redhat8.0自带sendmail配置认证服务器,以及升级sendmail
用redhat8.0自带的sendmail+sasl配置需要认证的邮件服务器,以及把sendmail8.12.5升级到sendmail.8.12.9
redhat8默认安装的是sendmail8.12.5.
系统安装时,选择的是custom,sendmail默认安装。
一、首先,要生成sendmail.cf文件,一般是编译sendmail.mc来生成sendmail.cf,这样的好处是通过编译,会查看出一些sendmail的设置错误
和漏洞。
引用
#cd/etc/mail
#visendmail.mc
divert(-1)
dnlThisisthesendmailmacroconfigfile.Ifyoumakechangestothisfile,
dnlyouneedthesendmail-cfrpminstalledandthenhavetogeneratea
dnlnew/etc/mail/sendmail.cfbyrunningthefollowingcommand:
dnl
dnlm4/etc/mail/sendmail.mc>/etc/mail/sendmail.cf
dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')
VERSIONID(`linuxsetupforRedHatLinux')dnl
OSTYPE(`linux')
dnlUncommentandeditthefollowinglineifyourmailneedstobesentout
dnlthroughanexternalmailserver:
dnldefine(`SMART_HOST',`smtp.your.provider')
define(`confDEF_USER_ID',``8:12'')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
dnldefine(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT',`1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE',`/etc/aliases')dnl
dnldefine(`STATUS_FILE',`/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX',`2000000')dnl
define(`confUSERDB_SPEC',`/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS',`authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS',`A')dnl
dnlTRUST_AUTH_MECH(`EXTERNALDIGEST-MD5CRAM-MD5LOGINPLAIN')dnl
dnldefine(`confAUTH_MECHANISMS',`EXTERNALGSSAPIDIGEST-MD5CRAM-MD5LOGINPLAIN')dnl
TRUST_AUTH_MECH(`EXTERNALDIGEST-MD5CRAM-MD5LOGINPLAIN')dnl
define(`confAUTH_MECHANISMS',`EXTERNALGSSAPIDIGEST-MD5CRAM-MD5LOGINPLAIN')dnl
DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
dnldefine(`confCACERT_PATH',`/usr/share/ssl/certs')
dnldefine(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnldefine(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnldefine(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnldefine(`confTO_QUEUEWARN',`4h')dnl
dnldefine(`confTO_QUEUERETURN',`5d')dnl
dnldefine(`confQUEUE_LA',`12')dnl
dnldefine(`confREFUSE_LA',`18')dnl
define(`confTO_IDENT',`0')dnl
dnlFEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash-o/etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash-o/etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnlThe'-t'optionwillretrydeliveryife.g.theuserrunsoverhisquota.
FEATURE(local_procmail,`',`procmail-t-Y-a$h-d$u')dnl
FEATURE(`access_db',`hash-T-o/etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnlThischangessendmailtoonlylistenontheloopbackdevice127.0.0.1
dnlandnotonanyothernetworkdevices.Commentthisoutifyouwant
dnltoacceptemailoverthenetwork.
dnlDAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,Name=MTA')
dnlNOTE:bindingbothIPv4andIPv6daemontothesameportrequires
dnlakernelpatch
dnlDAEMON_OPTIONS(`port=smtp,Addr=::1,Name=MTA-v6,Family=inet6')
dnlWestronglyrecommendtocommentthisoneoutifyouwanttoprotect
dnlyourselffromspam.However,thelaptopandusersoncomputersthatdo
dnlnothave24x7DNSdoneedthis.
dnlFEATURE(`accept_unresolvable_domains')
dnlFEATURE(`relay_based_on_MX')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Cwlocalhost.localdomain
其中:
1、2是打开注解的,是打开相应的认证机制,主要是为了支持outlook
3、4是添加的,设置相应的mtaandmsa的所用端口。
5、6要注掉。5允许通过网络连接Sendmail,6禁止不可解析的域名relay邮件
1、TRUST_AUTH_MECH(`EXTERNALDIGEST-MD5CRAM-MD5LOGINPLAIN')dnl
2、define(`confAUTH_MECHANISMS',`EXTERNALGSSAPIDIGEST-MD5CRAM-MD5LOGINPLAIN')dnl
3、DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
4、DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
5、dnlDAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,Name=MTA')
6、dnlFEATURE(`accept_unresolvable_domains')
最后保存。
二、编译sendmail.mc生成sendmail.cf文件
#m4/etc/mail/sendmail.mc>/etc/mail/sendmail.cf
#/etc/rc.d/init.d/sendmailrestart--重起sendmail服务。
假如你在执行m4/etc/mail/sendmail.mc>/etc/mail/sendmail.cf报错的话,那么检查是否安装sendmail-cf.*.rpm,redhat8.0自带的是
sendmail-cf-8.12.5-7.i386.rpm,在安装盘的第3张,安装方法:#rpm-ivhsendmail-cf-8.12.5-7.i386.rpm
三、检测编译结果。
1、检测SASL被编译到sendmail中。
#/usr/sbin/sendmail-d0.1-bvroot|grepSASL
输出类似如下:
NETUNIXNEWDBNISPIPELININGSASLSCANFSTARTTLSTCPWRAPPERS
保证你看到SASL就是正确的。
2、检测25端口:
引用
[root@fyhtestmail]#telnet localhost 25
Trying127.0.0.1...
Connectedtolocalhost.
Escapecharacteris'^]'.
220fyhtest.163.netESMTPSendmail8.12.5/8.12.5;Thu,10Apr200316:35:42-0400
ehlotest
250-fyhtest.163.netHellolocalhost[127.0.0.1],pleasedtomeetyou
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTHLOGINPLAIN
250-DELIVERBY
250HELP
quit---退出
只要输出有LOGINPLAIN就OK!了,不然,就不能relaymail.
到这里,sendmail就配置完了,你可以天天加一个用户试试看。
邮件用户是系统用户.
#useraddtest
#passwdtest----设置密码
设置你的foxmailoroutlook,要设置上用户需要smtp认证。
把你的域名添加到/etc/mail/local-host-names中.
四、pop3安装。
redhat8.0中有它的rpm包,是imap-2001a-15.i386.rpm
#rpm-ivhimap-2001a-15.i386.rpm
修改/etc/xinetd.d/ipop3
把其中disable=yes更改为disable=no
修改/etc/xinetd.d/imap
把其中disable=yes更改为disable=no
引用
#/etc/rc.d/init.d/xinetdrestart--重起pop3服务
[
[email protected]]#telnetlocalhost110
Trying127.0.0.1...
Connectedtolocalhost.
Escapecharacteris'^]'.
+OKPOP3localhostv2001.78rhserverready
[
[email protected]]#telnetlocalhost143
Trying127.0.0.1...
Connectedtolocalhost.
Escapecharacteris'^]'.
*OK[CAPABILITYIMAP4REV1LOGIN-REFERRALSSTARTTLSAUTH=LOGIN]localhostIMAP4rev12001.315rhatThu,10Apr200316:41:06
-0400(EDT)
有以上显示,为正确。
五、其他设置。
要想更好的使用sendmail,常用到的一些设置:
1、限制最大邮件。
vi/etc/sendmail.cf
#maximummessagesize
OMaxMessageSize=5000000(注:5M)
2、最大的群发数目。
vi/etc/sendmail.cf
#maximumnumberofrecipientsperSMTPenvelope
OMaxRecipientsPerMessage=20(注:20个)
3、域名文件----local-host-name
可以用他来实现虚拟域名或多域名支持。
/etc/mail/local-host-name
test.com
test1.com
4、mail别名文件--aliases。
vi/etc/aliases