[Mail] RedHat9.0下带认证的Sendmail邮件服务器安装手册 [复制链接]

论坛徽章:: 0

61楼 [报告]

发表于 2006-03-02 17:06 |只看该作者

原帖由 網中人 于 2006-3-2 15:48 发表
那, 你要不要在 access 情況的情況下,
再修改 sendmail.mc, 加回 "dnl ", 再產生 sendmail.cf 并 restart sendmail ?

若這樣還是 okay, 那基本與 smtp-auth 無啥關係了.

SMTP没有添加认证的配置文件/etc/mail/sendmail.mc：

   1divert(-1)dnl
   2 dnl #
   3 dnl # This is the sendmail macro config file for m4. If you make changes to
   4 dnl # /etc/mail/sendmail.mc, you will need to regenerate the
   5 dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
   6 dnl # installed and then performing a
   7 dnl #
   8 dnl #    make -C /etc/mail
   9 dnl #
   10 include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
   11 VERSIONID(`setup for Red Hat Linux')dnl
   12 OSTYPE(`linux')dnl
   13 dnl #
   14 dnl # Uncomment and edit the following line if your outgoing mail needs to
   15 dnl # be sent out through an external mail server:
   16 dnl #
   17 dnl define(`SMART_HOST',`smtp.your.provider')
   18 dnl #
   19 define(`confDEF_USER_ID',``8:12'')dnl
   20 define(`confTRUSTED_USER', `smmsp')dnl
   21 dnl define(`confAUTO_REBUILD')dnl
   22 define(`confTO_CONNECT', `1m')dnl
   23 define(`confTRY_NULL_MX_LIST',true)dnl
   24 define(`confDONT_PROBE_INTERFACES',true)dnl
   25 define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
   26 define(`ALIAS_FILE', `/etc/aliases')dnl
   27 dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
   28 define(`UUCP_MAILER_MAX', `2000000')dnl
   29 define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
   30 define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
   31 define(`confAUTH_OPTIONS', `A')dnl
   32 dnl #
   33 dnl # The following allows relaying if the user authenticates, and disallows
   34 dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
   35 dnl #
   36 dnl define(`confAUTH_OPTIONS', `A p')dnl
   37 dnl #
   38 dnl # PLAIN is the preferred plaintext authentication method and used by
   39 dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
   40 dnl # use LOGIN. Other mechanisms should be used if the connection is not
   41 dnl # guaranteed secure.
   42 dnl #
   43 dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
   44 dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
   45 dnl #
   46 dnl # Rudimentary information on creating certificates for sendmail TLS:
   47 dnl #    make -C /usr/share/ssl/certs usage
   48 dnl #
   49 dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
   50 dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
   51 dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
   52 dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
   53 dnl #
   54 dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
   55 dnl # slapd, which requires the file to be readble by group ldap
   56 dnl #
   57 dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
   58 dnl #
   59 dnl define(`confTO_QUEUEWARN', `4h')dnl
   60 dnl define(`confTO_QUEUERETURN', `5d')dnl
   61 dnl define(`confQUEUE_LA', `12')dnl
   62 dnl define(`confREFUSE_LA', `18')dnl
   63 define(`confTO_IDENT', `0')dnl
   64 dnl FEATURE(delay_checks)dnl
   65 FEATURE(`no_default_msa',`dnl')dnl
   66 FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
   67 FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
   68 FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
   69 FEATURE(redirect)dnl
   70 FEATURE(always_add_domain)dnl
   71 FEATURE(use_cw_file)dnl
   72 FEATURE(use_ct_file)dnl
   73 dnl #
   74 dnl # The -t option will retry delivery if e.g. the user runs over his quota.
   75 dnl #
   76 FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
   77 FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
   78 FEATURE(`blacklist_recipients')dnl
   79 EXPOSED_USER(`root')dnl
   80 dnl #
   81 dnl # The following causes sendmail to only listen on the IPv4 loopback address
   82 dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
   83 dnl # address restriction to accept email from the internet or intranet.
   84 dnl #
85  DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl 注释掉了行首的dnl
   86 dnl #
   87 dnl # The following causes sendmail to additionally listen to port 587 for
   88 dnl # mail from MUAs that authenticate. Roaming users who can't reach their
   89 dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
   90 dnl # this useful.
   91 dnl #
   92 dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
93 DAEMON_OPTIONS(`Port=25,Name=MTA')dnl 添加的行
94 DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl 添加的行
   95 dnl #
   96 dnl # The following causes sendmail to additionally listen to port 465, but
   97 dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
   98 dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
   99 dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
100 dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
101 dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
102 dnl #
103 dnl # For this to work your OpenSSL certificates must be configured.
104 dnl #
105 dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
106 dnl #
107 dnl # The following causes sendmail to additionally listen on the IPv6 loopback
108 dnl # device. Remove the loopback address restriction listen to the network.
109 dnl #
110 dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
111 dnl #    a kernel patch
112 dnl #
113 dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
114 dnl #
115 dnl # We strongly recommend not accepting unresolvable domains if you want to
116 dnl # protect yourself from spam. However, the laptop and users on computers
117 dnl # that do not have 24x7 DNS do need this.
118 dnl #
119 FEATURE(`accept_unresolvable_domains')dnl
120 dnl #
121 dnl FEATURE(`relay_based_on_MX')dnl
122 dnl #
123 dnl # Also accept email sent to "localhost.localdomain" as local email.
124 dnl #
125 LOCAL_DOMAIN(`localhost.localdomain')dnl
126 dnl #
127 dnl # The following example makes mail from this host and any additional
128 dnl # specified domains appear to be sent from mydomain.com
129 dnl #
130 dnl MASQUERADE_AS(`mydomain.com')dnl
131 dnl #
132 dnl # masquerade not just the headers, but the envelope as well
133 dnl #
134 dnl FEATURE(masquerade_envelope)dnl
135 dnl #
136 dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
137 dnl #
138 dnl FEATURE(masquerade_entire_domain)dnl
139 dnl #
140 dnl MASQUERADE_DOMAIN(localhost)dnl
141 dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
142 dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
143 dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
144 MAILER(smtp)dnl
145 MAILER(procmail)dnl

