用redhat8.0自帶的sendmail+sasl配置需要認證的郵件服務器,以及把sendmail8.12.5升級到sendmail.8.12.9 redhat8默認安裝的是sendmail8.12.5. 系統安裝時,選擇的是custom,sendmail默認安裝。 一、首先,要生成sendmail.cf文件,一般是編譯sendmail.mc來生成sendmail.cf,這樣的好處是通過編譯,會查看出一些sendmail的設置錯誤 和漏洞。 # cd /etc/mail # vi sendmail.mc divert(-1) dnl This is the sendmail macro config file. If you make changes to this file, dnl you need the sendmail-cf rpm installed and then have to generate a dnl new /etc/mail/sendmail.cf by running the following command: dnl dnl m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf dnl include(`/usr/share/sendmail-cf/m4/cf.m4') VERSIONID(`Linux setup for Red Hat Linux')dnl OSTYPE(`linux') dnl Uncomment and edit the following line if your mail needs to be sent out dnl through an external mail server: dnl define(`SMART_HOST',`smtp.your.provider') define(`confDEF_USER_ID',``8:12'')dnl undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noeXPn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl DAEMON_OPTIONS(`Port=25,Name=MTA')dnl DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl dnl define(`confCACERT_PATH',`/usr/share/ssl/certs') dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl The '-t' option will retry delivery if e.g. the user runs over his quota. FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`Access_db',`hash -T -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl This changes sendmail to only listen on the loopback device 127.0.0.1 dnl and not on any other network devices. Comment this out if you want dnl to accept email over the network. dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires dnl a kernel patch dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6') dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not have 24x7 DNS do need this. dnl FEATURE(`accept_unresolvable_domains') dnl FEATURE(`relay_based_on_MX')dnl MAILER(smtp)dnl MAILER(procmail)dnl Cwlocalhost.localdomain 其中: 1、2是打開注解的,是打開相應的認證機制,主要是為了支持Outlook 3、4是添加的,設置相應的mta and msa的所用端口。 5、6要注掉。 5允許通過網絡連接Sendmail,6 禁止不可解析的域名relay郵件 1、TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl 2、define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl 3、DAEMON_OPTIONS(`Port=25,Name=MTA')dnl 4、DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl 5、dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') 6、dnl FEATURE(`accept_unresolvable_domains') 最後保存。 二、編譯sendmail.mc 生成sendmail.cf文件 # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf # /etc/rc.d/init.d/sendmail restart --重起sendmail服務。 假如你在執行m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf 報錯的話,那麼檢查是否安裝sendmail-cf.*.rpm,redhat8.0自帶的是 sendmail-cf-8.12.5-7.i386.rpm,在安裝盤的第3張,安裝方法:# rpm -ivh sendmail-cf-8.12.5-7.i386.rpm 三、檢測編譯結果。 1、檢測SASL被編譯到sendmail中。 #/usr/sbin/sendmail -d0.1 -bv root grep SASL 輸出類似如下: NETUNIX NEWDB NIS PIPELINING SASL SCANF STARTTLS TCPWRAPPERS 保證你看到SASL就是正確的。 2、檢測25端口: [root@fyhtest mail]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 fyhtest.163.net ESMTP Sendmail 8.12.5/8.12.5; Thu, 10 Apr 2003 16:35:42 -0400 ehlo test 250-fyhtest.163.net Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP quit ---退出 只要輸出有LOGIN PLAIN就OK!了,不然,就不能relay mail. 到這裡,sendmail就配置完了,你可以天天加一個用戶試試看。 郵件用戶是系統用戶. #useradd test #passwd test ----設置密碼 設置你的FoxMail or outlook,要設置上用戶需要smtp認證。 把你的域名添加到/etc/mail/local-host-names中. 四、pop3安裝。 redhat8.0中有它的rpm包,是imap-2001a-15.i386.rpm # rpm -ivh imap-2001a-15.i386.rpm 修改/etc/xinetd.d/ipop3 把其中disable =yes更改為disable =no 修改/etc/xinetd.d/imap 把其中disable =yes更改為disable =no # /etc/rc.d/init.d/xinetd restart --重起pop3服務 [root@fyhtest xinetd.d]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK POP3 localhost v2001.78rh server ready [root@fyhtest xinetd.d]# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] localhost IMAP4rev1 2001.315rh at Thu, 10 Apr 2003 16:41:06 -0400 (EDT) 有以上顯示,為正確。 五、其他設置。 要想更好的使用sendmail,常用到的一些設置: 1、限制最大郵件。 vi /etc/sendmail.cf # maximum message size O MaxMessageSize=5000000 (注:5M) 2、最大的群發數目。 vi /etc/sendmail.cf # maximum number of recipients per SMTP envelope O MaxRecipientsPerMessage=20 (注:20個) 3、域名文件----local-host-name 可以用他來實現虛擬域名或多域名支持。 /etc/mail/local-host-name test.com test1.com 4、mail別名文件--aliases。 vi /etc/aliases