如何在防火墙上设置Sendmail(2)

王朝other·作者佚名  2006-11-24
窄屏简体版  字體: |||超大  

3.third-party mail relay

附另外一篇文章(文章荟萃)----sendmail 8.9.3 mail relay规则简介

公司防火墙上sendmail配置举例

divert(-1)

include(`/usr/lib/sendmail-cf/m4/cf.m4')

dnl let's define our OS type. This one is mandatory.

OSTYPE(`linux')dnl

define(`confDEF_USER_ID',``8:12'')

define(`ALIAS_FILE',`/etc/mail/aliases')dnl

define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noexpn,novrfy')dnl

define(`confTO_QUEUERETURN', `4d')dnl

define(`confTO_QUEUEWARN', `4h')dnl

define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl

undefine(`UUCP_RELAY')dnl

undefine(`BITNET_RELAY') dnl

FEATURE(`redirect')dnl

FEATURE(`always_add_domain')dnl

FEATURE(`use_cw_file')dnl

FEATURE(`local_procmail')dnl

FEATURE(`nouucp')dnl

FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl

FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl

FEATURE(`domaintable',`hash -o /etc/mail/domaintable')

FEATURE(`access_db', `hash -o /etc/mail/access')dnl

FEATURE(`blacklist_recipients')dnl

MAILER(procmail)dnl

MAILER(smtp)dnl

use_cw_file

默认为/etc/sendmail.cw文件,指明了属于本地域处理的域名,发到这个域下的邮件为本地邮件。不要在

防火墙上设置company.com到sendmai.cw中,在内部网段上的邮件服务器上设置它。更新该文件不需要重

启sendmail

* How do I make all my addresses appear to be from a single host?

Using the V8 configuration macros, use:

MASQUERADE_AS(my.dom.ain)

This will cause all addresses to be sent out as being from the indicated domain.

If you're using version 8.7 sendmail, and you want to hide this information in the envelope

as well as the headers, use:

FEATURE(masquerade_envelope)

If you also want to masquerade the recipients, use

FEATURE(allmasquerade)

Mailertable

用这个特性可跨越DNS和DNS MX记录而relay mail。也可跨越Smart_host(DSxxxx)项.

如 company.com relay:[192.168.11.1]

从防火墙上接收的发往company.com的邮件relay到192.168.11.1

Include a "mailer table" which can be used to override

routing for particular domains. The argument of the

FEATURE may be the key definition. If none is specified,

the definition used is:

hash -o /etc/mailertable

Keys in this database are fully qualified domain names

or partial domains preceded by a dot -- for example,

"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".

Values must be of the form:

mailer:domain

where "mailer" is the internal mailer name, and "domain"

is where to send the message. These maps are not

reflected into the message header. As a special case,

the forms:

local:user

will forward to the indicated user using the local mailer,

local:

will forward to the original user in the e-mail address

using the local mailer, and

error:code message

will give an error message with the indicated code and

message.

Domaintable

域替换操作。

如果容易打错,发往company.com的邮件误写为compayn.com则加入一行

compayn.com company.com

Access.db

数据库记录包含两部分:the key and the action:

the key能是用户名,域名,或IP地址。

The action能是ok, relay,reject discard, or and RFC821 message

如:

cyberspammer.com 550 we don't accept mail form spammers

okay.cyberspammer.com OK

sendmail.org OK

128.32 relay

foobar.com reject

garbage@spam.org discard

Virtusertable

Virtusertable用在这样的场合中:

发往本地系统的用户的邮件被重定向到另一个用户.注意一定要是本地用户的邮件,否则不检查virtusertable

数据库文件.如:

在该防火墙上设定company.com到/etc/sendmail.cw中,然后在/etc/mail/virtusertable 加一行

user1@company.com otheruser@otherdomain.com

virtusertable is a domain-specific form of aliasing, allowing multiple virtual domains to be

hosted on one machine. For example,

if the virtuser table contained:

info@foo.com foo-info

info@bar.com bar-info

@baz.org jane@elsewhere.net

then mail addressed to info@foo.com will be sent to the

address foo-info, mail addressed to info@bar.com will be

delivered to bar-info, and mail addressed to anyone at

baz.org will be sent to jane@elsewhere.net. The username

from the original address is passed as %1 allowing:

@foo.org %1@elsewhere.com

meaning someone@foo.org will be sent to someone@elsewhere.com.

