Chinaunix首页 | 论坛 | 博客
  • 博客访问: 46590
  • 博文数量: 18
  • 博客积分: 474
  • 博客等级: 下士
  • 技术积分: 260
  • 用 户 组: 普通用户
  • 注册时间: 2011-06-20 10:08
文章分类

全部博文(18)

文章存档

2011年(18)

分类: LINUX

2011-06-20 16:58:02

邮件服务:

sendmail.i386        主程序包(MTA)
sendmail-cf.i386    配置文件模板
sendmail-devel.i386    开发包
sendmail-doc.i386    帮助文档
dovecot            pop3/imap服务端(MDA)
procmail        处理邮件,分发邮件
m4        把*.mc ---> *.cf


例子1:简单实现本机邮件发送


准备:
    FQDN主机名
    静态IP
    绑定到/etc/hosts
     

1、安装软件包
# yum install sendmail-* -y

2、配置

配置目录:/etc/mail

access        设定访问控制
access.db    
local-host-names    绑定域名
sendmail.cf    工作时候读取的配置文件
sendmail.mc    面向管理员设定的  mc-->cf
virtusertable    虚拟帐号
virtusertable.db

/etc/aliases    别名设定


该例子不需要配置

# service sendmail restart

# netstat -ntlp | grep :25
tcp    0      0 127.0.0.1:25    0.0.0.0:*    LISTEN      2789/sendmail: acce


测试:
方法1

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 dr.upl.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 19 Jun 2011 10:14:26 +0800
helo dr.upl.com <------
250 dr.upl.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
mail from:tom@dr.upl.com  <----
250 2.1.0 tom@dr.upl.com... Sender ok
rcpt to:root@dr.upl.com   <-----
250 2.1.5 root@dr.upl.com... Recipient ok
data  <----
354 Enter mail, end with "." on a line by itself
Hi,I am  tom
.  <---邮件内容输入完毕
250 2.0.0 p5J2EQR6002811 Message accepted for delivery
quit <---退出


查看邮件
# cat /var/spool/mail/root


方法2:
# cat /etc/fstab | sendmail -v tom@dr.upl.com


方法3:
# cat /etc/inittab | mail -s "Warning: Server is down" bean@dr.upl.com




例子2:让邮件服务器监听所有IP的25端口,实现支持用户发送邮件到本地用户
让邮件服务支持短域名
    xxxx@dr.upl.com
    xxx@upl.com


1、配置邮件服务
# vim /etc/mail/sendmail.mc


DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
修改为
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl




转换配置文件
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.c


2、绑定域名
# vim /etc/mail/local-host-names
dr.upl.com
upl.com

3、设定DNS服务,增加MX记录
# vim /var/named/chroot/var/named/data/master.upl.com.zone

@       IN      MX 0    dr.upl.com.
dr      IN      A       10.1.1.21

# service named restart

sendmail服务器:10.1.1.21
DNS服务器: 10.1.1.22

设定senmail服务器,让他dns指向上面的DNS服务器
# vim /etc/resolv.conf
nameserver 10.1.1.22

4、重启sendmail
# service sendmail restart

# netstat -ntlp | grep :25
tcp    0    0 0.0.0.0:25    0.0.0.0:*   LISTEN   2920/sendmail: acce


# nslookup
> set type=mx
> upl.com
Server:         10.1.1.22
Address:        10.1.1.22#53

upl.com mail exchanger = 0 dr.upl.com.

测试:
# mail -s "Test sendmail"  tom@upl.com < /etc/hosts



例子3:使用邮件别名,实现邮件转发或者群发

# vim /etc/aliases
mygod:          tom   《--转发
it:             tom,bean  《--群发

# newaliases    ---》 aliases.db

重载配置文件
# service sendmail reload
测试
# mail -s "test mygod"  mygod@upl.com  < /etc/rc.local



例子4:允许发送外部邮件
    xxx@upl.com  ---> tanpao@139.com

sendmail如果没有打开smtp验证的话,使用access.db进行访问控制,控制哪些人可以发送外部邮件

    发送外部域邮件的过程叫中继

配置前的测试
使用别的机器远程telnet连接邮件服务器25端口发邮件

# telnet 10.1.1.21 25
Trying 10.1.1.21...
Connected to s22 (10.1.1.21).
Escape character is '^]'.
220 dr.upl.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 19 Jun 2011 11:24:07 +0800
mail from:10000@qq.com
250 2.1.0 10000@qq.com... Sender ok
rcpt to:tanpao@139.com
550 5.7.1 tanpao@139.com... Relaying denied 《--中继失败


