Sendmail
1 Sendmail的简介
– Sendmail是一种重要的邮件传输代理程序(MTA即Mail Transfer Agent)
– Sendmail支持多种邮件传输和传递方法
– Sendmail支持SMTP协议
2 最佳实践
2.1 安装前的配置
2.1.1 环境信息
OS = CentOS 5.x x86_64
DNS = any
Host Name = any
IP Address = any
2.1.2 卸载系统旧版本
yum remove -y sendmail
2.1.3 准备编译环境
yum install -y gcc make m4
2.1.4 安装常用软件包
yum install -y vim
2.1.5 下载软件包
cd ~ wget https://ftp.sendmail.org/sendmail.8.15.2.tar.gz
另外,如果需要其他版本,请从以下链接下载,
https://ftp.sendmail.org/
2.2 编译安装软件包
2.2.1 检查运行用户
id smmsp
如果以上命令找不到用户,请使用如下命令创建,
groupadd -g 51 smmsp useradd -c "Sendmail Daemon" -g smmsp -d /var/spool/mqueue -s /sbin/nologin -u 51 smmsp
另外,需要使用如下命令确保用户家目录存在,
ls -ld /var/spool/mqueue/
如果找不到需要使用如下命令创建,
install -v -o root -g mail -m 700 -d /var/spool/mqueue
2.2.2 解压软件包
cd ~ tar -xf sendmail.8.15.2.tar.gz
2.2.3 修改手册位置
cd ~/sendmail-8.15.2/ sed -i 's|/usr/man/man|/usr/share/man/man|' devtools/OS/Linux
2.2.4 准备编译配置文件
cd ~/sendmail-8.15.2/ cp devtools/Site/site.config.m4.sample devtools/Site/site.config.m4 vim devtools/Site/site.config.m4
编译选项修改如下,
APPENDDEF(`confENVDEF', `-UNIS') APPENDDEF(`confENVDEF',`-DDNSMAP -DHES_GETMAILHOST -DIPV6_FULL -DLDAPMAP -DLOG -DMAP_REGEX -DMATCHGECOS -DMILTER -DMIME7TO8 -DMIME8TO7 -DNAMED_BIND -DNETINET -DNETINET6 -DNETUNIX -DNEWDB -DPIPELINING -DSASL -DSCANF -DSOCKETMAP -DSTARTTLS') APPENDDEF(`confLIBS', `-lssl -lcrypto -lsasl2 -lldap -llber -ldb') APPENDDEF(`confLIBDIRS', `-L/usr/lib64/openssl,-R/usr/lib64/openssl') APPENDDEF(`confINCDIRS', `-I/usr/include/openssl') APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')
需要注意的是,
– 参数“confENVDEF”定义禁用或启用的模块
– 参数“confLIBS”定义编译所需的编译库模块
– 参数“confLIBDIRS”定义编译所需的动态编译库目录
– 参数“confINCDIRS”定义编译所需的静态编译库目录
2.2.5 编译软件包
cd ~/sendmail-8.15.2/sendmail/ sh Build
如果遇到如下错误,
make[1]: *** [depend] Error 1
make[1]: Leaving directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm'
Making in /root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm
make[1]: Entering directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm'
cc -O2 -I. -I../../include -I/usr/include/openssl -I/usr/include/sasl -DMAP_REGEX -UNIS -DSTARTTLS -DSTARTTLS -DSASL -DLDAPMAP -c -o assert.o assert.c
In file included from ../../include/sm/gen.h:20,
from assert.c:11:
../../include/sm/config.h:150:20: error: lber.h: No such file or directory
../../include/sm/config.h:151:20: error: ldap.h: No such file or directory
make[1]: *** [assert.o] Error 1
make[1]: Leaving directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm'
make: *** [/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm/libsm.a] Error 2
可通过如下命令解决依赖关系,
yum install -y openldap-devel
如果遇到如下错误,
