有次不小心把笔记给搞丢了(被小偷抢走! :( ),所以决定以后把笔记整理到这里!
首先感谢CU以及其他网友的文档使我顺利配置了公司的邮件服务器,当时好多人说sendmail的m4配置文件的复杂难懂,由于坚信有能力配置出很棒的邮件系统,所以选择了历史悠久、功能强大的sendmail! ^!^
环境:RedHat Linux AS4完全安装或者确保邮件服务器里的包都装上! 呵呵!
目的:实现带认证功能的邮件服务器的配置安装
(DNS部分略了!)
一. Sendmail服务配置
1.安装RedHat LinuxAS 4后,修改/etc/mail/sendmail.mc,修改后文件如下:
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTRUSTED_USER', `smmsp')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
define(QUEUE_DIR, `/var/spool/mqueue/q*')
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF>; -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
文件中,红色字体的行为需要修改的地方,共有五行需要修改。
第一行是手动添加的,与认证无关,作用是启动多个邮件队列,为了获得更好的传输性能。
第二行和第三行是去掉行首的注释。”TRUST_AUTH_MECH”的作用是使sendmail不管access文件中如何设置,都能 relay 那些通过EXTERNAL, LOGIN, PLAIN, CRAM-MD5或DIGEST-MD5等方式验证的邮件,”confAUTH_MECHANISMS" 的作用是确定系统的认证方式。Outlook Express支持的认证方式是LOGIN。
第四行是加上注释,以便让sendmail可以侦听所有网络设备,为整个网络提供服务,而不仅仅只对本机提供服务。
第五行是修改的,原来内容是:
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
去掉行首的注释符,并且将内容修改成Port=25:
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
在smtp的默认端口(25)上进行认证,而不是587端口。这样就强制所有使用该邮件服务器进行邮件转发的用户在认证后才能发邮件了。
2.运行:
# m4 /etc/mail/sendmail.mc >/etc/mail/sendmail.cf
用m4重新生成sendmail.cf文件
3. 既然我们打开了多个队列,现在我们在/var/spool/mqueue/下创建任意多个队列目录,运行:
# cd /var/spool/mqueue
# mkdir q1 q2 q3 q4 q5 q6
4. 修改/etc/mail/local-host-names,将希望该邮件服务器使用的邮箱名加进去,比如邮箱为:xxx@abc.com.cn则将abc.com.cn加入到该文件中。
5. 重新启动sendmail服务,运行:
# killall –HUP sendmail
6. 可以通过telnet 本机IP 25来验证sendmail服务是否已经正常启动,若登陆成功,则说明sendmail服务已经成功启动。
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'
220 localhost.localdomain ESMTP Sendmail 8.12.8/8.12.8; Wed, 12 May 2004 15:57:01 +0800
ehlo localhost
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI LOGIN PLAIN
250-DELIVERBY
250-HELP
quit
#
在AUTH后面有LOGIN就基本上可以在OutlookExpress上认证了。
二. Pop3服务配置:(pop3是在AS4上的新改动! ^!^)
1. # service dovecot start
启动 Dovecot Imap: [ 确定 ]
2. 修改/etc/dovecot.conf文件:
#protocols = imap imap3
更改为:
protocols = imap imap3 pop3 pop3s
auth_passdb =
更改为:
auth_passdb = shadow
3. # service dovecot restart(重新启动dovecot服务)
停止 Dovecot Imap: [ 确定 ]
启动 Dovecot Imap: [ 确定 ]
以前曾经参考过心余和peng两位大侠的关于在RedHat8.0下配置带认证功能的sendmail邮件服务器的帖子,但是照做后发现有问题。不妥的地方在于配置文件
/etc/mail/sendmail.mc中的两句:
DAEMON_OPTIONS(`Port=25, Name=MTA')dnl
DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')dnl
根据这样的配置,sendmail只有在587端口才对用户强制进行身份认证,而在smtp服务默认用的端口25(OutlookExpress上默认用的就是25)上则用户认不
认证都无所谓,我在OutlookExpress上选择“我的服务器要求身份认证”sendmail就进行认证,若不选该选项,sendmail服务器不加任何认证就会转发任
何邮件。这种策略显然是不合理的,安全的策略是只在默认的25端口强制进行身份认证,否则不予转发邮件,在其他端口根本不打开。因而这两句应合成一
句:
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
