Shulou(Shulou.com)06/01 Report--

This article is about how to configure the Sendmail server to prevent spam. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

2. Installation mode of source code

First get the latest version of the source code, which can be obtained from either http://www.sendmail.org/ or ftp://ftp.sendmail.org/pub/sendmail/.

Then, store it in the / usr/local directory. And execute the following command to extract:

# cd / usr/local

# tar-zxvf sendmail-8.13.4.tar.gz

This creates a sendmail-8.13.4 directory under the / home directory:

/ usr/local/sendmail-8.13.4/README

/ usr/local/sendmail-8.13.4/src

/ usr/local/sendmail-8.13.4/cf

/ usr/local/sendmail-8.13.4/doc

Next, you need to compile the source code. Because Sendmail comes with a compiler Build, there is no need for the make command:

# cd / usr/local/sendmail-8.13.4/src

#. / Build install

Once the software is installed, you can use the following command to confirm that sendmail has started:

# pstree | grep sendmail

If Sendmail is started, this command will display its relevant information. Otherwise, you will return to the command line without any prompts. If it is not started, the user can start it manually. As shown in the following command:

# service sendmail start

Configure Sendmail to suppress spam

1. Disable the Relay function of Sendmail

The so-called Relay function means that others can use this SMTP mail server to send letters to anyone, so that spammers with ulterior motives can use this mail server to send a large number of spam, and in the end, what others complain about is not the spammers, but this server, so Relay must be shut down. The specific way is to go to the / etc/mail directory of the Linux server to edit the access file, remove settings such as "* relay", and leave only "localhost relay" and "127.0.0.1 relay". Note that after modifying the access file, you also need to use the command to make the changes take effect: makemap hash access.db

< access。 2．在Sendmail中添加RBL功能 RBL（Realtime Blackhole List）是实时黑名单。 只要在Sendmail中加入RBL认证功能，就会使邮件服务器在每次收信时都自动到RBL服务器上去查实，如果信件来源于黑名单，则Sendmail会拒收邮件，从而使单位的用户少受垃圾邮件之苦。在Sendmail中添加RBL认证，需要对sendmail.mc添加以下内容：FEATURE（`dnsbl'，`relays.ordb.org'，`″Email blocked using ORDB.org - see ″'）。 最后执行"m4 sendmail.mc>

The two commands "sendmail.cf" and "service sendmail restart" give effect to the changes to Sendmail.

3. Use access database

Accessing the database defines what hosts or IP addresses can access the local mail server and what type of access they are. The host may list OK, REJECT, RELAY or simply detect a given mail error through Sendmail's error handler. The host lists OK by default, which allows messages to be sent to the host, as long as the final destination of the message is the local host. Listing REJECT will reject all mail connections. Hosts with the RELAY option will be allowed to send mail anywhere through this mail server.

/ etc/mail/access.db is a hash table database that is generated using the / etc/mail/access file, which is a plain text file in the format "address manipulation".

The following steps are given to modify the / etc/mail/access file using the above address and operation fields to generate the / etc/mail/access.db database:

First, edit the / etc/mail/access file using vi.

# vi / etc/mail/access

Then, add the following.

Samsung.com RELAY / / allows all hosts in the domain of samsung.com to forward messages using the server

10.0.6.134 RELAY / / allows hosts with an IP address of 10.0.6.134 to forward messages using the server

192.168.10 RELAY / / allows hosts in the 192.168.10 network segment to forward messages using the server

Info.com REJECT / / denies all hosts in the domain of info.com from using servers

Finally, save the disk and exit and use the makmap command to generate the / etc/mail/access.db database.

# cd / etc/mail

# makemap hash access.db 4. Enable the SMTP authentication feature of Sendmail

Although the above access database can be used in Sendmail to manage users so that they can legally use the SMTP server for mail delivery. However, due to the increasing number of users, and many users are in a network segment, if it is difficult to effectively manage the use of the SMTP server only by relying on the above-mentioned access database, it will increase the scale of the access database, confuse management, resulting in reduced efficiency and even errors. Therefore, it is very necessary to use the identity authentication library under Red Hat Linux, together with the Sendmail server, to authenticate the users who use the SMTP service, so as to ensure the legitimate use of the service.

Download the sasl library before use, which provides functions required for security authentication at the download address of "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/"". The latest version on the Internet is cyrus-sasl-2.1.21.tar.gz. The steps to configure sendmail with authentication using this authentication library are described below:

First check to see if the sasl-related RPM package is installed on the system.

# rpm-a | grep sasl

The general system is installed by default, and if not, you need to install four toolkits with the following command:

# rpm-ivh cyrus-sasl-md5-2.1.10-4

# rpm-ivh cyrus-sasl-2.1.10-4

# rpm-ivh cyrus-sasl-plain-2.1.10-4

# rpm-ivh cyrus-sasl-devel-2.1.10-4

Or by using the downloaded source code installation package, install as follows:

# cp cyrus-sasl-2.1.21.tar.gz / usr/local

# gzip cyrus-sasl-2.1.21.tar.gz

# tar-xvf cyrus-sasl-2.1.21.tar

# cd cyrus-sasl-2.1.21

#. / configure-prefix=/usr-enable-login-with-pwcheck-with-digest

# make

# make install

Then, look at the authentication-related configuration of sendmail.

# cat / usr/lib/sasl/Sendmail.conf

Pwcheck_metod:pam

Next, you need to edit the sendmail.mc, modify the configuration related to authentication, and delete the dnl for each line.

# cd / etc/mail

# vi sendmail.mc

Uncomment the following lines:

/ / TRUST_AUTH_MECH (`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') dnl

/ / define (`confAUTH_

MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') dnl

Next, use the M4 command to generate the cf file.

# M4 sendmail.mc > sendmail.cf

Then, restart the sendmail server.

# service sendmail restart

Finally, test the sasl.

# sendmail-d0.1-bv root | grep SASL

NETUNIX NEWDB NIS PIPELINING SASL SCANF STARTTLS TCPWRAPPERS

Thank you for reading! This is the end of the article on "how to configure the Sendmail server to prevent spam". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.