sendmail配置详解
软件包
sendmail.i386
sendmail-cf.i386
sendmail-devel.i386
sendmail-doc.i386
m4
dovecot (pop3服务端)
procmail
配置之前的准备:
1、同步时间
2、设定好主机名
# vim /etc/hosts
192.168.0.249 station249.example.com
配置目录:/etc/mail
sendmail.mc
sendmail.cf
local-host-names
access
例子1:最简单的邮件系统,只允许本机对本机发送邮件
[root@station249 mail]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 station249.example.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 12 Sep 2010 22:58:14 +0800
helo moto
250 station249.example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
mail from: root@station249.example.com
250 2.1.0 root@station249.example.com... Sender ok
rcpt to:user1@station249.example.com
250 2.1.5 user1@station249.example.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
This is contents
End
.
250 2.0.0 o8CEwEIE014102 Message accepted for delivery
quit
221 2.0.0 station249.example.com closing connection
Connection closed by foreign host.
查看user1是否接受到邮件
# cat /var/mail/user1
例子2:允许其他机器连接过来发送邮件(接受邮件的用户都是在邮件服务器上的用户)
注意:当前的“其他机器”只能是在同一个域或者同一个网段的用户
# vim /etc/mail/sendmail.mc
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# service sendmail restart
iptables设定
# iptables -A INPUT -p tcp --dport 25 -j ACCEPT
# iptables -A INPUT -p udp --dport 25 -j ACCEPT
例子3:允许本机和其他来自任何地方IP登录发送邮件,发送的邮件可以是其他域的邮件
解决方法:开启smtp验证
1、开启smtp验证的配置
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
2、安装验证支持的软件包
# yum install cyrus-sasl* -y
3、重启相关的服务
# service sendmail restart
# service saslauthd restart
# service dovecot restart
# chkconfig ... on
验证是否支持smtp验证功能
[root@php rhce_env]# telnet 192.168.0.249 25
Trying 192.168.0.249...
Connected to station249.example.com (192.168.0.249).
Escape character is '^]'.
220 station249.example.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 12 Sep 2010 23:20:30 +0800
ehlo station249.example.com #《-----
250-station249.example.com Hello station254.example.com [192.168.0.254], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN #《----看到AUTH关键字
250-DELIVERBY
250 HELP
例子4:只允许本机和example.com域下的用户登录发送外部邮件
题目的本意就是要求针对某个IP的用户打开中继功能。
什么叫中继?就是允许发送邮件到其他域
# vim /etc/mail/access
Connect:127.0.0.1 RELAY <---本身没有
Connect:example.com RELAY <---增加一行
# makemap hash /etc/mail/access.db < /etc/mail/access
例子5:支持短域名
# vim /etc/mail/local-host-names
station249.example.com
example.com
例子6:设置pop3s,imaps
设计的软件包
dovecot
服务
service dovecot
一般情况下,dovecot服务只支持pop3(110),imap(143)协议
# mutt -f pop://user1@station249.example.com
为了保证邮件内容保密,设置pop3s(995),imaps(993)
# vim /etc/dovecot.conf
protocols = imap imaps pop3 pop3s
ssl_cert_file = /etc/pki/tls/certs/localhost.crt
ssl_key_file = /etc/pki/tls/private/localhost.key
ssl_key_password = 123456
生成密钥文件:
# cd /etc/pki/tls/certs/
# make localhost.key <---输入密码
# mkke localhost.crt
# cp localhost.key ../private/
# service dovecot restart
iptables设定
iptables -A INPUT -p tcp -m multiport --dports 110,143,993,995 -j ACCEPT
iptables -A INPUT -p udp -m multiport --dports 110,143,993,995 -j ACCEPT
验证
# mutt -f pops://user1@station249.example.com
限制只允许example.com域下的用户使用pop3/imap等接收邮件。
首先确定example.com是哪个网段
iptables -A INPUT -p tcp -s 192.168.0.0/24 -m multiport --dports 110,143,993,995 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.0.0/24 -m multiport --dports 110,143,993,995 -j ACCEPT