网上有好多关于sendmail配置的文章,但都觉得不够详细。所以写了这片文章:
Linux下sendmail的配置详解
首先我确定一下我要完成的任务
第一部, 完成邮件正常接收
第二部, 优化sendmail邮件服务器。
第三部, 配置带认证的邮件服务器。
第四部, 安装openmail。web页面的sendmail
(一)安装前的准备:
1,Linux版本:我的是(企业版,至于红帽9已经不能得到升级和技术支持,所以现在都用企业版。):
[root@tpwb /]# uname -r
2.6.9-34.EL(版本内核)
2,Sendmail版本:8.13.1.2 (系统自带的) 应该是现在的最新版本。
[root@tpwb mail]# rpm -qa|grep sendmail
sendmail-cf-8.13.1-2
sendmail-devel-8.13.1-2
sendmail-doc-8.13.1-2
sendmail-8.13.1-2
3,远程软件
SecureCRT5,去百度搜索一下多的事。也可以从我网吧的网页下载。http://www.tpwb.cn
上面也有如何使用这款软件的说明。当然你不用也可以。
4,命令术语的了解:
要用到的命令:rpm ,ls, cd, m4 >, makemap hash, vi,netstat ,reboot,service,
关于linux基础知识你可以去看我的另一篇文章“linux基础知识”
在这里我只讲Sendmail的配置,同样推荐一个网址:上面也有关于Sendmail配置的信息。
可以作为参考
http://www.testtimes.net/blog/blog.php?do-showone-tid-23.html
5关于邮件服务器的一些相关知识(强烈建议先看一下)
一,电子邮件系统的组成
5部分:MTA,MSA,MUA,MDA,MAA
1, 邮件用户代理(Mail User Agent,MUA)
MUA是一个邮件系统的客户端程序,它提供了阅读,发送和接受电子邮件的用户接口。
最常用的MUA有:linux中的mail,elm,pine等。Windows的outlook ,foxmail等
2, 邮件代理器(Mail Transfer Agent,MTA)
MTA负责邮件的存储和转发(store and forward)。MTA监视用户代理的请求,根据电子邮件的目标地址找出对应的邮件服务器,将信件在服务器之间传输并且将接受到的邮件进行缓冲。
在linux下的MTA程序有:sendmail,qmail等,
3, 邮件提交代理(Mail Submmission Agent,MSA)
MSA负责消息有MTA发送之前必须完成的所有准备工作和错误检测,MSA就像在MUA和MTA之间插入了一个头脑清醒的检测员对所有的主机名,从MUA得到的信息头等信息进行检测。
4, 邮件投递代理(Mail Ddlivery Agent,MDA)
MDA从MTA接收邮件并进行适当的本地投递,可以投递个一个本地用户,一个邮件列表,一个文件或是一个程序。
Linux下常用的MDA是mail.local,smrsh和procmail(www.procmail.org)
5, 邮件访问代理(Mail Access Agent,MAA)
MAA用于将用户连接到系统邮件库,使用POP或IMAP协议收取邮件。
Linux下常用的MAA有UW-IMAP,Cyrus-IMAP,COURIER-IMAP等
二,电子邮件协议
1, SMTP
2, POP3
3, IMAP
4, MIME
三,电子邮件与DNS
四,邮件中继
只要你仔细阅读了上面的文章,相信你会对邮件服务器有更深刻的了解,同时也能更准确的排除邮件服务器系统一些错误。
(二)Sendmail的配置
配置前我先说一下:我采用的是公网IP。所用域名是:tpwb.cn。
我们先确定一下自己的NDS服务器。看看我们开通MX记录没有。
开通MX记录后我们才能用域名来收发邮件
如何开通,我推荐一个网址:
http://www.magicwinmail.com/technic_net_mx.htm
注:如果你是免费域名,采用花生壳等软件的话,一样要开通MX
如何开通,网上有。如果你找不到的话,或者在linux下安装花生壳有问题的话可以给我留言。我会尽快给你答复。这里不做讨论了。
下面看一下我的MX
[root@tpwb mail]# nslookup
> set q=mx
> tpwb.cn
Server: 202.106.196.115
Address: 202.106.196.115#53
Non-authoritative answer:
tpwb.cn mail exchanger = 10 211.101.46.251. (或者是你的域名)
211.101.46.251是我的IP,tpwb.cn是我的域名。
如果你和我的类似,那么咱们开始下一部
我们先查看一下mail目录下的文件,我们一会将会对它们进行更改
[root@tpwb ~]# cd /etc/mail
[root@tpwb mail]# ls
access helpfile Makefile submit.cf virtusertable
access.db local-host-names sendmail.cf submit.cf.bak virtusertable.db
domaintable mailertable sendmail.mc submit.mc
domaintable.db mailertable.db spamassassin trusted-users
1, access 数据库文件,用于配置邮件中继。
