. The first row contains the local address,
the second one the address which should be used instead. In order for sendmail to read this
file you have to hash it with this command:
makemap -r hash genericstable.db < genericstable
GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain'):
You have to add you local domain name to this file, so sendmail knows what mail is local and
has to be masqueraded. To get you local domain, run "hostname".
FAQ: * I'm getting "Local configuration error" messages, such as:
553 MX list for domain.net points back to relay.domain.net
554 ... Local configuration error
How can I solve this problem?
You have asked mail to the domain (e.g., domain.net) to be forwarded to a specific
host (in this case, relay.domain.net) by using an MX record, but the relay machine
doesn't recognize itself as domain.net. Add domain.net to /etc/sendmail.cw (if you
are using FEATURE(use_cw_file)) or add "Cw domain.net" to your configuration file.
IMPORTANT: When making changes to your configuration file, be sure you kill and
restart the sendmail daemon (for ANY change in the configuration, not just this one):
kill `head -1 /etc/sendmail.pid`
sh -c "`tail -1 /etc/sendmail.pid`"
Mail for the Home Network ------the Stand Alone Config
FEATURE(always_add_domain)dnl
这是被建议的选项,这个特性强迫local or program mailer需要全称域名
FEATURE(allmasquerade)
我在防火墙上用这个特性强迫所有的邮件象是来自站点的正式域名,你需要联合 MASQUERADE_AS特性
FEATURE(masquerade_entire_domain)
这个特性强迫你的域内的任何主机象是来自同一个域
FEATURE(masquerade_envelope)
MASQUERADE_AS(company.com)
明显地,这是为上面的伪装特性定义的值
MASQUERADE_DOMAIN( company.com othername.com )
如果你有多个内部域名,想伪装为同一个公司域名
环境:
考虑这样的情况:一个公司运行一台Sendmail的Linux邮件服务器,这台机器连有LAN,但通过PPP连接,
Cable modem,or DSL连接上网通过ISP的邮件主机发送邮件. 且该机器上有两个用户jephe and hongyi
(用windows机器向company.com发送邮件),域名为company.com,ISP 域名为isp.net,邮件主机为
mail.isp.net且两人在isp.net上有相同帐号jephe@isp.net and hongyi@isp.net
要求:
jephe发一封信给hongyi@company.com,可以收到,发另一封信给Internet上某个人someone,则要求通过
ISP出去,且回复地址重写为jephe@isp.net and hongyi@isp.net
#/etc/mail/relay-domains:
jephe.company.com
hongyi.company.com
#/etc/sendmail.cw
company.com
#sendmail.cf
define(`SMART_HOST',`smtp:[ix.deniz.com]')
MASQUERADE_AS(`deniz.com')
FEATURE(`masquerade_envelope')
define(RELAY_MAILER, TCP)
FEATURE(`accept_unqualified_senders')
There are 3 fixes you may have to perform manually if things are not working as you would like them:
1. If sendmail can not "find" your email server:
Edit your /etc/sendmail.cf and look for this line:
#Dj$w.Foo.COM
and change it to:
Djmaster.kulai.org
Where master.kulai.org is the name of your email server. Note: remove the # at the front of
the line as # means: ignore - this is a comment line. This is one of sendmail's rules and it
tells sendmail what the name of the email server is - in case dns, or other ways, do not tell
sendmail what it wants.
2. Masquerading based on destination:
I had the hardest time trying to get sendmail to masquerade only the mail sent to the internet
and not local mail, e.g. I wanted local mail to show the sender as: bmote@kulai.org and not
bmote@deniz.com, but obviously I wanted mail that went out into the internet to show:
bmote@deniz.com. To solve this you have to manua