1 基础知识
1.1 邮件的基本概念
– MUA即Mail User Agent,接受用户指令并将邮件传送至邮件传输代理
– MTA即Mail Transfer Agent,接收用户邮件并缓存队列中直至通过网络找到并投递给目标邮件传输代理
– MDA即Mail Deliver Agent,从本地邮件传输代理取得邮件并投递给本地最终用户
– MRA即Mail Receive Agent,接受邮件用户代理的邮件接收请求,通常支持IMAP或POP3协议
邮件角色实例详细如下,
– MUA的实例,如outlook express、foxmail属于邮件用户代理
– MTA的实例,如sendmail、postfix属于邮件传输代理
– MDA的实例,如procmail、dropmail属于邮件投递代理
– MRA的实例,如dovecot属于邮件接收代理
需要注意的是,查找目标邮件传输代理会利用域名的MX记录,例如查找will@cmdschool.org的传输代理,将通过该域名的MX记录查找,如下命令可以模拟该过程,
# nslookup > set type=mx > cmdschool.org Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: cmdschool.org mail exchanger = 5 mxbiz1.qq.com. cmdschool.org mail exchanger = 10 mxbiz2.qq.com. Authoritative answers can be found from: >
1.2 Sendmail的简介
– Sendmail是一种重要的邮件传输代理程序(MTA即Mail Transfer Agent)
– Sendmail支持多种邮件传输和传递方法
– Sendmail支持SMTP协议
2 最佳实践
2.1 安装前的配置
2.1.1 环境信息
OS = CentOS 8.x x86_64
DNS = 10.168.0.250(自建DNS)
Host Name = mail0[1,2].cmdschool.org
IP Address = 10.168.0.12[5,6]
2.1.2 安装常用软件包
In mail0[1,2],
yum install -y vim
2.2.3 配置主机名称
In mail01,
hostnamectl set-hostname mail01.cmdschool.org
In mail02,
hostnamectl set-hostname mail02.cmdschool.org
2.2.4 确保chronycd启动并正确配置
systemctl status chronyd.service grep ^pool /etc/chrony.conf
最后一条命令显示如下,
pool 2.rhel.pool.ntp.org iburst
注:如果内网有NTP服务器,可将以上NTP服务器的域名换成内网的NTP服务器(需要重启服务配置生效才生效)
2.1.5 配置DNS
DNS服务器创建A记录将主机名称(域名)解析到IP地址,
mail01.cmdschool.org -> 10.168.0.125
mail02.cmdschool.org -> 10.168.0.126
DNS服务器创建MX记录将邮件记录解析到具体的主机名称(域名),
mail01.cmdschool.org -> mail01.cmdschool.org
mail02.cmdschool.org -> mail02.cmdschool.org
基于以上需求,如果是Bind,则配置过程请参阅如下章节,
配置完成后请使用如下命令测试,
nslookup
命令向导如下,
> set type=mx > mail01.cmdschool.org Server: 10.168.0.60 Address: 10.168.0.60#53 mail01.cmdschool.org mail exchanger = 10 mail01.cmdschool.org. > mail02.cmdschool.org Server: 10.168.0.60 Address: 10.168.0.60#53 mail02.cmdschool.org mail exchanger = 10 mail02.cmdschool.org. >
2.2 安装配置Sendmail
2.2.1 安装软件包
In mail0[1,2],
yum install -y sendmail sendmail-cf m4
注:安装“sendmail”软件包会自动安装邮件投递代理“procmail”,即“sendmail”依赖“procmail”
2.2.2 启动与设置自启动并获取状态
In mail0[1,2],
systemctl start sendmail.service systemctl enable sendmail.service systemctl status sendmail.service systemctl start saslauthd.service systemctl enable saslauthd.service systemctl status saslauthd.service
服务启动后,建议你使用如下命令查看端口倾听状态,
netstat -antp | grep "sendmail"
可见如下显示,
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 30320/sendmail: acc
2.2.3 修改服务器配置
In mail0[1,2],
cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.default vim /etc/mail/sendmail.mc
修改如下配置使倾听端口允许对外服务,
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
修改如下配置启动SMTP身份验证,
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
如果需要使配置生效,还需执行如下操作,
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
另外,如下主机名臣需要请根据实际修改,
cp /etc/mail/local-host-names /etc/mail/local-host-names.default vim /etc/mail/local-host-names
加入如下配置,
In mail01,
mail01.cmdschool.org
In mail02,
mail02.cmdschool.org
2.2.4 重启服务使配置生效
In mail0[1,2],
systemctl restart sendmail.service
服务重启后倾听端口地址有所变化,
netstat -antp | grep "sendmail"
可见如下显示,
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3978/sendmail: acce
