分类: LINUX
2011-01-24 21:29:08
下面是关于Linux下面配置sendmail服务的讨论,
sendmail介绍
sendmail主要是用来搭建邮件服务器的,在Linux下面,有很多邮件服务器可供选择,目前使用最多的事sendmail服务器,Postfix服务器,Qmail服务器
邮件服务器的工作原理
当邮件用户代理(MUA)将邮件传送给邮件传输代理(MTA),当这封邮件是去往本域的用户的,那么邮件传输代理(MTA)就会直接将邮件丢给用户的邮箱里面。当这封邮件不是发给本域的用户,而是发给其他域的一个用户,那么邮件传输代理(MTA)就会去找另外一个域的邮件传输代理(MTA),这个时候就需要用到DNS了,本域的邮件传输代理(MTA)并不知道对方的邮件传输代理(MTA)在那里,所以本域的邮件传输代理(MTA)就要查询DNS里面的对方邮件传输代理(MTA)的对应的MX记录。从而将邮件发给对方的邮件传输代理(MTA),当对方的邮件传输代理(MTA)收到这封邮件以后,就会将邮件丢给邮件传递代理(MDA),然后就会将邮件丢给用户的信箱(/var/spool/mail/username)。这个时候,用户就可以接收到这封邮件了。
下面是关于sendmail的这个服务的属性
Sendmail的相关软件包
Sendmail,sendmail-cf
Sendmail的守护进程
/usr/sbin/sendmail
Sendmail的脚本
/etc/init.d/sendmail
Sendmail的端口
25(smtp)
Sendmail的配置文件
/etc/mail/sendmail.mc
下面来具体搭建sendmail服务
关于sendmail服务的配置简介
红帽推荐使用m4的宏语言,
由于sendmail的配置文件/etc/mail/sendmail.cf这个文件不容易编辑,所以红帽推荐我们去编辑/etc/mail/sendmail.mc这个文件,由于系统最终读取的是/etc/mail/sendmail.cf这个文件,所以修改完/etc/mail/sendmail.mc这个文件以后,必须使用m4的宏工具来转换一下,
M4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
当我们重启sendmail服务以后,系统会自动的帮我们转换。
Sendmail这个服务是系统默认的邮件服务器,所以sendmail服务默认就已经安装了,但是sendmail-cf这个文件默认是没有安装的,这个文件如果没有安装,使用m4的宏工具转换的时候,就会报错。
现在我们来安装sendmail-cf这个软件包,
[root@station10~]
[root@station10~]yum -y install sendmail-cf
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package sendmail-cf.i386 0:8.13.8-2.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
sendmail-cf i386 8.13.8-2.el5 base 311 k
Transaction Summary
================================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 311 k
Downloading Packages:
sendmail-cf-8.13.8-2.el5.i386.rpm | 311 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : sendmail-cf 1/1
Installed:
sendmail-cf.i386 0:8.13.8-2.el5
Complete!
[root@station10~]
Sendmail-cf这个软件包就安装成功了。
关于sendmail的接收配置
首先我们必须改变sendmail侦听的接口,
Vim /etc/mail/sendmail.mc
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Sendmail默认是侦听在本地回环接口的,
[root@station10~]
[root@station10~] netstat -tulnp | grep sendmail
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 26643/sendmail: acc
[root@station10~]
可以看到,sendmail的确是侦听在本地回环接口上的,
现在我们将这句给注视掉,
Vim /etc/mail/sendmail.mc
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
现在sendmail服务就侦听在所有接口上面了。
重启下sendmail服务,
[root@station10~]
[root@station10~] service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@station10~]
OK,服务启动成功,测试下,
[root@station10~]
[root@station10~]netstat -tulnp | grep sendmail
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 27472/sendmail: acc
[root@station10~]
OK,sendmail就侦听在所有接口上面了。
还有个/etc/mail/local-host-names这个文件
[root@station10~] vim /etc/mail/local-host-names
# local-host-names - include all aliases for your machine here.
station10.example.com
这个文件主要用来定义服务器的所有别名,
现在我们使用user1@station20.example.com向user1@station10.example.com这个用户发邮件,
[root@station20 ~]#
[root@station20 ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 station20.example.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 30 Mar 2010 23:15:19 +0800
mail from: user1@station20.example.com
250 2.1.0 user1@station20.example.com... Sender ok
rcpt to: user1@station10.example.com
250 2.1.5 user1@station10.example.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
this is a test mail!!!
.
250 2.0.0 o2UFFJBO021698 Message accepted for delivery
quit
221 2.0.0 station20.example.com closing connection
Connection closed by foreign host.
[root@station20 ~]#
发送完毕,现在我们查看一下station10上面的user1是否收到了邮件。
[root@station10~]
[root@station10~] su - user1
[root@station10~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/user1": 1 message 1 new
>N 1 user1@station20.exam Wed Mar 31 12:29 15/795
& 1
Message 1:
From user1@station20.example.com Wed Mar 31 12:29:17 2010
Date: Wed, 31 Mar 2010 12:28:39 +0800
From: user1@station20.example.com
X-Authentication-Warning: station20.example.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol
this is a test mail!!!
