Chinaunix首页 | 论坛 | 博客
  • 博客访问: 160295
  • 博文数量: 126
  • 博客积分: 1073
  • 博客等级: 上尉
  • 技术积分: 1175
  • 用 户 组: 普通用户
  • 注册时间: 2010-08-12 00:32
文章分类

全部博文(126)

文章存档

2018年(56)

2013年(1)

2012年(8)

2011年(61)

分类: LINUX

2011-01-24 21:29:08

下面是关于Linux下面配置sendmail服务的讨论,

 

sendmail介绍

sendmail主要是用来搭建邮件服务器的,在Linux下面,有很多邮件服务器可供选择,目前使用最多的事sendmail服务器,Postfix服务器,Qmail服务器

 

邮件服务器的工作原理

当邮件用户代理(MUA)将邮件传送给邮件传输代理(MTA),当这封邮件是去往本域的用户的,那么邮件传输代理(MTA)就会直接将邮件丢给用户的邮箱里面。当这封邮件不是发给本域的用户,而是发给其他域的一个用户,那么邮件传输代理(MTA)就会去找另外一个域的邮件传输代理(MTA),这个时候就需要用到DNS了,本域的邮件传输代理(MTA)并不知道对方的邮件传输代理(MTA)在那里,所以本域的邮件传输代理(MTA)就要查询DNS里面的对方邮件传输代理(MTA)的对应的MX记录。从而将邮件发给对方的邮件传输代理(MTA),当对方的邮件传输代理(MTA)收到这封邮件以后,就会将邮件丢给邮件传递代理(MDA),然后就会将邮件丢给用户的信箱(/var/spool/mail/username)。这个时候,用户就可以接收到这封邮件了。

 

下面是关于sendmail的这个服务的属性

Sendmail的相关软件包

Sendmailsendmail-cf

Sendmail的守护进程

/usr/sbin/sendmail

Sendmail的脚本

/etc/init.d/sendmail

Sendmail的端口

25smtp

Sendmail的配置文件

/etc/mail/sendmail.mc

 

下面来具体搭建sendmail服务

关于sendmail服务的配置简介

红帽推荐使用m4的宏语言,

由于sendmail的配置文件/etc/mail/sendmail.cf这个文件不容易编辑,所以红帽推荐我们去编辑/etc/mail/sendmail.mc这个文件,由于系统最终读取的是/etc/mail/sendmail.cf这个文件,所以修改完/etc/mail/sendmail.mc这个文件以后,必须使用m4的宏工具来转换一下,

M4  /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

当我们重启sendmail服务以后,系统会自动的帮我们转换。

Sendmail这个服务是系统默认的邮件服务器,所以sendmail服务默认就已经安装了,但是sendmail-cf这个文件默认是没有安装的,这个文件如果没有安装,使用m4的宏工具转换的时候,就会报错。

现在我们来安装sendmail-cf这个软件包,

[root@station10~]

[root@station10~]yum -y install sendmail-cf

Loaded plugins: rhnplugin, security

This system is not registered with RHN.

RHN support will be disabled.

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package sendmail-cf.i386 0:8.13.8-2.el5 set to be updated

--> Finished Dependency Resolution

 

Dependencies Resolved

 

================================================================================

 Package              Arch          Version                 Repository     Size

================================================================================

Installing:

 sendmail-cf          i386          8.13.8-2.el5            base          311 k

 

Transaction Summary

================================================================================

Install            1 Package(s)         

Update         0 Package(s)        

Remove        0 Package(s)        

 

Total download size: 311 k

Downloading Packages:

sendmail-cf-8.13.8-2.el5.i386.rpm                        | 311 kB     00:00    

Running rpm_check_debug

Running Transaction Test

Finished Transaction Test

Transaction Test Succeeded

Running Transaction

  Installing     : sendmail-cf                                              1/1

 

Installed:

  sendmail-cf.i386 0:8.13.8-2.el5                                              

 

Complete!

