|
|
电子邮件是计算机史上最老的服务了,目前常用的MTA(邮件传输代理)软件主要有sendmail和postfix,exchange,qmail等;其中sendmail最为古老,且最为复杂;邮件传输过程中主要有MTA,MUA,MAA,MDA等,MUA,邮件用户代理主要指的是客户端程序,比如outlook,foxmail,thunderbird
等;MAA则是指dovecot软件提供的pop3,imap等收信服务,MDA则是邮件过滤代理,主要有procmail等…,sendmail的配置十分的复杂,本节中只介绍rhce考试的热点…
1:配置sendmail监听本机所有端口,并在远程客户端上进行发邮件测试
[iyunv@server2 ~]# rpm -q sendmail-cf //安装sendmail-cf包,该包提供了主要的模板
package sendmail-cf is not installed
[iyunv@server2 ~]# yum -y install sendmail-cf
[iyunv@server2 ~]# service sendmail status
sendmail (pid 2591) 正在运行...
[iyunv@server2 ~]# netstat -ntpl |grep :25 //sendmail默认启动,且只侦听回环接口上的25端口
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2591/sendmail: acce
[iyunv@server2 ~]# cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.orig //备份下模板和主配置文件,这步很关键
[iyunv@server2 ~]# cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.orig
[iyunv@server2 ~]# grep '127.0.0.1' /etc/mail/sendmail.mc
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl //注释掉本行,dnl代表注释,也可将127.0.0.1改成0.0.0.0
[iyunv@server2 ~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf //使用m4宏生成半二进制的配置文件
[iyunv@server2 ~]# cat /etc/mail/local-host-names
# local-host-names - include all aliases for your machine here.
server2.yang.com
[iyunv@server2 ~]# service sendmail restart //重启服务
关闭 sm-client: [确定]
关闭 sendmail: [确定]
启动 sendmail: [确定]
启动 sm-client: [确定]
[iyunv@server2 ~]# netstat -ntpl |grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2673/sendmail: acce
[iyunv@server2 ~]# useradd -s /sbin/nologin test1 //添加两个测试用户
[iyunv@server2 ~]# useradd -s /sbin/nologin test2
[iyunv@server2 ~]# echo '123'|passwd --stdin test1
Changing password for user test1.
passwd: all authentication tokens updated successfully.
[iyunv@server2 ~]# echo '123'|passwd --stdin test2
Changing password for user test2.
passwd: all authentication tokens updated successfully.
C:/>telnet 192.168.122.20 25 //使用telnet命令测试,sendmial默认配置helo和mail from可以进行欺骗,可在配置文件中调整
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Fri, 9 Apr 2010 12:51:55
+0800
helo www.baidu.com
250 localhost.localdomain Hello [192.168.122.50], pleased to meet you
mail from:admin@baidu.com
250 2.1.0 admin@baidu.com... Sender ok
rcpt to:test1@server2.yang.com
250 2.1.5 test1@server2.yang.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
just one test!
.
250 2.0.0 o394ptpb002905 Message accepted for delivery
quit
[iyunv@server2 ~]# mailq //查看邮件队列,用于MTA-MTA之间
/var/spool/mqueue is empty
Total requests: 0
[iyunv@server2 ~]# mailq -Ac //查看邮件队列,用于MTA-MUA之间
/var/spool/clientmqueue is empty
Total requests: 0
[iyunv@server2 ~]# grep 'o394ptpb002905' /var/log/maillog //查看邮件日志信息
Apr 9 12:53:01 server2 sendmail[2905]: o394ptpb002905: from=admin@baidu.com, size=15, class=0, nrcpts=1, msgid=<201004090452.o394ptpb002905@localhost.localdomain>, proto=SMTP, daemon=MTA, relay=[192.168.122.50]Apr 9 12:53:02 server2 sendmail[2912]: o394ptpb002905: to=test1@server2.yang.com, delay=00:00:16, xdelay=00:00:00,
mailer=local, pri=30333, dsn=2.0.0, stat=Sent(使用outlook收信,需要配置dovecot)
2:配置允许192.168.122.0/24段的ip进行RELAY操作,同时限制test2@server2.yang.com发送邮件
默认不允许进行中继,只允许中继localhost,localhost.localdoamin,127.0.0.1
[iyunv@server2 ~]# grep -v '^#' /etc/mail/access
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.122 RELAY
From:test2@server2.yang.com ERROR:550 bad name
[iyunv@server2 ~]# makemap hash /etc/mail/access < /etc/mail/access //生成hash数据库
[iyunv@server2 ~]# grep 'ylw6006' /var/log/maillog //查看日志信息
Apr 9 13:01:33 server2 sendmail[3037]: o3951WuZ003037: ruleset=check_rcpt, arg1=<ylw6006@163.com>, relay=[192.168.122.50], reject=550 5.7.1 <ylw6006@163.com>... Relaying denied. IP name lookup failed [192.168.122.50]Apr 9 13:08:38 server2 sendmail[3066]: o3958VN6003064: to=<ylw6006@163.com>, ctladdr=<test1@server2.yang.com> (500/501), delay=00:00:06, xdelay=00:00:05, mailer=esmtp, pri=121260, relay=mxnew-b.163.com. [220.181.12.90], dsn=2.0.0, stat=Sent (Mail OK queued as mx44,WsCowKD7365Ztr5LqLb9Aw--.1247S2 1270789727)
[iyunv@jsb-ylw-5024 ~]# telnet 192.168.122.20 25 //test2@server2.yang.com用户发送邮件测试
Trying 192.168.122.20...