默认是允许本机连接的用户发送外部邮件
# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 dr.upl.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 19 Jun 2011 11:26:17 +0800
mail from:1000@qq.com
250 2.1.0 1000@qq.com... Sender ok
rcpt to:tanpao@139.com
250 2.1.5 tanpao@139.com... Recipient ok



1、设定允许本地收信任局域网发送外部邮件
# vim /etc/mail/access
Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY
Connect:10.1.1                          RELAY  《--该网段中继
Connect:192.168.1.2            REJECT《--拒绝中继    
From:qq.com            REJECT 《--拒绝发件邮件是@qq.com
To:126.com            REJECT    <--拒绝发邮件给@126.com

# makemap hash /etc/mail/access.db  < /etc/mail/access
# service sendmail reload


2、测试
远程telnet 邮件服务器

# telnet 10.1.1.21 25
Trying 10.1.1.21...
Connected to s22 (10.1.1.21).
Escape character is '^]'.
220 dr.upl.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 19 Jun 2011 11:34:30 +0800
mail from:10000@qq.com
550 5.7.1 10000@qq.com... Access denied
mail from:admin@gmail.com
250 2.1.0 admin@gmail.com... Sender ok
rcpt to:admin@126.com
550 5.2.1 admin@126.com... Mailbox disabled for this recipient
rcpt to:tanpao@139.com
250 2.1.5 tanpao@139.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
just for testing sendmail relay......
.
250 2.0.0 p5J3YUw7025613 Message accepted for delivery
quit


例子5:开启smtp验证
开启了之后,中继功能访问判断再也不会根据access.db
# telnet 10.1.1.21 25
Trying 10.1.1.21...
Connected to dr.upl.com (10.1.1.21).
Escape character is '^]'.
220 dr.upl.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 19 Jun 2011 13:44:50 +0800
ehlo dr.upl.com
250-dr.upl.com Hello dr.upl.com [10.1.1.21], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP  <---看不到AUTH关键字

# vim /etc/mail/sendmail.mc

搜索MD5,把前面的dnl 去掉
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

搜索submission,去掉注释
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl


# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf



验证
# telnet 10.1.1.21 25
Trying 10.1.1.21...
Connected to dr.upl.com (10.1.1.21).
Escape character is '^]'.
220 dr.upl.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 19 Jun 2011 13:50:13 +0800
ehlo dr.upl.com
250-dr.upl.com Hello dr.upl.com [10.1.1.21], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN  《---看到AUTH关键,说明需要smtp验证
250-DELIVERBY
250 HELP

验证时候需要cyrus-*软件包的支持
# yum install cyrus-* -y


# service saslauthd restart

# service sendmail restart


如果你是需要让客户端能使用MUA(foxmail等)连接上来获取邮件:
安装dovecot服务
# yum install dovecot -y
# service dovecot restart


sendmail默认是同一个局域网登录上来的用户发送邮件是不强迫使用SMTP验证。
    但需要对客户端的IP进行反向解析,如果接下出来的域名是跟邮件服务所在域是同一个域才允许发送外部域邮件

验证:
firefox /share/weeken/sendmail/base64_conversion.html

# telnet 10.1.1.21 25
Trying 10.1.1.21...
Connected to s22 (10.1.1.21).
Escape character is '^]'.
220 dr.upl.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 19 Jun 2011 13:59:33 +0800
auth login 《-----
334 VXNlcm5hbWU6
dG9t  《---用户名tom经过base64编码之后
334 UGFzc3dvcmQ6
cXFx   《---密码qqq经过base64编码之后
235 2.0.0 OK Authenticated
mail from:tom@upl.com
250 2.1.0 tom@upl.com... Sender ok
rcpt to:13424337718@139.com
250 2.1.5 13424337718@139.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
Hi,i am sendmail hhhhhhhhhhhh
.
250 2.0.0 p5J5xXea026283 Message accepted for delivery
quit
221 2.0.0 dr.upl.com closing connection
Connection closed by foreign host.



使用mutt工具

mutt -f /var/mail/tom
或者
mutt -f pop://tom@upl.com  <---upl.com必须直接解析到邮件服务器
mutt -f pop://tom@dr.upl.com

例子6: 让局域网内两个sendmail可以互相发送邮件

server1                server2
mail.upl.com            mail.test.com
mary@upl.com <-------------------------> tom@test.tom


1、都开始smtp验证
2、必须能够相互解析对方的mx记录

=========================
下周内容
xinetd,tcpwrapper,http

samba,dhcp

阅读(1220) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~