Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "the configuration method of the mail server sendmail under the linux system". In the operation of the actual case, many people will encounter this dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Install the required software

Sendmail.8.12.10.tar.gz http://www.sendmail.org/

Cyrus-sasl-2.1.18.tar.gz http://asg.web.cmu.edu/cyrus/

Installation steps

1. First install the header document of the library document of sasl (simple Authentication and Security layer Protocol) to be used in cyrus-sasl-2.1.18.tar.gz,sendmail installation.

Unzip:

# tar-zxvf cyrus-sasl-2.1.18.tar.gz

Compile:

Enter the newly unzipped source directory and run the following command to complete the installation.

#. / configure-prefix=/usr/local/sasl2-enable-login

Be sure to add-- enable-login, because SASL2 does not support login authentication by default, while OUTLOOK uses the

Login is used for SMTP verification.

# make # compilation

# make install # installation

After completing the above three steps to install the linux program, you are ready to configure and test.

2. Configure SASL

In order to apply SASL to sendmail authentication, some configuration work needs to be done. Sendmail will go to the / usr/lib directory

Look for the SASL2 library, and we install the program in / usr/local/sasl2, why not install the software in the / usr/lib directory

Where's Riley? This is mainly for the good management of self-installed software. So we need to make a link in the / usr/lib directory:

# cd / usr/lib

# ln-s / usr/local/sasl2/lib/*.

Ok, and then create a directory under the / var/ directory to store temporary data for the saslauthd process.

# cd / var

# mkdir state

# cd state

# mkdir saslauthd

Note: if you do not have these directories, you will get an error when you run saslauthd.

Ok, and then to ensure that the CYRUS-SASL2 library knows how to validate the received SASL authentication request, you must create a

SASL configuration document to define the MTA program as a SASL application. The configuration document is named Sendmail.conf (Note

Meaning uppercase S), located in the / usr/lib/sasl2 directory, that is, the / usr/local/sasl2/lib/sasl2 directory, remember above

Do you have a new link? In this document, you define the authentication database method you want to use. The following example uses the

Saslauthd to verify the authentication request.

# cd / usr/lib/sasl2

# echo 'pwcheck_method: saslauthd' >; Sendmail.conf

3. Testing

Ok, now you can run saslauthd and test it.

# cd / usr/local/sasl2/sbin

#. / saslauthd-a shadow

Authenticate with the user and password of shadow

#. / testsaslauthd-u userid-p password

0: OK "Success."

If the above information appears, it means that saslauthd is working properly. The testsaslauthd program is not compiled by default, you

You need to run the # make testsaslauthd command in the saslauthd subdirectory of the source directory tree to generate.

4. After the installation of sasl2 is complete, you will begin to install sendmail.

First decompress the sendmail source code.

# tar-zxvf sendmail.8.12.10.tar.gz

If you want sendmail to support SASL, you need to modify the location of the source code configuration document site.config.m4. Site.config.m4 bit

Devtools/Site in the source directory tree. The document should contain the following lines:

PREPENDDEF (`confMAPDEF', `- DMAP_REGEX')

APPENDDEF (`confENVDEF', `- DTCPWRAPPERS-DSASL=2')

APPENDDEF (`conf_sendmail_LIBS', `- lwrap-lsasl2')

APPENDDEF (`confLIBDIRS',`-Lash _ Razer _ local _ LBO _ LASL2 _ LIBT')

APPENDDEF (`confINCDIRS',`-IUniqusr _ localUnix _ Sasl2Actionde`)

The first line configures regular expression related content

The second and third line configurations indicate that sasl2 and tcp_wrapper are supported in sendmail programs (available through hosts.allow and

Hosts.deny controls access)

The fourth and five-line configuration indicates the location of the library document and header document of the sasl2.

Ok, and then create some users and directories before compiling, and make sure you have the correct permissions.

Sendmail must have a set-group-id (default is smmsp group) program to query in a group writable directory

Line up for mail. So we're going to set up a smmsp user and group. And set up the following directory and configure the corresponding permissions, with

Body configuration needs to be able to query sendmail/SECURITY documents under the source code directory tree.

# groupadd smmsp

# useradd smmsp-d / var/spool/clientmqueue-s / dev/null

# mkdir / var/spool/clientmqueue

# chown-R smmsp:smmsp / var/spool/clientmqueue

# chmod-R 770 / var/spool/clientmqueue

# mkdir / etc/mail

# mkdir / var/spool/mqueue

# chmod go-w / / etc/ etc/mail / usr / var/ var/spool/ var/spool/mqueue

# chown root / / etc/ etc/mail / usr / var/ var/spool/ var/spool/mqueue

Ok, and then you can go to the source directory tree and start compiling.

#. / Build-c

The-c option deletes the document generated by the last compilation.