&
OK,现在station10上面的user1是可以收到邮件的。
如果服务器还有还有其他的别名,都必须写在这个文件里面。
关于sendmail的发送配置
刚才是邮件的接受配置,现在来讨论下邮件的发送配置,当user1@station10.example.com向user1@station20.example.com发送一封邮件,现在的发送者是use1@station10.example.com。如果我们现在想实现从station10.example.com发出去的邮件统一伪装成example.com
现在开始配置,
首先编辑/etc/mail/sendmail.mc文件
Vim /etc/mail/sendmail.mc
将这个文件的下面四行的注释给取消掉并修改一下,
EXPOSED_USER(`root')dnl 除了root用户不伪装
FEATURE(masquerade_envelope)dnl
MASQUERADE_AS(`example.com')dnl example.com代表伪装的名字
FEATURE(masquerade_entire_domain)dnl
修改完成后,
重启下sendmail服务,
[root@station10~]
[root@station10~] service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@station10~]
OK,服务启动成功,测试下,
现在我们使用user1@station10.example.com向user1@station20.example.com发送一封邮件,
[root@station10~]
[root@station10~] telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 13:04:54 +0800
mail from: user1@station10.example.com
250 2.1.0 user1@station10.example.com... Sender ok
rcpt to: user1@station20.example.com
250 2.1.5 user1@station20.example.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
THIS IS A TEST MAIL !!!!
.
250 2.0.0 o2V54sFg007636 Message accepted for delivery
quit
221 2.0.0 localhost.localdomain closing connection
Connection closed by foreign host.
[root@station10~]
发送完毕,现在我们查看一下station20上面的user1是否收到了邮件。
[root@station20 ~]#
[root@station20 ~]# su - user1
[user1@station20 ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/user1": 1 message 1 new
>N 1 user1@example.com Wed Mar 31 13:05 15/767
& 1
Message 1:
From user1@example.com Wed Mar 31 13:05:21 2010
Date: Wed, 31 Mar 2010 13:04:54 +0800
From: user1@example.com
X-Authentication-Warning: localhost.localdomain: localhost.localdomain [127.0.0.1] didn't use HELO protocol
THIS IS A TEST MAIL !!!!
&
OK,station20上面的user1就收到了邮件,并且伪装成了user1@example.com。
关于sendmail的入站别名
本地别名主要是通过/etc/aliases这个文件来实现的,
在这个文件中可以定义,
User2: user1
这个就代表,所有发往user2的邮件转发给user1,user2就收不到邮件了。
User2: user1,user2
这个就代表,所有发往user2的邮件抄送一份给user1,也就是说user1和user2都可以收到这封邮件。
前面的user2用户可以不存在,
可以使用newaliases命令使其立即生效。
[root@station10 ~]#
[root@station10 ~]# vim /etc/aliases
User2: user1,user2
[root@station10 ~]#
[root@station10 ~]# newaliases
/etc/aliases: 77 aliases, longest 11 bytes, 781 bytes total
[root@station10 ~]#
OK,现在我们来测试下,
[root@station20 ~]#
[root@station20 ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 station20.example.com ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 13:38:43 +0800
mail from: user1@station20.example.com
250 2.1.0 user1@station20.example.com... Sender ok
rcpt to: user2@station10.example.com
250 2.1.5 user2@station10.example.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
this is a test mail!!!!!!
.
250 2.0.0 o2V5chFD025556 Message accepted for delivery
quit
221 2.0.0 station20.example.com closing connection
Connection closed by foreign host.
[root@station20 ~]#
现在我们到station10看下user1和user2是否都收到了邮件,
[root@station10 ~]# su - user1
[user1@station10 ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/user1": 2 messages 2 new
N 1user1@station20.exam Wed Mar 31 13:39 15/798
& 1
Message 1:
From user1@station20.example.com Wed Mar 31 13:39:17 2010
Date: Wed, 31 Mar 2010 13:38:43 +0800
From: user1@station20.example.com
X-Authentication-Warning: station20.example.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol
this is a test mail!!!!!!
&
[root@station10 ~]#
[root@station10 ~]# su - user2
[user2@station10 ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/user2": 1 message 1 new
>N 1 user1@station20.exam Wed Mar 31 13:39 15/798
& 1
Message 1:
From user1@station20.example.com Wed Mar 31 13:39:17 2010
Date: Wed, 31 Mar 2010 13:38:43 +0800
From: user1@station20.example.com
X-Authentication-Warning: station20.example.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol
this is a test mail!!!!!!