All the host names on the left hand side (foo.com, bar.com,

and baz.org) must be in $=w. The default map definition is:

hash -o /etc/virtusertable

FEATURE(genericstable,`hash -o /etc/mail/genericstable'):

Use a hashed table with masquerading information. The unhashed file looks like this:

bg bganslan@myisp.net

root bganslan@myisp.net

nobody bganslan@myisp.net

This file will tell sendmail to rewrite the FROM addresses of your mail, so you will be able

to relay all you mail over your ISPs mail server. The first row contains the local address,

the second one the address which should be used instead. In order for sendmail to read this

file you have to hash it with this command:

makemap -r hash genericstable.db < genericstable

GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain'):

You have to add you local domain name to this file, so sendmail knows what mail is local and

has to be masqueraded. To get you local domain, run "hostname".

FAQ: * I'm getting "Local configuration error" messages, such as:

553 MX list for domain.net points back to relay.domain.net

554 ... Local configuration error

How can I solve this problem?

You have asked mail to the domain (e.g., domain.net) to be forwarded to a specific

host (in this case, relay.domain.net) by using an MX record, but the relay machine

doesn't recognize itself as domain.net. Add domain.net to /etc/sendmail.cw (if you

are using FEATURE(use_cw_file)) or add "Cw domain.net" to your configuration file.

IMPORTANT: When making changes to your configuration file, be sure you kill and

restart the sendmail daemon (for ANY change in the configuration, not just this one):

kill `head -1 /etc/sendmail.pid`

sh -c "`tail -1 /etc/sendmail.pid`"

Mail for the Home Network ------the Stand Alone Config

FEATURE(always_add_domain)dnl

这是被建议的选项,这个特性强迫local or program mailer需要全称域名

FEATURE(allmasquerade)

我在防火墙上用这个特性强迫所有的邮件象是来自站点的正式域名,你需要联合 MASQUERADE_AS特性

FEATURE(masquerade_entire_domain)

这个特性强迫你的域内的任何主机象是来自同一个域

FEATURE(masquerade_envelope)

MASQUERADE_AS(company.com)

明显地,这是为上面的伪装特性定义的值

MASQUERADE_DOMAIN( company.com othername.com )

如果你有多个内部域名,想伪装为同一个公司域名

环境:

考虑这样的情况:一个公司运行一台Sendmail的Linux邮件服务器,这台机器连有LAN,但通过PPP连接,

Cable modem,or DSL连接上网通过ISP的邮件主机发送邮件. 且该机器上有两个用户jephe and hongyi

(用windows机器向company.com发送邮件),域名为company.com,ISP 域名为isp.net,邮件主机为

mail.isp.net且两人在isp.net上有相同帐号jephe@isp.net and hongyi@isp.net

要求:

jephe发一封信给hongyi@company.com,可以收到,发另一封信给Internet上某个人someone,则要求通过

ISP出去,且回复地址重写为jephe@isp.net and hongyi@isp.net

#/etc/mail/relay-domains:

jephe.company.com

hongyi.company.com

#/etc/sendmail.cw

company.com

#sendmail.cf

define(`SMART_HOST',`smtp:[ix.deniz.com]')

MASQUERADE_AS(`deniz.com')

FEATURE(`masquerade_envelope')

define(RELAY_MAILER, TCP)

FEATURE(`accept_unqualified_senders')

There are 3 fixes you may have to perform manually if things are not working as you would like them:

1. If sendmail can not "find" your email server:

Edit your /etc/sendmail.cf and look for this line:

#Dj$w.Foo.COM

and change it to:

Djmaster.kulai.org

Where master.kulai.org is the name of your email server. Note: remove the # at the front of

the line as # means: ignore - this is a comment line. This is one of sendmail's rules and it

tells sendmail what the name of the email server is - in case dns, or other ways, do not tell

sendmail what it wants.

2. Masquerading based on destination:

I had the hardest time trying to get sendmail to masquerade only the mail sent to the internet

and not local mail, e.g. I wanted local mail to show the sender as: bmote@kulai.org and not

bmote@deniz.com, but obviously I wanted mail that went out into the internet to show:

bmote@deniz.com. To solve this you have to manua

[1] [2] 下一页

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航