#. / Build install

After the compilation is complete, you can install it.

5. Sendmail configuration

For sendmail to work properly, you need to configure several documents, the first and most important of which is the sendmail.cf document. He's in the source.

There are many examples under the cf/cf directory under the code directory tree. You can copy and use. Because of the syntax in sendmail.cf

It is very complicated, so manual modification is not recommended. We can cooperate with Hongtong in the sendmail-cf directory with sendmail.mc documents.

Automatically generated by the M4 preprocessor. The M4 preprocessor is used to create sendmail configuration documents from a set of macro documents. Hongwen

The piece is read in as input. The macro is expanded and written to an output document. The sendmail-cf directory is usually placed in / usr/share

Under the catalog. In fact, the content of the sendmail-cf directory is the same as that of the cf directory under the source code directory tree, so for

To ensure that the contents of the sendmail-cf directory are synchronized with the installation version, copy the contents of the cf directory under the source directory tree to the

/ usr/share/sendmail-cf directory.

The sendmail.mc configuration document is as follows:

Divert (- 1)

Include (`/ usr/share/sendmail-cf/m4/cf.m4')

VERSIONID (`linux setup for Red Hat Linux') dnl

OSTYPE (`linux')

Dnl Uncomment and edit the following line if your mail needs to be sent out

Dnl through an external mail server:

Dnl define (`SMART_HOST', `smtp.your.provider')

Define (`confDEF_USER_ID', ``8dnl') dnl

Undefine (`UUCP_RELAY') dnl

Undefine (`BITNET_RELAY') dnl

Dnl define (`confAUTO_REBUILD') dnl

Define (`confTO_CONNECT', `1m') dnl

Define (`confTRY_NULL_MX_LIST',true) dnl

Define (`confDONT_PROBE_INTERFACES',true) dnl

Define (`PROCMAIL_MAILER_PATH', `/ usr/bin/procmail') dnl

Define (`ALIAS_FILE', `/ etc/mail/aliases') dnl

Define (`STATUS_FILE', `/ etc/mail/statistics') dnl

Define (`UUCP_MAILER_MAX', `2000000') dnl

Define (`confUSERDB_SPEC', `/ etc/mail/userdb.db') dnl

Define (`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun') dnl

Define (`confAUTH_OPTIONS', `A') dnl

TRUST_AUTH_MECH (`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') dnl

Define (`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5

LOGIN PLAIN') dnl

Dnl define (`confCACERT_PATH', `/ usr/share/ssl/certs')

Dnl define (`confCACERT', `/ usr/share/ssl/certs/ca-bundle.crt')

Dnl define (`confSERVER_CERT', `/ usr/share/ssl/certs/sendmail.pem')

Dnl define (`confSERVER_KEY', `/ usr/share/ssl/certs/sendmail.pem')

Dnl define (`confTO_QUEUEWARN', `4h') dnl

Dnl define (`confTO_QUEUERETURN', `5d') dnl

Dnl define (`confQUEUE_LA', `12') dnl

Dnl define (`confREFUSE_LA', `18') dnl

Define (`confTO_IDENT', `0') dnl

Dnl FEATURE (delay_checks) dnl

FEATURE (`no_default_msa', `dnl') dnl

FEATURE (`smrsh', `/ usr/sbin/smrsh') dnl

FEATURE (`mailertable', `hash-o / etc/mail/mailertable.db') dnl

FEATURE (`virtusertable', `hash-o / etc/mail/virtusertable.db') dnl

FEATURE (redirect) dnl

FEATURE (always_add_domain) dnl

FEATURE (use_cw_file) dnl

FEATURE (use_ct_file) dnl

Dnl The'- t 'option will retry delivery if e.g. The user runs over his quota.

FEATURE (local_procmail, `', `procmail-t-Y-a $h-d $u') dnl

FEATURE (`access_db', `hash-T;-o / etc/mail/access.db') dnl

FEATURE (`blacklist_recipients') dnl

EXPOSED_USER (`root') dnl

Dnl This changes sendmail to only listen on the loopback device 127.0.0.1

Dnl and not on any other network devices. Comment this out if you want

Dnl to accept email over the network.

DAEMON_OPTIONS (`Port=smtp,Addr=0.0.0.0, Name=MTA')

Dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires

Dnl a kernel patch

Dnl DAEMON_OPTIONS (`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')

Dnl We strongly recommend to comment this one out if you want to protect

Dnl yourself from spam. However, the laptop and users on computers that do

Dnl not have 24x7 DNS do need this.

FEATURE (`accept_unresolvable_domains') dnl

Dnl FEATURE (`relay_based_on_MX') dnl

MAILER (smtp) dnl

MAILER (procmail) dnl

Remember to make the following two statements valid. What he means is that if access.db access control is not configured, enable the following

Smtp verification is carried out by means of verification.

