分享
 
 
 

如何在防火墙上设置Sendmail(2)

王朝other·作者佚名  2006-11-24
窄屏简体版  字體: |||超大  

3.third-party mail relay

附另外一篇文章(文章荟萃)----sendmail 8.9.3 mail relay规则简介

公司防火墙上sendmail配置举例

divert(-1)

include(`/usr/lib/sendmail-cf/m4/cf.m4')

dnl let's define our OS type. This one is mandatory.

OSTYPE(`linux')dnl

define(`confDEF_USER_ID',``8:12'')

define(`ALIAS_FILE',`/etc/mail/aliases')dnl

define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noexpn,novrfy')dnl

define(`confTO_QUEUERETURN', `4d')dnl

define(`confTO_QUEUEWARN', `4h')dnl

define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl

undefine(`UUCP_RELAY')dnl

undefine(`BITNET_RELAY') dnl

FEATURE(`redirect')dnl

FEATURE(`always_add_domain')dnl

FEATURE(`use_cw_file')dnl

FEATURE(`local_procmail')dnl

FEATURE(`nouucp')dnl

FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl

FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl

FEATURE(`domaintable',`hash -o /etc/mail/domaintable')

FEATURE(`access_db', `hash -o /etc/mail/access')dnl

FEATURE(`blacklist_recipients')dnl

MAILER(procmail)dnl

MAILER(smtp)dnl

use_cw_file

默认为/etc/sendmail.cw文件,指明了属于本地域处理的域名,发到这个域下的邮件为本地邮件。不要在

防火墙上设置company.com到sendmai.cw中,在内部网段上的邮件服务器上设置它。更新该文件不需要重

启sendmail

* How do I make all my addresses appear to be from a single host?

Using the V8 configuration macros, use:

MASQUERADE_AS(my.dom.ain)

This will cause all addresses to be sent out as being from the indicated domain.

If you're using version 8.7 sendmail, and you want to hide this information in the envelope

as well as the headers, use:

FEATURE(masquerade_envelope)

If you also want to masquerade the recipients, use

FEATURE(allmasquerade)

Mailertable

用这个特性可跨越DNS和DNS MX记录而relay mail。也可跨越Smart_host(DSxxxx)项.

如 company.com relay:[192.168.11.1]

从防火墙上接收的发往company.com的邮件relay到192.168.11.1

Include a "mailer table" which can be used to override

routing for particular domains. The argument of the

FEATURE may be the key definition. If none is specified,

the definition used is:

hash -o /etc/mailertable

Keys in this database are fully qualified domain names

or partial domains preceded by a dot -- for example,

"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".

Values must be of the form:

mailer:domain

where "mailer" is the internal mailer name, and "domain"

is where to send the message. These maps are not

reflected into the message header. As a special case,

the forms:

local:user

will forward to the indicated user using the local mailer,

local:

will forward to the original user in the e-mail address

using the local mailer, and

error:code message

will give an error message with the indicated code and

message.

Domaintable

域替换操作。

如果容易打错,发往company.com的邮件误写为compayn.com则加入一行

compayn.com company.com

Access.db

数据库记录包含两部分:the key and the action:

the key能是用户名,域名,或IP地址。

The action能是ok, relay,reject discard, or and RFC821 message

如:

cyberspammer.com 550 we don't accept mail form spammers

okay.cyberspammer.com OK

sendmail.org OK

128.32 relay

foobar.com reject

garbage@spam.org discard

Virtusertable

Virtusertable用在这样的场合中:

发往本地系统的用户的邮件被重定向到另一个用户.注意一定要是本地用户的邮件,否则不检查virtusertable

数据库文件.如:

在该防火墙上设定company.com到/etc/sendmail.cw中,然后在/etc/mail/virtusertable 加一行

user1@company.com otheruser@otherdomain.com

virtusertable is a domain-specific form of aliasing, allowing multiple virtual domains to be

hosted on one machine. For example,

if the virtuser table contained:

info@foo.com foo-info

info@bar.com bar-info

@baz.org jane@elsewhere.net

then mail addressed to info@foo.com will be sent to the

address foo-info, mail addressed to info@bar.com will be

delivered to bar-info, and mail addressed to anyone at

baz.org will be sent to jane@elsewhere.net. The username

from the original address is passed as %1 allowing:

@foo.org %1@elsewhere.com

meaning someone@foo.org will be sent to someone@elsewhere.com.