在这种配置下,邮件服务器仅在收发双方都是本地用户的时候才不强制进行身份认证,其他情况的时候都要进行认证。
三.Openwebmail部分
1、安装openwebmail 2.51软件:
# service httpd restart (启动httpd服务)
停止 httpd: [ 确定 ]
启动 httpd: [ 确定 ]
# rpm -ivh perl-
# rpm -ivh perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm
# rpm -ivh perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm
# rpm -ivh perl-suidperl-5.8.5-12.1.1.i386.rpm
# rpm -ivh perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm
# rpm -ivh openwebmail-2.51-1.i386.rpm
warning: openwebmail-2.51-1.i386.rpm: V3 DSA signature: NOKEY, key ID cfb164d8
Preparing... ######################################### [100%]
1:openwebmail ###################################### [100%]
You may login with non-root account from
http://mail.easy.com/cgi-bin/openwebmail/openwebmail.pl
# cd /var/www/cgi-bin/openwebmail/
# ./openwebmail-tool.pl --init
Please change './etc/dbm.conf' from
dbm_ext .db
dbmopen_ext none
dbmopen_haslock no
to
dbm_ext .db
dbmopen_ext .db
dbmopen_haslock no
And execute './openwebmail-tool.pl --init' again!
ps: If you are running openwebmail in persistent mode,
don't forget to 'touch openwebmail*.pl', so speedycgi
will reload all scripts, modules and conf files in --init.
2、修改 /var/www/cgi-bin/openwebmail/etc/openwebmail.conf 文件:
domainnames auto
更改为:
domainnames zoomsky.com (更改为自己定义的域名)
default_language en
更改为:
default_language zh_CN.GB2312 (更改为简体中文版介面)
default_iconset Cool3D.Englist
更改为:
default_iconset Cool3D.Chinese.Simplified (更改为中文3D按键)
3、修改/var/www/cgi-bin/openwebmail/etc/defaults/openwebmail.conf文件:
smtpserver 127.0.0.1
更改为:
smtpserver 192.168.0.77 (更改smtp服务器的地址)
authpop3_server localhost
更改为:
authpop3_server 192.168.0.77 (更改pop3服务器的地址)
4、修改/var/www/cgi-bin/openwebmail/etc/defaults/dbm.conf文件:
dbmopen_ext none
更改为:
dbmopen_ext .db
dbmopen_haslock no
更改为:
dbmopen_haslock yes
smtpserver 192.168.1.253 (添加smtp服务器的地址)
5、继续运行openwebmail-tool.pl文件:
# ./openwebmail-tool.pl --init
creating db /var/www/cgi-bin/openwebmail/etc/maps/b
creating db /var/www/cgi-bin/openwebmail/etc/maps/g2b ...done.
creating db /var/www/cgi-bin/openwebmail/etc/maps/lunar ...done.
Welcome to the Open WebMail!
This program is going to send a short message back to the developer,
so we could have the idea that who is installing and how many sites are
using this software, the content to be sent is:
OS: Linux 2.6.9-11.EL i686
Perl: 5.008005
WebMail: Open WebMail 2.51 20050228
Send the site report?(Y/n) y (输入y,然后按回车键)
sending report...
Thank you.
6、测试webmail方式收发电子邮件:
在ie中输入以下地址:
http://192.168.0.77/cgi-bin/openwebmail/openwebmail.pl
发表评论 
打印本文
推荐本文
加入收藏
返回顶部
关闭窗口
