Configuring Sendmail under RADHAT8.0

zhaozj2021-02-16  80

Environment: RedHat8.0 Sendmail (bring)

Domain Name: zzw.COMSMTP server: mail.zzw.compop3 server: mail.zzw.com (DNS has been set)

========================================

One: Configure Sendmail

1. Enter the directory / usr / share / sendmail-cf / cf. If you don't have this directory, you haven't installed a Sendmail-CF-8.11.2-14 RPM package, install it from your installation CD (3).

2. Modify /etc/mail/sendmail.mc file ########################################################################################################################################################################################################################################################### ############# Divert (-1) DNL this is the sendmail macro config file. If you make changes to this file, DNL you need the sendmail-cf rpm installed and then how to generate adnl New /etc/sendmail.cf by running the following command: DNLDNL M4 / Etc/mail/sendmail.mc> /etc/sendmail.cfdnlinclude(`../m4/cf.m4' )Versionid(`linux setup for red Hat Linux ') dnlOSTYPE ( `linux') define (` confDEF_USER_ID ', `` 8: 12' ') dnlundefine ( `UUCP_RELAY') dnlundefine (` BITNET_RELAY ') dnldefine ( `confAUTO_REBUILD') dnldefine (` confTO_CONNECT ', `1m' ) dnldefine ( `confTRY_NULL_MX_LIST ', true) dnldefine (` confDONT_PROBE_INTERFACES', true) dnldefine ( `PROCMAIL_MAILER_PATH ',` / usr / bin / procmail') dnldefine ( `ALIAS_FILE ',` / etc / aliases') dnldefine ( `STATUS_FILE' , `/var/log/sendmail.st'St' DNLDEFINE (`uucp_mailer_max", `2000000 ') DNLDEFINE (` confuserdb_spec', `/etc/mail/userdb.db' )dnldefine(`confprivacy_flags',` Authwarnings, Novrfy, NoExpn, restrictqrun ') DNLDEFINE (`confauth_options" , `A ') dnldefine (QUEUE_DIR,` / var / spool / mqueue / q *') TRUST_AUTH_MECH ( `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN ') dnldefine (` confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN ' ) dnlDAEMON_OPTIONS ( `Port = 25, Name = MTA ') dnlDAEMON_OPTIONS (` Port = 587, Name = MSA, M = Ea') dnldnl define ( `confTO_QUEUEWARN ',` 4h') dnldnl define ( `confTO_QUEUERETURN ',` 5d' ) DNLDNL Define (`confqueue_la ',` 12') DNLDNL Define (`Confrefuse_LA ',`

18 ') dnldnl FEATURE (delay_checks) dnlFEATURE ( `no_default_msa',` dnl ') dnlFEATURE ( `smrsh',` / usr / sbin / smrsh ') dnlFEATURE ( `mailertable',` hash -o / etc / mail / mailertable ' ) dnlFEATURE ( `virtusertable ',` hash -o / etc / mail / virtusertable') dnlFEATURE (redirect) dnlFEATURE (always_add_domain) dnlFEATURE (use_cw_file) dnlFEATURE (use_ct_file) dnlFEATURE (local_procmail) dnlFEATURE ( `access_db ') dnlFEATURE (` blacklist_recipients' ) dnlEXPOSED_USER ( `root ') dnldnl This changes sendmail to only listen on the loopback device 127.0.0.1dnl and not on any other network devices. Comment this out if you wantdnl to accept email over the network.dnl DAEMON_OPTIONS (` Port = smtp , Addr = 127.0.0.1, Name = MTA ') dnl We strongly recommend to comment this one out if you want to protectdnl yourself from spam. However, the laptop and users on computers that dodnl not have 24x7 DNS do need this.dnl FEATURE (`accept_unresolvable_domains ') DNLDNL Feature (` relay_based_on_mx') DNLMAILER (SMTP) DNLMAILER (procmail) DNL #################################################################################################################################################################################################################################### ############### #######

Among them, I added the following line: 1. Define (queue_dir, `/ var / spool / mqueue / q * ') 2. Trust_auth_mech (` Digest-MD5 CRAM-MD5 Login Plain ") DNL3. Define (` confauth_mechanism ", `Digest-MD5 CRAM-MD5 Login Plain ') DNL4. Daemon_Options (` port = 25, name = mta') DNL5. Daemon_Options (`port = 587, name = msa, m = EA ') DNL Note: Chapter 1 Multiple mail queues are launched, and you want to get better queue processing and performance improvements. The second, third rows remove the previous comments, open the corresponding certification mechanisms. The 4th, 5th lines set the port number of the corresponding MTA and MSA. And annotated 1. DNL daem_Options (`port = SMTP, ADDR = 127.0.0.1, name = mta ') 2. DNL Feature (` accept_unresolvable_domains') DNL Line 1 allows Sendmail through the network. Line 2 prohibits unconflected domain name Relay mail Finally run # m4 /etc/mail/sendmail.mc> /etc/sendmail.cf write to the /etc/sendmail.cf file

Since we opened multiple queues, now we are in / var / spool / mqueue / creating any number of queue directorys such as #CD / var / spool / mqueue # mkdir Q1 Q2 Q3 Q4 Q6 like this SENDMAIL will use these six Directory is a queue directory to add performance.