局域网：
DNS：cdfun.net——192.168.0.67（OS：rh9）
sendmail：mail.cdfun.net——192.168.0.68（vmware虚拟，母机：winxp，OS：rh9）
winxp：192.168.0.167（OS：winxp）

在winxp上使用foxmail、outlook express软件收发邮件（sendmail上的2个用户之间）正常，见图foxmail.JPG

如果再修改/etc/mail/access文件，如添加行
cdfun.net
192.168.0
然后
# makemap hash access.db <access
从sendmail的用户x，可以发送邮件到我的126邮箱（xy_coordinate@126.com）

现在我打算增加SMTP的认证，方法如下：
1。去掉/etc/mail/sendmail.mc2行行首的dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')

2。重新生成sendmail.cf
# cd /etc/mail
# m4 sendmail.mc >sendmail.cf

3。/etc/mail/access没有添加行

在winxp上的foxmail，outlook express上，如果帐户添加“SMTP认证”，连sendmail上的2个用户都不能收发邮件，更不能往126邮箱发了！报错（如图smtp-auth-1.JPG）
去掉帐户的“SMTP认证”，sendmail上的2个用户就能能收发邮件！？

[ 本帖最后由 xy-coordinate 于 2006-3-2 17:10 编辑 ]

foxmail.JPG (37.89 KB, 下载次数: 56)

smtp_auth-1.JPG (5.08 KB, 下载次数: 57)

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

網中人

荣誉版主

论坛徽章:: 1

62楼 [报告]

发表于 2006-03-03 02:25 |只看该作者

saslauthd 有工作正常?
PAM 也 okay?

