安装环境:
RedHat Linux 9.0 完全安装或者确保以下安装包已经安装完毕:
imap-2001a-18.i286.rpm
sendmail-8.12.8-4.i386.rpm
m4-1.4.1-13.i386.rpm
cyrus-sasl-2.1.10-4.i386.rpm
cyrus-sasl-md5-2.1.10-4.i386.rpm
cyrus-sasl-plain-2.1.10-4.i386.rpm
cyrus-sasl-gssapi-2.1.10-4.i386.rpm
实现目的:
实现带认证功能的邮件服务器的配置安装
一、Sendmail服务配置 数据挖掘研究院
1. 安装RedHat Linux 9.0后,修改/etc/mail/sendmail.mc,修改后文件如下:
| divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4")dnl VERSIONID(`setup for Red Hat Linux")dnl OSTYPE(`linux")dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST",`smtp.your.provider") dnl # define(`confDEF_USER_ID",``8:12"")dnl define(`confTRUSTED_USER", `smmsp")dnl dnl define(`confAUTO_REBUILD")dnl define(`confTO_CONNECT", `1m")dnl define(`confTRY_NULL_MX_LIST",true)dnl 数据挖掘研究院 define(`confDONT_PROBE_INTERFACES",true)dnl define(`PROCMAIL_MAILER_PATH",`/usr/bin/procmail")dnl define(`ALIAS_FILE", `/etc/aliases")dnl dnl define(`STATUS_FILE", `/etc/mail/statistics")dnl define(`UUCP_MAILER_MAX", `2000000")dnl define(`confUSERDB_SPEC", `/etc/mail/userdb.db")dnl define(`confPRIVACY_FLAGS", `authwarnings,novrfy,noexpn,restrictqrun")dnl define(`confAUTH_OPTIONS", `A")dnl dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS", `A p")dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # [color=red:8e47f78b9a]define(QUEUE_DIR, `/var/spool/mqueue/q*")[/color:8e47f78b9a] [color=red:8e47f78b9a]TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN")dnl[/color:8e47f78b9a] [color=red:8e47f78b9a]define(`confAUTH_MECHANISMS", `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN")dnl[/color:8e47f78b9a] dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # make -C /usr/share/ssl/certs usage dnl # dnl define(`confCACERT_PATH",`/usr/share/ssl/certs") dnl define(`confCACERT",`/usr/share/ssl/certs/ca-bundle.crt") dnl define(`confSERVER_CERT",`/usr/share/ssl/certs/sendmail.pem") dnl define(`confSERVER_KEY",`/usr/share/ssl/certs/sendmail.pem") dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP"s dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL",`groupreadablekeyfile")dnl dnl # dnl define(`confTO_QUEUEWARN", `4h")dnl dnl define(`confTO_QUEUERETURN", `5d")dnl dnl define(`confQUEUE_LA", `12")dnl dnl define(`confREFUSE_LA", `18")dnl define(`confTO_IDENT", `0")dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa",`dnl")dnl FEATURE(`smrsh",`/usr/sbin/smrsh")dnl FEATURE(`mailertable",`hash -o /etc/mail/mailertable.db")dnl FEATURE(`virtusertable",`hash -o /etc/mail/virtusertable.db")dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail,`",`procmail -t -Y -a $h -d $u")dnl FEATURE(`access_db",`hash -T<TMPF> -o /etc/mail/access.db")dnl FEATURE(`blacklist_recipients")dnl EXPOSED_USER(`root")dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # [color=red:8e47f78b9a]dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA")dnl[/color:8e47f78b9a] dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can"t reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # [color=red:8e47f78b9a]DAEMON_OPTIONS(`Port=25, Name=MSA")dnl[/color:8e47f78b9a] dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can"t dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn"t support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s")dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires dnl # a kernel patch dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6")dnl dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains")dnl dnl # dnl FEATURE(`relay_based_on_MX")dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain")dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com")dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl |
文件中,红色字体的行为需要修改的地方,共有五行需要修改。
第一行是手动添加的,与认证无关,作用是启动多个邮件队列,为了获得更好的传输性能。
第二行和第三行是去掉行首的注释。”TRUST_AUTH_MECH”的作用是使sendmail不管access文件中如何设置,都能 relay 那些通过EXTERNAL, LOGIN, PLAIN, CRAM-MD5或DIGEST-MD5等方式验证的邮件,”confAUTH_MECHANISMS" 的作用是确定系统的认证方式。Outlook Express支持的认证方式是LOGIN。
第四行是加上注释,以便让sendmail可以侦听所有网络设备,为整个网络提供服务,而不仅仅只对本机提供服务。
第五行是修改的,原来内容是:
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea")dnl 数据挖掘研究院
去掉行首的注释符,并且将内容修改成Port=25:
DAEMON_OPTIONS(`Port=25, Name=MSA")dnl 数据挖掘研究院
在smtp的默认端口(25)上进行认证,而不是587端口。这样就强制所有使用该邮件服务器进行邮件转发的用户在认证后才能发邮件了。
2. 运行:
# m4 /etc/mail/sendmail.mc > /etc/sendmail.cf 数据挖掘研究院
用m4重新生成sendmail.cf文件 数据挖掘实验室
3. 既然我们打开了多个队列,现在我们在/var/spool/mqueue/下创建任意多个队列目录,运行:
# cd /var/spool/mqueue
# mkdir q1 q2 q3 q4 q5 q6 数据挖掘研究院
4. 修改/etc/mail/local-host-names,将希望该邮件服务器使用的邮箱名加进去,比如邮箱为:xxx@abc.com.cn则将abc.com.cn加入到该文件中。 数据挖掘研究院
5. 重新启动sendmail服务,运行: 数据挖掘研究院
# killall –HUP sendmail
6. 可以通过telnet 本机IP 25来验证sendmail服务是否已经正常启动,若登陆成功,则说明sendmail服务已经成功启动。
| # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is "^]" 220 localhost.localdomain ESMTP Sendmail 8.12.8/8.12.8; Wed, 12 May 2004 15:57:01 +0800 ehlo localhost 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-AUTH GSSAPI LOGIN PLAIN 250-DELIVERBY 250-HELP quit # |
在AUTH后面有LOGIN就基本上可以在OutlookExpress上认证了。
二、Pop3服务配置:
1. 运行: 数据挖掘研究院
# ntsysv
在系统服务列表中选中ipop3,选’OK’保存推出
2. 重启xinetd服务,运行: 数据挖掘实验室
# service xinetd restart 数据挖掘研究院
3. 运行netstat命令看smtp和pop3服务是否都已经启动 数据挖掘实验室
# netstat –l