Two: Set the SASL Authentication Scheme 1. Run the following command to ensure that SASL is compiled into sendmail. # / Usr / sbin / sendmail -d0.1 -bv root | grep SASL output should like the following: Netunix NewDB Queue Sasl Scanf SMTP Userdb XDebug Make sure you can see the SASL2 in the text above. Test Port 25, make sure the Auth is displayed. #telnet localhost 25trying 127.0.0.1 ... Connected to SMTP.DOMAIN.com.escape Character is '^]'. 220 mail.zzw.com Esmtp Sendmail 8.11.2 / 8.11.2; Sun, 1 July 2001 17:56 : 54 -0800EHLO localhost250-smtp.domain.com Hello IDENT: root@mail.zzw.com [192.168.0.1], pleased to meet you250-ENHANCEDSTATUSCODES250-EXPN250-VERB250-8BITMIME250-SIZE250-DSN250-ONEX250-ETRN250-XUSR250- Auth login plain Digest-MD5 CRAM-MD5250 Helpquit221 2.0.0 mail.zzw.com Closing ConnectionConnection Closed by Foreign Host. You need to see that there is login place in the Auth line, otherwise you cannot relay mail. 3. Increase SASL users and change password # / usr / sbin / saslpasswd Waynepassword: ******* a (for verification): ****** # / usr / sbin / sasldblistusersuser: Wayne Realm: Mail. zzw.com men: Wayne Realm: mail.zzw.com mech: plainuser: Wayne Realm: mail.zzw.com mech: CRAM-MD5 user password DB file in / etc / sasldb, with the following command to ensure Correct permission setting. Special Note: When setting the username and password in the Windows Outlook Express, it is not simply using the username Wayne, but use the username "user @ realm", here is Wayne@mail.zzw.com as a user name. #CHMOD 400 / etc / SASLDB can use / usr / sbin / saslpasswd to add more users, and check the user with / usr / sbin / sasldblistusers has joined. 4. Change the default RedHat 8 password authentication method By default, the Sendmail in Redhat 8 checks the password with the PAM method, which means that the user must be a system user. In order to enhance security, we use users in / etc / sasldb, change the next PAM in the file is SASLDB. #vi /usr/lib/sasl/sendmail.conf Change PWCHECK_METHOD line icon below PWCHECK_METHOD: SASLDB5. Finally, run /tc/rc.d/init.d/sendmail restart to restart Sendmail. 6. Start the 110 port of POP3

/etc/xinetd.d/iPOP2 default: disable = yes change to: disable = no /etc/xinetd.d/ipop3 default: disable = yes change to: disable = no /etc/xinetd.d/ipop3 Default: disable = YES is changed to: disable = no /etc/xinetd.d/pops Default: disable = yes change to: disable = no last: # / etc / rc.d / init.d / xinetd restart restart xinetd # chkconfig xinetd put xinetd start up

Three: Set up Outlook Express for Windows. 1. Outlook Express only uses a Plain Login authentication mechanism to ensure that the AUTH line in Telnet localhost 25 is output Plain Login. 2. In 'Tool' - 'Account' - 'Properties' -' Server '-' Sending the Mail Server 'Same "My Server Requires Certification' and fill in the 'login user account' on" Your user name @ @ 你The server's full name domain name behind the Realm colon ", such as: This article is Wayne@mail.zzw.com Password for your password entered in front. Note: The username is not simply Wayne, must keep up with Realm: back domain name. 3. Test now, send a letter to yourself, check tail -f / var / log / maillog, have any errors, then check the mail head after receiving your own letter, you can find that there is a server after receiving it (Authenticated ) The mail is represented later, it is an email that is passed through the permitted authentication mechanism. Seven: FAQ. 1. If you don't have a command SASLPasswd, sasldblistusers under the / usr / sbin / directory below. A: You need to install the Cyrus-SASL-1.5.24-17 RPM package. 2. If you don't want to use SASL certification, use the default Redhat's PAM method. A: Ignore the part of the SASL settings above, the default Redhat 7.1 /usr/lib/sasl/sendmail.conf file is PWCHECK_METHOD: PAM, you simply add a system user with useerAdd and change the password. Then use the username in Outlook Express, just as "Wayne", no need to be a full domain name. Additional section: Frequently useful use skills for the previous article VI and how to set up a basic OpenLDAP Server supplement: 1. Use% s / string1 / string2 / gc Tips You have changed to String22 when you encounter each string1. Use the VI to open an existing file After you want to quit the file and edit another file with e filename and e # switches between two files. -------------- 4) How to record LDAP query logs and make it easy to debug? You can join Local4 in /etc/syslog.conf. * /Var/log/openldap.log then each One LDAP request will be recorded in this file, you can also debug issues based on the information in this file.

转载请注明原文地址:https://www.9cbs.com/read-14801.html

New Post(0)