Chinaunix首页 | 论坛 | 博客
  • 博客访问: 14620
  • 博文数量: 4
  • 博客积分: 196
  • 博客等级: 入伍新兵
  • 技术积分: 50
  • 用 户 组: 普通用户
  • 注册时间: 2005-08-23 13:45
文章分类

全部博文(4)

文章存档

2006年(1)

2005年(3)

我的朋友
最近访客

分类: 系统运维

2005-12-15 14:13:29

sendmail 配置文件大部分在/etc/mail目录下。首先最重要的就是sendmail.cf 文件了。由于sendmail.cf中的语法 很复杂,所以不建议手工修改。我们可以以sendmail.mc文文件配合sendmail-cf目录下的宏通过m4预处理器自动生成。m4预处理器用来从一组宏文件中创建sendmail配置文件

 

一.sendmail配置文件

1.1 sendmail 配置文件大部分在/etc/mail目录下。首先最重要的就是sendmail.cf 文件了。由于sendmail.cf中的语法 很复杂,所以不建议手工修改。我们可以以sendmail.mc文文件配合sendmail-cf目录下的宏通过m4预处理器自动生成。m4预处理器用来从一组宏文件中创建sendmail配置文件

1.2         local-host-names 接收邮件的主机名

1.3          aliases 别名数据库设置
test: test1,test2,test3
设置test群组别名,test不是一个实际的用户,只是一个别名。发给
test
的信,test1,2,3都可收到。
test: test,testbak
testbak邮箱中备份test的邮件。
test: test,test@163.com
远程邮件备份,原理同上。
test: :include: /etc/mail/userlist
使用用户列表设置群组。
userlist
格式如下:
test1,
test2,
test3,
test4
关于系统预设aliases,由于sendmail预设用mailer-daemon and postmaster作为资料传送者,
或邮件退回的帐号,但系统实际没有这两个帐号,所以要如下设置别名。
mailer-daemon: postmaster
postmaster: root
设置完成后不要忘了用newaliases命令生成数据库。

1.4           access访问控制列表设置
test.NET OK
test.COM REJECT
test.COM 550 SORRY,WE DON'T ALLOW SPAMMERS HERE
test.ORG DISCARD
Ok--
远程主机可以向你的邮件服务器发送邮件;
RELAY--
允许中转;
REJECT--
不能向你的邮件服务器发邮件和不能中转;
DISCARD--
发来的邮件将被丢弃,同时并不向发送者返回错误信息。
nnn text--
发来的邮件将被丢弃,但sendmail将会向发送者返回nnn确定的smtp代码和text
变量确定的文本描述。
设置完成后要用makemap hash access.db < access命令生成数据库。

~/.forward
文件配置 (用户可以自行设定)
其实该文文件的作用和aliases数据库的作差不多啦,都是配置别名,做邮件转发的。因为alises
只能由管理员控制,个人用户不能修改,所以就可以在个人的目录下建立一个转寄文档。以
设置个人的邮件转发列表。文檔格式如下:
test
test1 
and os on
但由于个人用户安全意识差,如果设置不当会有安全漏洞,不建议使用。

1.5        mailstats邮寄状态查询命令,可查询sendmail运行作至今邮件收发总计资料。
M

msgsfr
:发送的邮件数量。
bytes_from
:邮件容量
megsto
:收到邮件的数量。
bytes_to
:同上
msgsrej
:邮件deny的次数。
msgsdis
:邮件discard的次数。
Mailer
esmtp对外邮件 local本地邮件

1.6        mail邮件命令
mail
查看/var/spool/mail/目录下自已邮箱内容。以q退出把看过的邮件保存在
~/mbox
中。
mail
直接发邮件给人。
mail -s 'title text' < mail.txt
把文档中内容邮寄出去。
mail -f ~/mbox
查看home目录下邮箱内容。

1.7        寄信及收信附檔大小的限制sendmail模块里不能判断有无附档,只能判断整个邮件大小,修改/etc/sendmail.cf#O MaxMessageSize=1000000前的#去掉,修改最大值,以字节为单位,默认是1000000=1G

1.8        因为sendmail模块里不能判断有无附档,所以没有办法阻止.exe附檔. Mailstats命令可以统计邮件系统的自运行以来的状态,若要统计一周mail server的流量,没有相应的模块支持,可以自己编写一个模块..非常繁杂.如果必须需要这样的模块,建议采用qmail邮件系统

. 带认证Sendmail服务配置

1.环境:RedHat Linux 9.0 完全安装或者确保以下安装包已经安装完毕:
imap-2001a-18.i286.rpm
sendmail-8.12.8-4.i386.rpm
m4-1.4.1-13.i386.rpm
cyrus-sasl-2.1.10-4.i386.rpm
cyrus-sasl-md5-2.1.10-4.i386.rpm
cyrus-sasl-plain-2.1.10-4.i386.rpm
cyrus-sasl-gssapi-2.1.10-4.i386.rpm
目的:实现带认证功能的邮件服务器的配置安装

 
没有认证机制的功能,这种配置相当容易被恶意用户滥用,而导致自己的邮件服务器成为广告邮件或垃圾邮件的中转站。而且容易造成系统管理或者网络管理人员处理问题邮件追踪时的困难。

2. 安装RedHat Linux 9.0

修改/etc/mail/sendmail.mc,修改后文件如下:
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTRUSTED_USER', `smmsp')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
define(QUEUE_DIR, `/var/spool/mqueue/q*')
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

文件中,红色字体的行为需要修改的地方,共有五行需要修改。
第一行是手动添加的,与认证无关,作用是启动多个邮件队列,为了获得更好的传输性能。
第二行和第三行是去掉行首的注释。”TRUST_AUTH_MECH”的作用是使sendmail不管access文件中如何设置,都能 relay 那些通过EXTERNAL, LOGIN, PLAIN, CRAM-MD5DIGEST-MD5等方式验证的邮件,”confAUTH_MECHANISMS" 的作用是确定系统的认证方式。Outlook Express支持的认证方式是LOGIN
第四行是加上注释,以便让sendmail可以侦听所有网络设备,为整个网络提供服务,而不仅仅只对本机提供服务。
第五行是修改的,原来内容是:
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
去掉行首的注释符,并且将内容修改成Port=25:
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
管理员在2009年8月13日编辑了该文章文章。

-->
阅读(1195) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~