TRUST_AUTH_MECH (`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') dnl

Define (`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5

LOGIN PLAIN') dnl

Sendmail Macro definition description

Divert (n) defines a buffer action for M4. When the buffer is deleted, a new buffer starts when the buffer is zero.

OSTYPE defines the operating system used by the macro, which allows M4 programs to add the

Document

Domain defines which domains MTA will use to transfer messages

Feature defines a specific feature set used in the configuration document

Define defines a specific option value in the configuration document

MASQUERADE_AS defines the other hostname of the sendmail to answer the message

MAILER defines the mail delivery method used by sendmail

Dnl comment

After the writing of the sendmail.mc document, you can use the M4 program to generate a formal sendmail.cf configuration document. Grammar such as

Below:

# M4 sendmail.mc >; sendmail.cf

It can also be generated using the cf/cf/Build command under the source code directory tree. The premise is that you have a sendmail.mc in that directory

Documents. The syntax is as follows:

#. / Build sendmail.cf

Ok, and then you can install the sendmail.cf and submit.cf document into the / etc/mail directory, with the following syntax:

#. / Build install-cf

In fact, you can also use the cp command to copy it. Remember to copy a copy of the sendmail.mc document to the / etc/mail directory

So that the sendmail.cf document can be regenerated later when the configuration is modified.

Ok, then go to the / etc/mail directory to configure some documentation.

# cd / etc/mail

# echo 'examply.com' >; >; the host name of the local-host-names that received the mail

# echo 'localhost RELAY' >; >; access is used to reject or allow mail from a domain. This example allows

Forward locally.

# makemap hash access generates access.db database

# touch domaintable is used to map old domain names to new ones

# makemap hash domaintable to override the route to the specified domain

# makemap hash mailertable is used to map users and domain names to other addresses

# makemap hash virtusertable alias database, in text form. You can refer to the source code directory tree

Sendmail/aliases document.

# newaliases creates a new alias database document from the text document.

# sendmail-v-bi debugging starts.

/ etc/mail/aliases: 42 aliases, longest 10 bytes, 432 bytes total

If the above prompt appears, the startup is successful. You can officially start it with the following command:

# sendmail-bd-q30m

The command runs as a background process (- bd) and causes it to poll the unsent mail queue every 30 minutes (- q30m)

Column to check for new messages.

After the server starts, you can connect to the server using telnet.

# telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.

Escape character is'^]'.

220 test.tigerhead ESMTP Sendmail 8.12.10 test.tigerhead ESMTP Sendmail 8.12.10; Tue, 30 Mar 2004 14:50:14 + 0800

Ehlo test the command you entered, press enter to end.

250-test.tigerhead Hello LOCALHOST.localdomain [127.0.0.1], pleased to meet you

250-ENHANCEDSTATUSCODES

250-PIPELINING

250-8BITMIME

250-SIZE

250-DSN

250-ETRN

250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

250-DELIVERBY

250 HELP

The response message that starts with 250-is the server. Notice the penultimate line, which is the display of successfully configured smtp validation.

Enter quit to leave.

After the installation is completed, in order to ensure the security of the system, you also need to adjust the permissions of some directories. Please refer to the directory of sendmail source code

Sendmail/SECURITY document.

# chmod 0640 / etc/mail/aliases / etc/mail/aliases. {db,pag,dir}

# chmod 0640 / etc/mail/*. {db,pag,dir}

# chmod 0640 / etc/mail/statistics / var/log/sendmail.st

# chmod 0600 / var/run/sendmail.pid / etc/mail/sendmail.pid

-r-xr-sr-x root smmsp... / PATH/TO/sendmail

Drwxrwx--- smmsp smmsp... / var/spool/clientmqueue

Drwx- root wheel... / var/spool/mqueue

-root wheel. / etc/mail/sendmail.cf.

-root wheel. / etc/mail/submit.cf.

6. Introduction of sendmail function

Aliases alias database configuration

Test: test1,test2,test3 configures test group aliases. Test is not an actual user, just an individual name. Send to

Test1,2,3 can receive letters from test.

Test: test,testbak backs up test's messages in the testbak mailbox.

Test: test,test@163.com remote mail backup, same principle as above.

Test:: include: / etc/mail/userlist uses the user list to configure the group.

The userlist format is as follows:

Test1,\

Test2,\

Test3,\

Test4

With regard to the system default aliases, because sendmail presupposes to use mailer-daemon and postmaster as the data sender

Or the account returned by mail, but the system does not actually have these two accounts, so configure aliases as follows.

Mailer-daemon: postmaster

Postmaster: root

Don't forget to generate the database with the newaliases command after the configuration is complete.