[root@station10~]

Sendmail-cf这个软件包就安装成功了。

 

关于sendmail的接收配置

首先我们必须改变sendmail侦听的接口,

Vim  /etc/mail/sendmail.mc

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Sendmail默认是侦听在本地回环接口的,

[root@station10~]

[root@station10~] netstat -tulnp | grep sendmail

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      26643/sendmail: acc

[root@station10~]

可以看到,sendmail的确是侦听在本地回环接口上的,

现在我们将这句给注视掉,

Vim  /etc/mail/sendmail.mc

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

现在sendmail服务就侦听在所有接口上面了。

重启下sendmail服务,

[root@station10~]

[root@station10~] service sendmail restart

Shutting down sm-client:                                    [  OK  ]

Shutting down sendmail:                                    [  OK  ]

Starting sendmail:                                              [  OK  ]

Starting sm-client:                                             [  OK  ]

[root@station10~]

OK,服务启动成功,测试下,

[root@station10~]

[root@station10~]netstat -tulnp | grep sendmail

tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      27472/sendmail: acc

[root@station10~]

OKsendmail就侦听在所有接口上面了。

还有个/etc/mail/local-host-names这个文件

[root@station10~] vim /etc/mail/local-host-names

# local-host-names - include all aliases for your machine here.

station10.example.com

这个文件主要用来定义服务器的所有别名,

现在我们使用user1@station20.example.comuser1@station10.example.com这个用户发邮件,

[root@station20 ~]#

[root@station20 ~]# telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 station20.example.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 30 Mar 2010 23:15:19 +0800

mail from: user1@station20.example.com

250 2.1.0 user1@station20.example.com... Sender ok

rcpt to: user1@station10.example.com

250 2.1.5 user1@station10.example.com... Recipient ok

data

354 Enter mail, end with "." on a line by itself

this is a test mail!!!

.

250 2.0.0 o2UFFJBO021698 Message accepted for delivery

quit

221 2.0.0 station20.example.com closing connection

Connection closed by foreign host.

[root@station20 ~]#

发送完毕,现在我们查看一下station10上面的user1是否收到了邮件。

[root@station10~]

[root@station10~] su - user1

[root@station10~]$ mail

Mail version 8.1 6/6/93.  Type ? for help.

"/var/spool/mail/user1": 1 message 1 new

>N  1 user1@station20.exam  Wed Mar 31 12:29  15/795 

& 1

Message 1:

From user1@station20.example.com  Wed Mar 31 12:29:17 2010

Date: Wed, 31 Mar 2010 12:28:39 +0800

From: user1@station20.example.com

X-Authentication-Warning: station20.example.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol

 

this is a test mail!!!

 

&

OK,现在station10上面的user1是可以收到邮件的。

如果服务器还有还有其他的别名,都必须写在这个文件里面。

 

关于sendmail的发送配置

刚才是邮件的接受配置,现在来讨论下邮件的发送配置,当user1@station10.example.comuser1@station20.example.com发送一封邮件,现在的发送者是use1@station10.example.com。如果我们现在想实现从station10.example.com发出去的邮件统一伪装成example.com

现在开始配置,

首先编辑/etc/mail/sendmail.mc文件

Vim  /etc/mail/sendmail.mc

将这个文件的下面四行的注释给取消掉并修改一下,

EXPOSED_USER(`root')dnl                               除了root用户不伪装

FEATURE(masquerade_envelope)dnl

MASQUERADE_AS(`example.com')dnl            example.com代表伪装的名字

FEATURE(masquerade_entire_domain)dnl

修改完成后,

重启下sendmail服务,

[root@station10~]

[root@station10~] service sendmail restart

Shutting down sm-client:                                  [  OK  ]

Shutting down sendmail:                                  [  OK  ]

Starting sendmail:                                            [  OK  ]

Starting sm-client:                                           [  OK  ]

[root@station10~]

OK,服务启动成功,测试下,

现在我们使用user1@station10.example.comuser1@station20.example.com发送一封邮件,

[root@station10~]

[root@station10~] telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 13:04:54 +0800

mail from: user1@station10.example.com

250 2.1.0 user1@station10.example.com... Sender ok

rcpt to: user1@station20.example.com

250 2.1.5 user1@station20.example.com... Recipient ok

data

354 Enter mail, end with "." on a line by itself

THIS IS A TEST MAIL !!!!

.

250 2.0.0 o2V54sFg007636 Message accepted for delivery

quit

221 2.0.0 localhost.localdomain closing connection

Connection closed by foreign host.

[root@station10~]

发送完毕,现在我们查看一下station20上面的user1是否收到了邮件。

[root@station20 ~]#

[root@station20 ~]# su - user1

[user1@station20 ~]$ mail

Mail version 8.1 6/6/93.  Type ? for help.

"/var/spool/mail/user1": 1 message 1 new

>N  1 user1@example.com     Wed Mar 31 13:05  15/767 

& 1

Message 1:

From user1@example.com  Wed Mar 31 13:05:21 2010

Date: Wed, 31 Mar 2010 13:04:54 +0800

From: user1@example.com

X-Authentication-Warning: localhost.localdomain: localhost.localdomain [127.0.0.1] didn't use HELO protocol

 

THIS IS A TEST MAIL !!!!