Configuration: pfx=, os=Linux, rel=2.6.18-53.el5, rbase=2, rroot=2.6.18-53, arch=x86_64, sfx=, variant=optimized Making in /root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/sendmail (cd ../../libsmutil; sh Build ) Configuration: pfx=, os=Linux, rel=2.6.18-53.el5, rbase=2, rroot=2.6.18-53, arch=x86_64, sfx=, variant=optimized Making in /root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsmutil make[1]: Entering directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsmutil' cc -O2 -I. -I../../sendmail -I../../include -I/opt/nph/include -I/usr/local/ssl/include -DPH_MAP -UNIS -DSTARTTLS -DNOT_SENDMAIL -c -o debug.o debug.c In file included from debug.c:11: ../../sendmail/sendmail.h:125:26: error: openssl/ssl.h: No such file or directory In file included from debug.c:11: ../../sendmail/sendmail.h:737: error: expected specifier-qualifier-list before ‘SSL’ ../../sendmail/sendmail.h:1434:23: error: phclient.h: No such file or directory ../../sendmail/sendmail.h:1440: error: expected specifier-qualifier-list before ‘PH’ ../../sendmail/sendmail.h:2000: error: expected ‘)’ before ‘*’ token ../../sendmail/sendmail.h:2004: error: expected ‘)’ before ‘*’ token ../../sendmail/sendmail.h:2005: error: expected ‘)’ before ‘*’ token ../../sendmail/sendmail.h:2015: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token ../../sendmail/sendmail.h:2815: error: expected ‘)’ before ‘*’ token make[1]: *** [debug.o] Error 1 make[1]: Leaving directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsmutil' make: *** [/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsmutil/libsmutil.a] Error 2
可通过如下命令解决依赖关系,
yum install -y openssl-devel
如果遇到如下错误,
In file included from conf.c:21: ../../include/sm/bdb.h:17:17: error: db.h: No such file or directory make: *** [conf.o] Error 1
可通过如下命令解决依赖关系,
yum install -y db4-devel
2.2.6 编译sendmail.cf文件
cd ~/sendmail-8.15.2/cf/cf/ cp generic-linux.mc sendmail.mc sh Build sendmail.cf
2.3 部署软件包
2.3.1 部署sendmail.cf
cd ~/sendmail-8.15.2/cf/cf/ install -v -d -m755 /etc/mail sh Build install-cf
2.3.2 部署应用程序
cd ~/sendmail-8.15.2/ sh Build install
部署完毕后,我们建议执行以下命令确认编译的模块,
sendmail -bp -d0.13
可见如下显示,
Version 8.15.2
Compiled with: DNSMAP HES_GETMAILHOST IPV6_FULL LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS USERDB
USE_LDAP_INIT XDEBUG
OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD
HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC SFS_VFS
USE_DOUBLE_FORK USE_SIGLONGJMP
Kernel symbols: /boot/vmlinux
Conf file: /etc/mail/submit.cf (default for MSP)
Conf file: /etc/mail/sendmail.cf (default for MTA)
Pid file: /var/run/sendmail.pid (default)
libsm Defines: SM_CONF_LDAP_INITIALIZE SM_CONF_LDAP_MEMFREE
SM_CONF_LONGLONG SM_CONF_MEMCHR SM_CONF_MSG SM_CONF_SEM
SM_CONF_SIGSETJMP SM_CONF_SHM SM_CONF_SSIZE_T SM_CONF_STDDEF_H
SM_CONF_SYS_CDEFS_H SM_CONF_UID_GID DO_NOT_USE_STRCPY
SM_HEAP_CHECK SM_OS=sm_os_linux SM_VA_STD
FFR Defines:
#...
