|
Sendmail的配置
一、/etc/mail/sendmail.mc
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4′)dnl (将sendmail-cf/m4/cf.m4包含进来)
VERSIONID(`setup for Red Hat Linux’)dnl (定义版本信息)
OSTYPE(`linux’)dnl (选择包含操作系统指定属性的文件)
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL’, `9′)dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST’,`smtp.your.provider’)
dnl #
define(`confDEF_USER_ID’,“8:12”)dnl (指定使用的用户ID为8,组ID为12)
dnl define(`confAUTO_REBUILD’)dnl
define(`confTO_CONNECT’, `1m’)dnl (设置等待连接的最大时间为1分钟)
define(`confTRY_NULL_MX_LIST’,true)dnl (若MX记录指向本机,则sendmail直接连接到远程主机)
define(`confDONT_PROBE_INTERFACES’,true)dnl (sendmial不会自动将服务器的网络接口视为有效地址)
define(`PROCMAIL_MAILER_PATH’,`/usr/bin/procmail’)dnl(设置procmail的存放路径)
define(`ALIAS_FILE’, `/etc/aliases’)dnl (设置邮件别名存放路径)
define(`STATUS_FILE’, `/var/log/mail/statistics’)dnl
define(`UUCP_MAILER_MAX’, `2000000′)dnl (设置处理信息的最大限制为2M)
define(`confUSERDB_SPEC’, `/etc/mail/userdb.db’)dnl (设置用户数据库文件路径)
define(`confPRIVACY_FLAGS’, `authwarnings,novrfy,noexpn,restrictqrun’)dnl (设置限制某些邮件命令的标志)
define(`confAUTH_OPTIONS’, `A’)dnl 仅在授权成功时。将AUTH参数加到邮件的消息头中
dnl #
dnl # The following allows> dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS’, `A p’)dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
define(QUEUE_DIR, `/var/spool/mqueue/q*’)
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH’,`/usr/share/ssl/certs’)
dnl define(`confCACERT’,`/usr/share/ssl/certs/ca-bundle.crt’)
dnl define(`confSERVER_CERT’,`/usr/share/ssl/certs/sendmail.pem’)
dnl define(`confSERVER_KEY’,`/usr/share/ssl/certs/sendmail.pem’)
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP’s
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL’,`groupreadablekeyfile’)dnl
dnl #
dnl define(`confTO_QUEUEWARN’, `4h’)dnl
dnl define(`confTO_QUEUERETURN’, `5d’)dnl
dnl define(`confQUEUE_LA’, `12′)dnl
dnl define(`confREFUSE_LA’, `18′)dnl
define(`confTO_IDENT’, `0′)dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa’,`dnl’)dnl (允许MSA被DAMEMON_OPTION覆盖的默认设置)
FEATURE(`smrsh’,`/usr/sbin/smrsh’)dnl (设置邮件发送器smrsh的存放路径)
FEATURE(`mailertable’,`hash -o /etc/mail/mailertable.db’)dnl (设置邮件发送器数据库的存放路径)
FEATURE(`virtusertable’,`hash -o /etc/mail/virtusertable.db’)dnl (设置虚拟邮件域数据库的存放路径)
FEATURE(redirect)dnl (支持.redirect虚拟域)
FEATURE(always_add_domain)dnl (增加主机名到所有本地发送的邮件)
FEATURE(use_cw_file)dnl (装载/etc/mail/local-host-names文件中定义的主机名)
FEATURE(use_ct_file)dnl (装载可信任用户名单)
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 12.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN’, 12)dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE’, 3)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`’,`procmail -t -Y -a $h -d $u’)dnl (使用procmail作为本地邮件发送者)
FEATURE(`access_db’,`hash -T<TMPF> -o /etc/mail/access.db’)dnl (从/etc/mail/access.db装载可以中继的域)
FEATURE(`blacklist_recipients’)dnl (根据访问数据库的值过滤外来邮件)
EXPOSED_USER(`root’)dnl (禁止伪装发送者地址中出现root用户)
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl (指定sendmail作为MTA运行时的参数)
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can’t reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
DAEMON_OPTIONS(`Port=25, Name=MSA, M=Ea’)dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can’t
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn’t support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled– STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s’)dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6′)dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6′)
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24×7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains’)dnl 设置可以接受不能由NDS主机所发送的邮件
dnl #
dnl FEATURE(`relay_based_on_MX’)dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain’)dnl 设置本地域
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com’)dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl (指定sendmail所有SMTP发送者,包括smtp,esmtp,smtp8,和replay)
MAILER(procmail)dnl (指定使用procmail作为本地邮件的发送者)
文件中,红色字体的行为需要修改的地方,共有五行需要修改。
第一行是手动添加的,与认证无关,作用是启动多个邮件队列,为了获得更好的传输性能。
第二行和第三行是去掉行首的注释。”TRUST_AUTH_MECH”的作用是使sendmail不管access文件中如何设置,都能>Sendmail的sasl认证配置
1. 先来看一下/usr/lib/sasl2/Sendmail.conf文件,里面的内容应该是pwcheck_method:saslauthd,将这个文件复制成smtpd.conf,即cp Sendmail.conf smtpd.conf,这个文件也要在/usr/lib/sasl2/目录下;
2. 在/etc/pam.d/目录下参照其它文件建立一个“smtp”文件(postfix的是smtp.postfix),内容如下:
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
或者修改/etc/sysconfig/saslauthd文件
3. 2.然后/etc/init.d/saslauthd start来启动sasl的密码认证(要每次开机自动启动这项服务,就运行ntsysv选中saslauthd,再存盘退出ntsysv)。注意:我把这里添加就 OK
第四行是加上注释,以便让sendmail可以侦听所有网络设备,为整个网络提供服务,而不仅仅只对本机提供服务。
第五行是修改的,原来内容是:dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea’)dnl 去掉行首的注释符,并且将内容修改成Port=25:
DAEMON_OPTIONS(`Port=25, Name=MSA’)dnl
在smtp的默认端口(25)上进行认证,而不是587端口。这样就强制所有使用该邮件服务器进行邮件转发的用户在认证后才能发邮件了。
修改好/etc/mail/sendmail.mc后,编译并重新启动sendmail
方法1
cd /etcm/mail
make
make restart
方法2
cd /etc/mail
m4 sendmail.mc >; sendmail.cf
service sendmail restart |
QQ群⑧:
窥视卡
雷达卡
发表于 2018-5-13 09:09:58
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