 

&

OKstation20上面的user1就收到了邮件,并且伪装成了user1@example.com

 

关于sendmail的入站别名

本地别名主要是通过/etc/aliases这个文件来实现的,

在这个文件中可以定义,

User2   user1

这个就代表,所有发往user2的邮件转发给user1user2就收不到邮件了。

User2:    user1user2

这个就代表,所有发往user2的邮件抄送一份给user1,也就是说user1user2都可以收到这封邮件。

前面的user2用户可以不存在,

可以使用newaliases命令使其立即生效。

[root@station10 ~]#

[root@station10 ~]# vim /etc/aliases

User2  user1user2

[root@station10 ~]#

[root@station10 ~]# newaliases

/etc/aliases: 77 aliases, longest 11 bytes, 781 bytes total

[root@station10 ~]#

OK,现在我们来测试下,

[root@station20 ~]#

[root@station20 ~]# telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 station20.example.com ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 13:38:43 +0800

mail from: user1@station20.example.com

250 2.1.0 user1@station20.example.com... Sender ok

rcpt to: user2@station10.example.com

250 2.1.5 user2@station10.example.com... Recipient ok

data

354 Enter mail, end with "." on a line by itself

this is a test mail!!!!!!      

.

250 2.0.0 o2V5chFD025556 Message accepted for delivery

quit

221 2.0.0 station20.example.com closing connection

Connection closed by foreign host.

[root@station20 ~]#

现在我们到station10看下user1user2是否都收到了邮件,

[root@station10 ~]# su - user1

[user1@station10 ~]$ mail

Mail version 8.1 6/6/93.  Type ? for help.

"/var/spool/mail/user1": 2 messages 2 new

N  1user1@station20.exam  Wed Mar 31 13:39  15/798 

& 1

Message 1:

From user1@station20.example.com  Wed Mar 31 13:39:17 2010

Date: Wed, 31 Mar 2010 13:38:43 +0800

From: user1@station20.example.com

X-Authentication-Warning: station20.example.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol

 

this is a test mail!!!!!!

 

&

[root@station10 ~]#

[root@station10 ~]# su - user2

[user2@station10 ~]$ mail

Mail version 8.1 6/6/93.  Type ? for help.

"/var/spool/mail/user2": 1 message 1 new

>N  1 user1@station20.exam  Wed Mar 31 13:39  15/798 

& 1

Message 1:

From user1@station20.example.com  Wed Mar 31 13:39:17 2010

Date: Wed, 31 Mar 2010 13:38:43 +0800

From: user1@station20.example.com

X-Authentication-Warning: station20.example.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol

 

this is a test mail!!!!!!

 

&

OKuser1user2就都收到了这封邮件。

虚拟别名主要是通过/etc/mail/virtusertalbe

[root@station10 ~]#

[root@station10 ~]# vim /etc/mail/virtusertable

user1@station10.example.com     user2@station20.example.com

这个就代表发给user1@station10.example.com的邮件被转给了user2@station20.example.com这个用户了。

重启下sendmail服务,

[root@station10~]

[root@station10~] service sendmail restart

Shutting down sm-client:                                  [  OK  ]

Shutting down sendmail:                                  [  OK  ]

Starting sendmail:                                            [  OK  ]

Starting sm-client:                                           [  OK  ]

[root@station10~]

OK,服务启动成功,测试下,

现在我们使用station20上面的user1station10上面的user1发送邮件。

[root@station20 ~]#

[root@station20 ~]# telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 station20.example.com ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 13:51:46 +0800

mail from: user1@station20.example.com

250 2.1.0 user1@station20.example.com... Sender ok

rcpt to: user1@station10.example.com

250 2.1.5 user1@station10.example.com... Recipient ok

data

354 Enter mail, end with "." on a line by itself

this is a test mail!!!!!!@@@@@@

.

250 2.0.0 o2V5pkJe025918 Message accepted for delivery

quit

221 2.0.0 station20.example.com closing connection

Connection closed by foreign host.

[root@station20 ~]#

现在我们到station10去看下有没有user1的邮件,

[user1@station10 ~]$

[user1@station10 ~]$ mail

No mail for user1

[user1@station10 ~]$

现在user1没有收到邮件,因为邮件被转给了station20上面的user2了。

现在我们再到station20上面的user2去看下,

[root@station20 ~]#

[root@station20 ~]# su - user2

[user2@station20 ~]$ mail

Mail version 8.1 6/6/93.  Type ? for help.