注:“#…”表示省略
2.3.3 部署sendmail.mc
cd ~/sendmail-8.15.2/
install -v -m644 cf/cf/{submit,sendmail}.mc /etc/mail
2.3.4 部署其他配置文件
cd ~/sendmail-8.15.2/ cp -v -R cf/ /usr/share/sendmail-cf/
2.3.5 部署手册文档
cd ~/sendmail-8.15.2/
install -v -m755 -d /usr/share/doc/sendmail-8.15.2/{cf,sendmail}
install -v -m644 CACerts FAQ KNOWNBUGS LICENSE PGPKEYS README RELEASE_NOTES /usr/share/doc/sendmail-8.15.2
install -v -m644 sendmail/{README,SECURITY,TRACEFLAGS,TUNING} /usr/share/doc/sendmail-8.15.2/sendmail
install -v -m644 cf/README /usr/share/doc/sendmail-8.15.2/cf
for manpage in sendmail editmap mailstats makemap praliases smrsh
do
install -v -m644 $manpage/$manpage.8 /usr/share/man/man8
done
install -v -m644 sendmail/aliases.5 /usr/share/man/man5
install -v -m644 sendmail/mailq.1 /usr/share/man/man1
install -v -m644 sendmail/newaliases.1 /usr/share/man/man1
install -v -m644 vacation/vacation.1 /usr/share/man/man1
cd ~/sendmail-8.15.2/doc/op
sed -i 's/groff/GROFF_NO_SGR=1 groff/' Makefile
make op.txt op.pdf
install -v -d -m755 /usr/share/doc/sendmail-8.15.2
install -v -m644 op.ps op.txt op.pdf /usr/share/doc/sendmail-8.15.2
2.3.6 部署日志目录
install -v -d -m755 /var/log/mail/ install -v -m600 /dev/null /var/log/mail/statistics
2.4 部署配置文件
2.4.1 部署配置文件local-host-names
cat > /etc/mail/local-host-names << "EOF" # local-host-names - include all aliases for your machine here. EOF
2.4.2 部署配置文件trusted-users
cat > /etc/mail/trusted-users << "EOF" # trusted-users - users that can send mail as others without a warning # apache, mailman, majordomo, uucp, are good candidates EOF
2.4.3 部署配置文件mailertable
cat > /etc/mail/mailertable << "EOF"
# The "mailer table" can be used to override routing for particular domains
# (which are not in class {w}, i.e. local host names).
#
# hash /etc/mail/mailertable
#
# Keys in this database are fully qualified domain names or partial domains
# preceded by a dot -- for example, "vangogh.CS.Berkeley.EDU" or
# ".CS.Berkeley.EDU". As a special case of the latter, "." matches any domain
# not covered by other keys. Values must be of the form:
#
# mailer:domain
#
# where "mailer" is the internal mailer name, and "domain" is where to send
# the message. These maps are not reflected into the message header. As a
# special case, the forms:
#
# local:user
#
# will forward to the indicated user using the local mailer,
#
# local:
#
# will forward to the original user in the e-mail address using the local
# mailer, and
#
# error:code message
# error:D.S.N:code message
#
# will give an error message with the indicated SMTP reply code and message,
# where D.S.N is an RFC 1893 compliant error code.
EOF
配置编辑完毕后,你需要执行以下命令更新配置,
makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable
2.4.4 部署配置文件access
cat > /etc/mail/access << "EOF" # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the # cyrus-sasl-plain package installed. # # By default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY EOF
配置编辑完毕后,你需要执行以下命令更新配置,
makemap hash /etc/mail/access.db < /etc/mail/access
2.4.5 部署配置文件virtusertable
cat > /etc/mail/virtusertable << "EOF"