~ / .forward document configuration

In fact, the role of the document and aliases database to do almost, are the configuration of aliases, to do mail forwarding. Because of alises.

It can only be controlled by the administrator and cannot be modified by individual users, so a forwarding document can be created under the personal directory. To

Configure a personal mail forwarding list. The document format is as follows:

Test

Test1

Test2

Test3

And os on

However, due to poor security awareness of individual users, if the configuration is improper, there will be security vulnerabilities, so it is not recommended to use them.

Access access Control list configuration

92.168 RELAY

Test.NET OK

Test.COM REJECT

Test.COM 550 SORRY,WE DON'T ALLOW SPAMMERS HERE

Test.ORG DISCARD

Ok-- remote hosts can send messages to your mail server

RELAY-- allows transit

REJECT-- cannot send mail to your mail server and cannot transfer

Messages from DISCARD-- will be discarded and no error message will be returned to the sender.

Messages from nnn text-- will be discarded, but sendmail will return the smtp code and text determined by nnn to the sender

The text description determined by the variable.

After configuration, use the makemap hash access.db command to generate the database.

Mailq message queue query command.

Q-ID email id number.

Size mail capacity.

When Q-Time messages are queued (that is, the / var/spool/mqueue directory) and why they cannot be mailed.

Email address of the sender and recipient of the Sender/Recipient.

Mailstats mailing status query command, you can query sendmail operation to send and receive mail total information.

M:

Msgsfr: the number of messages sent.

Bytes_from: Mail capacity

Megsto: the number of messages received.

Bytes_to: ditto

Msgsrej: the number of times the mail deny.

Msgsdis: the number of times the mail discard.

Mailer: esmtp external mail, local local mail.

Mail Mail Command

Mail checks the contents of your own mailbox in the / var/spool/mail/ directory. Use Q to exit and save the mail you have read in

~ / mbox.

Mail test@example.com sends emails directly to people.

Mail-s' title text' test@example.com mails the contents of the document.

Mail-f ~ / mbox check the mailbox contents under the home directory.

It is also feasible to use mail to send attachments, which should be encoded with the uuencode and uudecode command.

Code: uuencode [file] name example:uuencode hello hello >; hello.uue default input

Is stdin;default output is stdout.

Decoding: uudecode [- o outfile] name example:uudecode hello.uue can output another one with the-o option

Document name.

# uuencode ~ / .bashrc bashrc | mail-s' test uuencode'

Test@example.com

Fifth, other configurations.

To make better use of sendmail, there are some common configurations:

1. Limit the maximum mail.

Vi / etc/sendmail.cf

# maximum message size

O MaxMessageSize=5000000 (Note: 5m)

2. The largest number of mass messages.

Vi / etc/sendmail.cf

# maximum number of recipients per SMTP envelope

O MaxRecipientsPerMessage=20 (20)

3. Domain name document-local-host-name

He can be used to achieve virtual domain name or multi-domain name support.

/ etc/mail/local-host-name

V1mail.com

V2mail.com

.

4. Mail alias document-aliases.

Vi / etc/aliases

System internal aliases: peng:zpeng,hero,mmmn,yt peng is my user name, and the others are aliases, separated by commas.

Forward to another mailbox: peng:zpeng@sina.com,yt.sohu.com

# newaliases-- write to the library

5. Email control document-access

Relay, ok, reject and discard. Relay can be forwarded. Ok is used to allow arbitrary access by users, and it overrides any other established checks (in actual configuration, it is best not to set this unless you have absolute trust in the user); reject can reject the visiting address, which he does not allow to connect and communicate with your mail server at all. The function of discard is to secretly discard him after receiving the transmitted email message (in the sender's view, his email is indeed received, but he does not know that it is impossible to receive his email at the destination address, and the server deceives him cleverly.

Vi / etc/mail/access.

Localhost.localdomain RELAY-allow

Localhost RELAY

127.0.0.1 RELAY

Peng@sina.com ok

@ sexgirl.net reject

211.77.22.45 discard

# makemap hash access.db is written to the library

6. Virtual user document-virtusertable.

This document can mail the duplicate name problem.

For example, you have two domain names, virt1.com and virt2.com, but both have the user peng:

Peng@virt1.com and peng@virt2.com, these are two users. But for the system user, he only recognizes the system user peng and can only change it once:

Vi / etc/mail/virtusertable

Peng@virt2.com r010

That's all right. Open a new user R010, but use R010 for peng@virt2.com 's pop3 and smtp server username and password on the client side.

# makemap hask virtusertable.db

# / usr/sbin/sendmail-d0.1-bv root | grep SASL

NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS QUEUE SASL SCANF

My problem has been found that the S in the document name of / usr/lib/sasl/Sendmail.conf is not uppercase, the problem has been resolved

This is the end of the content of "how to configure the mail server sendmail under the linux system". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.