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

xy-coordinate

小富即安

论坛徽章:: 0

63楼 [报告]

发表于 2006-03-05 09:27 |只看该作者

根据hk007 楼主所讲，将sendmail.mc中
DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl

改为
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl

一。foxmail软件：
1。没有选择“SMTP认证”，可以发邮件

Mar  5 09:06:07 mail sendmail[1896]: k25166AE001896: ruleset=check_rcpt, arg1=<xy_coordinate@126.com>, relay=winxp.cdfun.net [192.168.0.167], reject=550 5.7.1 <xy_coordinate@126.com>... Relaying denied. Proper authentication required.
Mar  5 09:06:07 mail sendmail[1896]: k25166AE001896: lost input channel from winxp.cdfun.net [192.168.0.167] to MSA after rcpt
Mar  5 09:06:07 mail sendmail[1896]: k25166AE001896: from=<xjy@mail.cdfun.net>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]
Mar  5 09:06:08 mail sendmail[1897]: AUTH=server, relay=winxp.cdfun.net [192.168.0.167], authid=xjy, mech=LOGIN, bits=0
Mar  5 09:06:10 mail sendmail[1897]: k25168AE001897: from=<xjy@mail.cdfun.net>, size=419, class=0, nrcpts=1, msgid=<200603050106.k25168AE001897@mail.cdfun.net>, proto=ESMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]
Mar  5 09:06:11 mail sendmail[1899]: k25168AE001897: to=<xy_coordinate@126.com>, ctladdr=<xjy@mail.cdfun.net> (500/500), delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=30255, relay=mx.mail.126.com. [220.181.15.131], dsn=2.0.0, stat=Sent (Mail OK queued as mx1,wKgCUA6APkJUOQpEjoU1Bg==.32976S2)

2。选择“SMTP认证”，可以发邮件

Mar  5 09:06:21 mail sendmail[1900]: AUTH=server, relay=winxp.cdfun.net [192.168.0.167], authid=yinyan, mech=LOGIN, bits=0
Mar  5 09:06:21 mail sendmail[1900]: k2516LAE001900: from=<yinyan@mail.cdfun.net>, size=426, class=0, nrcpts=1, msgid=<200603050106.k2516LAE001900@mail.cdfun.net>, proto=ESMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]
Mar  5 09:06:22 mail sendmail[1902]: k2516LAE001900: to=<xy_coordinate@126.com>, ctladdr=<yinyan@mail.cdfun.net> (501/501), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30258, relay=mx.mail.126.com. [220.181.15.133], dsn=2.0.0, stat=Sent (Mail OK queued as mx3,wKgCUh1AWUBjOQpE+H8KBg==.33974S2)

二。outlook express软件
1。没有选择“SMTP认证”，不可以发邮件

Mar 5 09:15:51 mail sendmail[2051]: k251FpKI002051: ruleset=check_rcpt, arg1=<xy_coordinate@126.com>, relay=winxp.cdfun.net [192.168.0.167], reject=550 5.7.1 <xy_coordinate@126.com>... Relaying denied. Proper authentication required.
Mar 5 09:15:51 mail sendmail[2051]: k251FpKI002051: from=<xjy@mail.cdfun.net>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]

2。选择“SMTP认证”，可以发邮件

Mar  5 09:35:09 mail sendmail[2058]: AUTH=server, relay=winxp.cdfun.net [192.168.0.167], authid=xjy, mech=LOGIN, bits=0
Mar  5 09:35:09 mail sendmail[2058]: k251Z8KI002058: from=<xjy@mail.cdfun.net>, size=1185, class=0, nrcpts=1, msgid=<004301c63ff4$edae21a0$a710a8c0@xjy>, proto=ESMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]
Mar  5 09:35:10 mail sendmail[2060]: k251Z8KI002058: to=<xy_coordinate@126.com>, ctladdr=<xjy@mail.cdfun.net> (500/500), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30426, relay=mx.mail.126.com. [220.181.15.133], dsn=2.0.0, stat=Sent (Mail OK queued as mx3,wKgCUguAt0AjQApEATseBg==.7006S2)

[ 本帖最后由 xy-coordinate 于 2006-3-5 09:36 编辑 ]

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

tyj

白手起家

论坛徽章:: 0

64楼 [报告]