# A domain-specific form of aliasing, allowing multiple virtual domains to be
# hosted on one machine.
#
# info@foo.com foo-info
# info@bar.com bar-info
# joe@bar.com error:nouser 550 No such user here
# jax@bar.com error:5.7.0:550 Address invalid
# @baz.org jane@example.net
#
# then mail addressed to info@foo.com will be sent to the address foo-info,
# mail addressed to info@bar.com will be delivered to bar-info, and mail
# addressed to anyone at baz.org will be sent to jane@example.net, mail to
# joe@bar.com will be rejected with the specified error message, and mail to
# jax@bar.com will also have a RFC 1893 compliant error code 5.7.0.
#
# The username from the original address is passed as %1 allowing:
#
# @foo.org %1@example.com
#
# Additionally, if the local part consists of "user+detail" then "detail" is
# passed as %2 and "+detail" is passed as %3 when a match against user+* is
# attempted, so entries like
#
# old+*@foo.org new+%2@example.com
# gen+*@foo.org %2@example.com
# +*@foo.org %1%3@example.com
# X++@foo.org Z%3@example.com
# @bar.org %1%3
#
# Note: to preserve "+detail" for a default case (@domain) %1%3 must be used
# as RHS. There are two wildcards after "+": "+" matches only a non-empty
# detail, "*" matches also empty details, e.g., user+@foo.org matches#
# +*@foo.org but not ++@foo.org. This can be used to ensure that the
# parameters %2 and %3 are not empty.
#
# All the host names on the left hand side (foo.com, bar.com, and baz.org)
# must be in class {w} or class {VirtHost}. The latter can be defined by the
# macros VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE (analogously to
# MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). If VIRTUSER_DOMAIN or
# VIRTUSER_DOMAIN_FILE is used, then the entries of class {VirtHost} are
# added to class {R}, i.e., relaying is allowed to (and from) those domains.
EOF
配置编辑完毕后,你需要执行以下命令更新配置,
makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable
2.4.6 部署配置文件sendmail.mc
cat > /etc/mail/sendmail.mc << "EOF" divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # /etc/mail/make dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for linux')dnl OSTYPE(`linux')dnl dnl # dnl # Do not advertize sendmail version. dnl # dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl dnl # dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST', `smtp.your.provider')dnl dnl # define(`confDEF_USER_ID', ``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST', `True')dnl define(`confDONT_PROBE_INTERFACES', `True')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # which realm to use in SASL database (sasldb2) dnl # define(`confAUTH_REALM', `mail')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # Please remember that saslauthd needs to be running for AUTH. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Basic sendmail TLS configuration with self-signed certificate for dnl # inbound SMTP (and also opportunistic TLS for outbound SMTP). dnl # define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl define(`confSERVER_KEY', `/etc/pki/tls/private/sendmail.key')dnl define(`confTLS_SRV_OPTIONS', `V')dnl dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl # If you're operating in a DSCP/RFC-4594 environment with QoS dnl define(`confINET_QOS', `AF11')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa', `dnl')dnl FEATURE(`smrsh', `/usr/sbin/smrsh')dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The following limits the number of processes sendmail can fork to accept dnl # incoming messages or process its message queues to 20.) sendmail refuses dnl # to accept connections once it has reached its quota of child processes. dnl # dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl dnl # dnl # Limits the number of new connections per second. This caps the overhead dnl # incurred due to forking new sendmail processes. May be useful against dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address dnl # limit would be useful but is not available as an option at this writing.) dnl # dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment dnl # the following 2 definitions and activate below in the MAILER section the dnl # cyrusv2 mailer. dnl # dnl define(`confLOCAL_MAILER', `cyrusv2')dnl dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # enable both ipv6 and ipv4 in sendmail: dnl # dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl dnl MAILER(cyrusv2)dnl EOF