"/var/spool/mail/user2": 1 message 1 new

>N  1 user1@station20.exam  Wed Mar 31 13:52  18/1017

& 1

Message 1:

From user1@station20.example.com  Wed Mar 31 13:52:20 2010

Date: Wed, 31 Mar 2010 13:51:46 +0800

From: user1@station20.example.com

X-Authentication-Warning: station20.example.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol

 

this is a test mail!!!!!!@@@@@@

 

&

OK,现在发往station10user1的邮件就被转给了station20上面的user2了。

 

关于单个用户的邮件地址伪装

如果想实现单个用户发出去的邮件进行地址伪装,就必须这样做,

首先在/etc/mail/sendmail.mc这个文件里面添加这样的行,

FEATUREgenericstalbednl

FEATURE`always_add_domain`dnl

GENERICS_DOMAIN_FILE`/etc/mail/local-host-names`dnl

创建并修改/etc/mail/genericstable文件,

User1@station10.example.com       user1@baidu.com

User1@staion10.example.com        user2@station10.example.com

必须在/etc/mail/local-host-names中列出域

也只适用于SMTP,不适用于LMTP

 

关于sendmailsmtp的限制

我们在/etc/mail/access中添加限制,

我们知道,默认情况下,sendmail邮件服务器的中继功能是关闭了的,也就是说只允许两台MTA互相发邮件,而不允许客户端通过MTA向对方来发送邮件的。

现在我们找台客户端来尝试一下,

[root@server1 ~]#

[root@server1 ~]# telnet station10.example.com 25

Trying 192.168.0.10...

Connected to station10.example.com (192.168.0.10).

Escape character is '^]'.

220 station10.example.om ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 14:26:28 +0800

mail from: user1@example.com

250 2.1.0 user1@example.com... Sender ok

rcpt to: user1@station20.example.com

550 5.7.1 user1@station20.example.com... Relaying denied

可以看到,中继拒绝。

现在我们在/etc/mail/access文件中开放中继功能。

Vim /etc/mail/access

# Check the /usr/share/doc/sendmail/README.cf file for a description

# of the format of this file. (search for access_db in that file)

# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc

# package.

#

# by default we allow relaying from localhost...

Connect:localhost.localdomain           RELAY

Connect:localhost                              RELAY

Connect:127.0.0.1                            RELAY

Connect:192.168.0                           RELAY

重启下sendmail服务,

[root@station10~]

[root@station10~] service sendmail restart

Shutting down sm-client:                                  [  OK  ]

Shutting down sendmail:                                  [  OK  ]

Starting sendmail:                                            [  OK  ]

Starting sm-client:                                           [  OK  ]

[root@station10~]

OK,服务启动成功,测试下,

[root@server1 ~]#

[root@server1 ~]# telnet station10.example.com 25

Trying 192.168.0.10...

Connected to station10.example.com (192.168.0.10).

Escape character is '^]'.

220 station10.example.om ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 14:59:22 +0800

mail from: user1@station10.example.com

250 2.1.0 user1@station10.example.com... Sender ok

rcpt to: user1@station20.example.com

250 2.1.5 user1@station20.example.com... Recipient ok

data

354 Enter mail, end with "." on a line by itself

this is a test mail

.

250 2.0.0 o2V6xM4G011538 Message accepted for delivery

quit

221 2.0.0 station10.example.om closing connection

Connection closed by foreign host.

[root@server1 ~]#

OK,现在station10就允许192.168.0的网段中继。

关于/etc/mail/access文件里面的语法解释,

Connect

代表客户端与服务器之间的关系

From

代表谁可以向我发邮件(MTAMTA之间)

To

代表我可以向谁发邮件(MTAMTA之间)

RELAY

代表允许中继

Discarded

拒绝

REJECT

拒绝,但是会提示消息给你

OK

代表无条件的放行,不受其他策略的影响

ERROR:550 bad name

拒绝并提示一个550 bad name的错误

 

关于sendmail的操作

Mailq

查看邮件的队列

邮件的发送队列在/var/spool/mqueue(用户没有发出去的邮件)

接收的邮件在/var/spool/mail(用户没有接收的邮件)

Sendmail  -q

对邮件队列再次处理

Tail  -f   /var/log/maillog

适时的查看邮件的日志信息

 

关于Linux下面配置sendmail服务讨论就到这里了。

阅读(921) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~