All the host names on the left hand side (foo.com, bar.com,

and baz.org) must be in $=w. The default map definition is:

hash -o /etc/virtusertable

FEATURE(genericstable,`hash -o /etc/mail/genericstable'):

Use a hashed table with masquerading information. The unhashed file looks like this:

bg bganslan@myisp.net

root bganslan@myisp.net

nobody bganslan@myisp.net

This file will tell sendmail to rewrite the FROM addresses of your mail, so you will be able

to relay all you mail over your ISPs mail server. The first row contains the local address,

the second one the address which should be used instead. In order for sendmail to read this

file you have to hash it with this command:

makemap -r hash genericstable.db < genericstable

GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain'):

You have to add you local domain name to this file, so sendmail knows what mail is local and

has to be masqueraded. To get you local domain, run "hostname".

FAQ: * I'm getting "Local configuration error" messages, such as:

553 MX list for domain.net points back to relay.domain.net

554 ... Local configuration error

How can I solve this problem?

You have asked mail to the domain (e.g., domain.net) to be forwarded to a specific

host (in this case, relay.domain.net) by using an MX record, but the relay machine

doesn't recognize itself as domain.net. Add domain.net to /etc/sendmail.cw (if you

are using FEATURE(use_cw_file)) or add "Cw domain.net" to your configuration file.

IMPORTANT: When making changes to your configuration file, be sure you kill and

restart the sendmail daemon (for ANY change in the configuration, not just this one):

kill `head -1 /etc/sendmail.pid`

sh -c "`tail -1 /etc/sendmail.pid`"

Mail for the Home Network ------the Stand Alone Config

FEATURE(always_add_domain)dnl

这是被建议的选项,这个特性强迫local or program mailer需要全称域名

FEATURE(allmasquerade)

我在防火墙上用这个特性强迫所有的邮件象是来自站点的正式域名,你需要联合 MASQUERADE_AS特性

FEATURE(masquerade_entire_domain)

这个特性强迫你的域内的任何主机象是来自同一个域

FEATURE(masquerade_envelope)

MASQUERADE_AS(company.com)

明显地,这是为上面的伪装特性定义的值

MASQUERADE_DOMAIN( company.com othername.com )

如果你有多个内部域名,想伪装为同一个公司域名

环境:

考虑这样的情况:一个公司运行一台Sendmail的Linux邮件服务器,这台机器连有LAN,但通过PPP连接,

Cable modem,or DSL连接上网通过ISP的邮件主机发送邮件. 且该机器上有两个用户jephe and hongyi

(用windows机器向company.com发送邮件),域名为company.com,ISP 域名为isp.net,邮件主机为

mail.isp.net且两人在isp.net上有相同帐号jephe@isp.net and hongyi@isp.net

要求:

jephe发一封信给hongyi@company.com,可以收到,发另一封信给Internet上某个人someone,则要求通过

ISP出去,且回复地址重写为jephe@isp.net and hongyi@isp.net

#/etc/mail/relay-domains:

jephe.company.com

hongyi.company.com

#/etc/sendmail.cw

company.com

#sendmail.cf

define(`SMART_HOST',`smtp:[ix.deniz.com]')

MASQUERADE_AS(`deniz.com')

FEATURE(`masquerade_envelope')

define(RELAY_MAILER, TCP)

FEATURE(`accept_unqualified_senders')

There are 3 fixes you may have to perform manually if things are not working as you would like them:

1. If sendmail can not "find" your email server:

Edit your /etc/sendmail.cf and look for this line:

#Dj$w.Foo.COM

and change it to:

Djmaster.kulai.org

Where master.kulai.org is the name of your email server. Note: remove the # at the front of

the line as # means: ignore - this is a comment line. This is one of sendmail's rules and it

tells sendmail what the name of the email server is - in case dns, or other ways, do not tell

sendmail what it wants.

2. Masquerading based on destination:

I had the hardest time trying to get sendmail to masquerade only the mail sent to the internet

and not local mail, e.g. I wanted local mail to show the sender as: bmote@kulai.org and not

bmote@deniz.com, but obviously I wanted mail that went out into the internet to show:

bmote@deniz.com. To solve this you have to manua

[1] [2] 下一页

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有