2.2.5 配置防火墙端口
In mail0[1,2],
firewall-cmd --permanent --add-service smtp firewall-cmd --reload firewall-cmd --list-all
2.3 测试Sendmail
2.3.1 安装软件包
In mail0[1,2],
yum install -y mailx
2.3.2 创建邮件用户
In mail0[1,2],
useradd will echo willpassword | passwd --stdin will
2.3.3 本地命令测试邮件发送
In mail01,
su - will
以上命令切换用户身份,然后使用如下命令发送测试邮件,
echo 'it is only a test' | mail -s "test eamil" will@mail02.cmdschool.org
或者,如下命令也等效,
echo 'it is only a test' > test.txt mail -s "test" will@mail02.cmdschool.org < test.txt
2.3.4 SMTP协议测试邮件发送
In Linux Client,
telnet mail01.cmdschool.org 25
命令行向导如下,
Trying 10.168.0.125... Connected to mail01.cmdschool.org. Escape character is '^]'. 220 mail01.cmdschool.org ESMTP Sendmail 8.15.2/8.15.2; Sun, 25 Jul 2021 22:33:59 -0400 helo mail01.cmdschool.org 250 mail01.cmdschool.org Hello mail01.cmdschool.org [10.168.0.125], pleased to meet you auth login 334 VXNlcm5hbWU6 d2lsbA== 334 UGFzc3dvcmQ6 d2lsbHBhc3N3b3Jk 235 2.0.0 OK Authenticated mail from:will@mail01.cmdschool.org 250 2.1.0 will@mail01.cmdschool.org... Sender ok rcpt to:will@mail02.cmdschool.org 250 2.1.5 will@mail02.cmdschool.org... Recipient ok data 354 Enter mail, end with "." on a line by itself Date:2021-07-26 22:33 From:will@mail01.cmdschool.org To:will@mail02.cmdschool.org Subject:test eamil it is only a test . 250 2.0.0 16Q2Xxs4007718 Message accepted for delivery quit 221 2.0.0 mail01.cmdschool.org closing connection Connection closed by foreign host.
注:以上使用的用户名和密码分别是“will”和“willpassword”的“Base64”编码,如果你使用其他用户名和密码,请自行转换。
2.3.5 通过邮件客户端测试
In Windows Client,
由于非本章重点,本章不再详述Windows客户端的配置,请自行参阅以下链接并下载客户端测试,
https://www.foxmail.com/
https://www.thunderbird.net/
2.3.6 使用命令行阅读邮件
In mail02,
su - will
以上命令切换用户身份,然后使用如下命令查看邮件,
mailx
操作向导如下,
Heirloom Mail version 12.5 7/5/10. Type ? for help. "/var/spool/mail/will": 1 message 1 unread >U 1 will@mail01.cmdschoo Thu Jul 22 03:13 26/1130 "test eamil" & type 1 Message 1: From will@mail01.cmdschool.org Thu Jul 22 03:13:33 2021 Return-Path: From: will@mail01.cmdschool.org Date: Thu, 22 Jul 2021 03:13:25 -0400 To: will@mail02.cmdschool.org Subject: test eamil User-Agent: Heirloom mailx 12.5 7/5/10 Content-Type: text/plain; charset=us-ascii Status: RO it is only a test & delete 1 & quit
2.4 其他相关的配置
参阅文档
=================
Sendmail官方主页
————
https://www.proofpoint.com/us/products/email-protection/open-source-email-solution
Sendmail使用文档
——————–
http://mirror.internode.on.net/pub/ldp/en/solrhe/chap22sec176.html
http://etutorials.org/Linux+systems/red+hat+linux+bible+fedora+enterprise+edition/Part+IV+Red+Hat+Linux+Network+and+Server+Setup/Chapter+19+Setting+Up+a+Mail+Server/Configuring+sendmail/
https://docs.oracle.com/cd/E56344_01/html/E53883/index.html
https://baike.baidu.com/item/sendmail/2250367?fr=aladdin
https://www.oreilly.com/library/view/sendmail-cookbook/0596004710/ch01.html
https://blog.csdn.net/z59d8m6e40/article/details/72871485
镜像地址
—————
https://www.proofpoint.com/us/sendmail/list-of-mirrors
下载地址
———————
https://ftp.sendmail.org/
http://ftp.ntua.gr/pub/net/mail/sendmail/
github
————–
https://en.wikipedia.org/wiki/Sendmail
没有评论