2, sendmail.mc,sendmail的主要配置文件。
3、local-host-names域名文件 可以用他来实现虚拟域名或多域名支持。
4、mail别名文件aliases。
5、邮件控制文件
relay、ok、reject和discard。
relay: 可以实现转发。
ok: 是用来允许用户的任意访问,它会覆盖任何其它已建立的检查(实际设置中,最好不要设为这项,除非你对该用户是绝对信任的);
reject: 可以实现对来访地址的拒绝,它根本就不容许该地址与你的邮件服务器进行连接通信;
discard: 的作用是在接收到传输的邮件消息后,把它丢弃掉。在发送者看来,他的邮件的确是接收了,但他并不知道,发送的目的地址根本不可能接收到他的邮件,服务器巧妙地欺骗了他。
我在这里这是简单介绍一下,详细的解释自己去查找资料,我以后也会在写关于服务器相关术语的文章。
我们首先看一下sendmail.mc这个文件的内容
[root@tpwb ~]# cat /etc/mail/sendmail.mc
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl (将sendmail-cf/m4/cf.m4包含进来)
VERSIONID(`setup for Red Hat Linux')dnl (定义版本信息)
OSTYPE(`linux')dnl (选择包含操作系统指定属性的文件)
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl (指定使用的用户ID为8,组ID为12)
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl (设置等待连接的最大时间为1分钟)
define(`confTRY_NULL_MX_LIST',true)dnl (若MX记录指向本机,则sendmail直接连接到远程主机)
define(`confDONT_PROBE_INTERFACES',true)dnl (sendmial不会自动将服务器的网络接口视为有效地址)
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl(设置procmail的存放路径)
define(`ALIAS_FILE', `/etc/aliases')dnl (设置邮件别名存放路径)
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl (设置处理信息的最大限制为2M)
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl (设置用户数据库文件路径)
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl (设置限制某些邮件命令的标志)
define(`confAUTH_OPTIONS', `A')dnl 仅在授权成功时。将AUTH参数加到邮件的消息头中
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl (允许MSA被DAMEMON_OPTION覆盖的默认设置)
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl (设置邮件发送器smrsh的存放路径)
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl (设置邮件发送器数据库的存放路径)
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl (设置虚拟邮件域数据库的存放路径)
FEATURE(redirect)dnl (支持.redirect虚拟域)
FEATURE(always_add_domain)dnl (增加主机名到所有本地发送的邮件)
FEATURE(use_cw_file)dnl (装载/etc/mail/local-host-names文件中定义的主机名)
FEATURE(use_ct_file)dnl (装载可信任用户名单)
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 12.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl (使用procmail作为本地邮件发送者)
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl (从/etc/mail/access.db装载可以中继的域)
FEATURE(`blacklist_recipients')dnl (根据访问数据库的值过滤外来邮件)
EXPOSED_USER(`root')dnl (禁止伪装发送者地址中出现root用户)
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl (指定sendmail作为MTA运行时的参数)
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl 设置可以接受不能由NDS主机所发送的邮件
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl 设置本地域
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl (指定sendmail所有SMTP发送者,包括smtp,esmtp,smtp8,和replay)