发表于 2006-03-27 16:08 |只看该作者

为什么我的sendmail只能发，不能收

老大，为什么我的sendmail只能发（包括给别的邮箱都可以），但是就是不能收到别的邮箱发来的邮件，而只能收到自己邮箱发来的邮件！请老大指教！

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

freemanxp2005

家境小康

论坛徽章:: 0

65楼 [报告]

发表于 2006-05-16 14:24 |只看该作者

dns配置错误

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

wzls3146

稍有积蓄

论坛徽章:: 0

66楼 [报告]

发表于 2006-08-22 13:31 |只看该作者

我想问一下，我的sendmail按照上边的都配好了，能收，也能发,
但发邮件还是有点问题，通过修改/etc/mail/access文件，
abc.com    RELAY
192.168.0.180 RELAY
202.165.XX.133  RELAY
211.XXX.128.183  RELAY
219.224.56.XXX RELAY

貌似我只有
202.165.XX.133  RELAY
211.XXX.128.183  RELAY
219.224.56.XXX RELAY
这三个能发邮件，问各位大虾我要在哪都能发怎么配置呢，难不成在哪发就把那的IP段RELAY吗？
请各位大虾帮帮忙。谢谢

define(QUEUE_DIR, `/var/spool/mqueue/q*')
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

复制代码

我已经添加了SMTP认证啊~~（为什么/etc/mail/access还起作用呢~~~~）

[ 本帖最后由 wzls3146 于 2006-8-24 10:39 编辑 ]

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

supecn

白手起家

论坛徽章:: 0

67楼 [报告]

发表于 2006-10-22 13:52 |只看该作者

Mark

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

jzcqx

白手起家

论坛徽章:: 0

68楼 [报告]

发表于 2007-05-21 16:43 |只看该作者

原帖由 hk007 于 2004-6-1 17:58 发表
不好意思，原来我的配置还没有经过严格的测试，现在已经改了，其中的一句DAEMON_OPTIONS(`Port=25, Name=MSA, M=Ea')dnl
应该为：
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
把M=Ea去掉，这样应用的是默认规则 ...

有什么办法,可以强制认证,不管理发送者与接收者是否有一方是本地用户

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

angelsss

白手起家

论坛徽章:: 0

69楼 [报告]

发表于 2007-05-28 17:22 |只看该作者

原帖由 jzcqx 于 2007-5-21 16:43 发表

有什么办法,可以强制认证,不管理发送者与接收者是否有一方是本地用户

现在都用AS 4或FC4了，sendmail版本也升级倒了新版本，并且里面有放DDOS攻击部分功能
也有负载选项

好像前面人作者都不用access ,localhost ,sendmail.cf 的
偶也把测试过正常使用必须验证的配置发给你看下，也许有不对之处共享sendmail.mc
1、TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
2.define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
3、DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
4、DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
5、dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')

1。2打开验证功能用 3，4 告诉监听端口，根据mc注视应该是25端口拥塞或被防火墙关闭时用587继续发送

access－－允许转发的控制文件：如果多个外域，都要加进去，否则FOXMAIL中邮件服务器地址mail.外域就不能发送了，
local-host-name －－允许接受的控制文件; 同上，多域都要加进去，否则无法接受邮件

sendmail.cf －－一些更细的控制，找到MAX。。。控制行选项，可以控制最大附件大小和同时转发人数＝＝

注意重启，每个方法都不一样，有的restart，有的 make *.db <access, ==
注意，要开启saslauthd 验证，采用的是/etc/passwd密码，
配置小型用sendmail还是蛮好的，当然postfix更好，反垃圾过滤强，若是大型邮件服务器，个人觉得还是qmail好，插件多，功能强，

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

lanfox2006

白手起家

论坛徽章:: 0

70楼 [报告]

发表于 2007-10-06 23:13 |只看该作者

路过

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

1 2 3 4 5 678 / 8 页下一页

返回列表

Chinaunix › 论坛 › IT运维 › 服务器应用 › RedHat9.0下带认证的Sendmail邮件服务器安装手册