Connected to 192.168.122.20 (192.168.122.20).
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Fri, 9 Apr 2010 13:13:46 +0800
helo www.baidu.com
250 localhost.localdomain Hello [192.168.122.1], pleased to meet you
mail from:test2@server2.yang.com
550 5.0.0 test2@server2.yang.com... bad name
3:配置邮件别名,将发送到test1用户的邮件转到root用户上,这样配置完后,test1用户将不会收到任何邮件
[iyunv@server2 ~]# tail -1 /etc/aliases
test1: root
[iyunv@server2 ~]# newaliases //使用newaliases命令生效,关键
/etc/aliases: 77 aliases, longest 10 bytes, 774 bytes total
[iyunv@server2 ~]# mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 test1@server2.yang.c Fri Apr 9 13:36 45/1831 "mail from test1@serve"
& 1
4:配置邮件过滤,凡是邮件主题或者正文中包含相关关键字的邮件进行过滤,重点…
[iyunv@server2 ~]# cat /etc/procmailrc
LOGFILE=/var/spool/mail/procmail.log //日志文件保存位置
VERBOSE=yes //记录详细日志
:0 cHB //固定格式,HB表示过滤主题和邮件正文
* .* rhce //关键字信息
/var/spool/mail/procmail.txt //过滤邮件保存位置
[iyunv@server2 ~]# ll /usr/bin/procmail //给promail组上程序赋S位,5.1环境需要执行,5.4可以跳过
-rwxr-xr-x 1 root mail 99128 2006-07-13 /usr/bin/procmail
[iyunv@server2 ~]# chmod g+s /usr/bin/procmail
//测试
[iyunv@server2 ~]# echo "one test for RHCE,good luck for you..."|mail -s 'rhce' test1@server2.yang.com
[iyunv@server2 ~]# tail /var/spool/mail/procmail.txt
by localhost.localdomain (8.13.8/8.13.8/Submit) id o397b50t006246
for test1@server2.yang.com; Fri, 9 Apr 2010 15:37:05 +0800
Date: Fri, 9 Apr 2010 15:37:05 +0800
From: root <root@localhost.localdomain>
Message-Id: <201004090737.o397b50t006246@localhost.localdomain>
To: test1@server2.yang.com
Subject: rhce
one test for RHCE,good luck for you...
[iyunv@server2 ~]# tail -f /var/spool/mail/procmail.log
Folder: /var/mail/root 1244017
procmail: [6249] Fri Apr 9 15:37:06 2010
procmail: Match on ".* rhce"
procmail: Assigning "LASTFOLDER=/var/spool/mail/procmail.txt"
procmail: Opening "/var/spool/mail/procmail.txt"
procmail: Acquiring kernel-lock
procmail: Assigning "PATH=/root/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/X11R6/bin"
From root@localhost.localdomain Fri Apr 9 15:37:06 2010
Subject: rhce
Folder: /var/mail/root 693
转自:http://hi.baidu.com/naruto6006/blog/item/952058089fa839c33bc763a5.html |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-11-25 14:21:34
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