&
OK,user1和user2就都收到了这封邮件。
虚拟别名主要是通过/etc/mail/virtusertalbe
[root@station10 ~]#
[root@station10 ~]# vim /etc/mail/virtusertable
user1@station10.example.com user2@station20.example.com
这个就代表发给user1@station10.example.com的邮件被转给了user2@station20.example.com这个用户了。
重启下sendmail服务,
[root@station10~]
[root@station10~] service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@station10~]
OK,服务启动成功,测试下,
现在我们使用station20上面的user1向station10上面的user1发送邮件。
[root@station20 ~]#
[root@station20 ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 station20.example.com ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 13:51:46 +0800
mail from: user1@station20.example.com
250 2.1.0 user1@station20.example.com... Sender ok
rcpt to: user1@station10.example.com
250 2.1.5 user1@station10.example.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
this is a test mail!!!!!!@@@@@@
.
250 2.0.0 o2V5pkJe025918 Message accepted for delivery
quit
221 2.0.0 station20.example.com closing connection
Connection closed by foreign host.
[root@station20 ~]#
现在我们到station10去看下有没有user1的邮件,
[user1@station10 ~]$
[user1@station10 ~]$ mail
No mail for user1
[user1@station10 ~]$
现在user1没有收到邮件,因为邮件被转给了station20上面的user2了。
现在我们再到station20上面的user2去看下,
[root@station20 ~]#
[root@station20 ~]# su - user2
[user2@station20 ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/user2": 1 message 1 new
>N 1 user1@station20.exam Wed Mar 31 13:52 18/1017
& 1
Message 1:
From user1@station20.example.com Wed Mar 31 13:52:20 2010
Date: Wed, 31 Mar 2010 13:51:46 +0800
From: user1@station20.example.com
X-Authentication-Warning: station20.example.com: localhost.localdomain [127.0.0.1] didn't use HELO protocol
this is a test mail!!!!!!@@@@@@
&
OK,现在发往station10的user1的邮件就被转给了station20上面的user2了。
关于单个用户的邮件地址伪装
如果想实现单个用户发出去的邮件进行地址伪装,就必须这样做,
首先在/etc/mail/sendmail.mc这个文件里面添加这样的行,
FEATURE(genericstalbe)dnl
FEATURE(`always_add_domain`)dnl
GENERICS_DOMAIN_FILE(`/etc/mail/local-host-names`)dnl
创建并修改/etc/mail/genericstable文件,
User1@station10.example.com user1@baidu.com
User1@staion10.example.com user2@station10.example.com
必须在/etc/mail/local-host-names中列出域
也只适用于SMTP,不适用于LMTP
关于sendmail的smtp的限制
我们在/etc/mail/access中添加限制,
我们知道,默认情况下,sendmail邮件服务器的中继功能是关闭了的,也就是说只允许两台MTA互相发邮件,而不允许客户端通过MTA向对方来发送邮件的。
现在我们找台客户端来尝试一下,
[root@server1 ~]#
[root@server1 ~]# telnet station10.example.com 25
Trying 192.168.0.10...
Connected to station10.example.com (192.168.0.10).
Escape character is '^]'.
220 station10.example.om ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 14:26:28 +0800
mail from: user1@example.com
250 2.1.0 user1@example.com... Sender ok
rcpt to: user1@station20.example.com
550 5.7.1 user1@station20.example.com... Relaying denied
可以看到,中继拒绝。
现在我们在/etc/mail/access文件中开放中继功能。
Vim /etc/mail/access
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.0 RELAY
重启下sendmail服务,
[root@station10~]
[root@station10~] service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@station10~]
OK,服务启动成功,测试下,
[root@server1 ~]#
[root@server1 ~]# telnet station10.example.com 25
Trying 192.168.0.10...
Connected to station10.example.com (192.168.0.10).
Escape character is '^]'.
220 station10.example.om ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 14:59:22 +0800
mail from: user1@station10.example.com
250 2.1.0 user1@station10.example.com... Sender ok
rcpt to: user1@station20.example.com
250 2.1.5 user1@station20.example.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
this is a test mail
.
250 2.0.0 o2V6xM4G011538 Message accepted for delivery
quit
221 2.0.0 station10.example.om closing connection
Connection closed by foreign host.
[root@server1 ~]#
OK,现在station10就允许192.168.0的网段中继。
关于/etc/mail/access文件里面的语法解释,
Connect
代表客户端与服务器之间的关系
From
代表谁可以向我发邮件(MTA与MTA之间)
To
代表我可以向谁发邮件(MTA与MTA之间)
RELAY
代表允许中继
Discarded
拒绝
REJECT
拒绝,但是会提示消息给你
OK
代表无条件的放行,不受其他策略的影响
ERROR:550 bad name
拒绝并提示一个550 bad name的错误
关于sendmail的操作
Mailq
查看邮件的队列
邮件的发送队列在/var/spool/mqueue(用户没有发出去的邮件)
接收的邮件在/var/spool/mail(用户没有接收的邮件)
Sendmail -q
对邮件队列再次处理
Tail -f /var/log/maillog
适时的查看邮件的日志信息
关于Linux下面配置sendmail服务讨论就到这里了。