如果需要使配置生效,还需执行如下操作,
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
2.4.7 部署配置文件submit.mc
cat > /etc/mail/submit.mc << "EOF" divert(-1) # # Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # # # This is the prototype file for a set-group-ID sm-msp sendmail that # acts as a initial mail submission program. # divert(0)dnl include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`linux setup')dnl define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet define(`confTIME_ZONE', `USE_TZ')dnl define(`confDONT_INIT_GROUPS', `True')dnl define(`confPID_FILE', `/var/run/sm-client.pid')dnl dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl FEATURE(`use_ct_file')dnl dnl dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] FEATURE(`msp', `[127.0.0.1]')dnl EOF
如果需要使配置生效,还需执行如下操作,
m4 /etc/mail/submit.mc > /etc/mail/submit.cf
2.4.8 部署公钥和私钥证书
mkdir -p /etc/pki/tls/private/ mkdir /etc/pki/tls/private/ touch /etc/pki/tls/certs/sendmail.pem touch /etc/pki/tls/private/sendmail.key chmod 600 /etc/pki/tls/private/sendmail.key chmod 600 /etc/pki/tls/certs/sendmail.pem
需要注意的是,
– 以上用“touch”创建的空证书文件会报错,但不影响服务启动(默认没有使用SSL)
– 证书请自行创建自签名证书或者到腾讯云申请,详细请查阅下文,此处不再详述,
https://cloud.tencent.com/product/ssl
另外,如需禁用SSL,请使用如下命令编辑配置文件,
vim /etc/mail/sendmail.mc
然后注解如下代码并重新生成配置且重启服务即可,
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl dnl define(`confSERVER_KEY', `/etc/pki/tls/private/sendmail.key')dnl dnl define(`confTLS_SRV_OPTIONS', `V')dnl
2.5 配置服务运行
2.5.1 手动启动服务
/usr/sbin/sendmail -bd -q1h /usr/sbin/sendmail -L sm-msp-queue -Ac -q1h
– 参数“bd”声明以守护进程模式运行(以25端口倾听并获取SMTP链接)
– 参数“q”声明处理队列保存信息的时间间隔(单位秒分时日周即“s”、“m”、“h”、“d”、“w”,例如“-q1h30m”)
– 参数“L”声明系统日志消息的标签
– 参数“Ac”声明使用submit.cf配置
命令执行后,请使用如下命令查看启动的进程,
ps -ef | grep sendmail | grep -v grep
可见如下显示,
smmsp 12872 1 0 11:12 ? 00:00:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue root 12884 1 0 11:12 ? 00:00:00 sendmail: accepting connections
请使用如下命令查看端口倾听,
netstat -antp | grep sendmail
可见如下显示,
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 12884/sendmail: acc
然后,如果需要退出服务,请使用如下命令,
kill -s 9 `pgrep -u root sendmail` kill -s 9 `pgrep -u smmsp sendmail`
另外,如果遇到启动故障,请使用如下命令查看日志,
tail -f /var/log/maillog
2.5.2 部署服务控制脚本
cat > /etc/init.d/sendmail << "EOF"
#!/bin/bash
#
# sendmail This shell script takes care of starting and stopping
# sendmail.
#
# chkconfig: 2345 80 30
# description: Sendmail is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: sendmail
# config: /etc/mail/sendmail.cf
# pidfile: /var/run/sendmail.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network
# Source sendmail configureation.
if [ -f /etc/sysconfig/sendmail ] ; then
. /etc/sysconfig/sendmail
else
DAEMON=yes
QUEUE=1h
fi
[ -z "$SMQUEUE" ] && SMQUEUE="$QUEUE"
[ -z "$SMQUEUE" ] && SMQUEUE=1h
# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 0
[ -f /usr/sbin/sendmail ] || exit 0
RETVAL=0
prog="sendmail"
start() {
# Start daemons.
echo -n $"Starting $prog: "
if test -x /usr/bin/make -a -f /etc/mail/Makefile ; then
make all -C /etc/mail -s > /dev/null
else
for i in virtusertable access domaintable mailertable ; do
if [ -f /etc/mail/$i ] ; then
makemap hash /etc/mail/$i < /etc/mail/$i
fi
done
fi
/usr/bin/newaliases > /dev/null 2>&1
daemon /usr/sbin/sendmail $([ "x$DAEMON" = xyes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE) $SENDMAIL_OPTARG
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail
if ! test -f /var/run/sm-client.pid ; then
echo -n $"Starting sm-client: "
touch /var/run/sm-client.pid
chown smmsp:smmsp /var/run/sm-client.pid
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
/sbin/restorecon /var/run/sm-client.pid
fi
daemon --check sm-client /usr/sbin/sendmail -L sm-msp-queue -Ac \
-q$SMQUEUE $SENDMAIL_OPTARG
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sm-client
fi
return $RETVAL
}
reload() {
# Stop daemons.
echo -n $"reloading $prog: "
/usr/bin/newaliases > /dev/null 2>&1
if [ -x /usr/bin/make -a -f /etc/mail/Makefile ]; then
make all -C /etc/mail -s > /dev/null
else
for i in virtusertable access domaintable mailertable ; do
if [ -f /etc/mail/$i ] ; then
makemap hash /etc/mail/$i < /etc/mail/$i
fi
done
fi
daemon /usr/sbin/sendmail $([ "x$DAEMON" = xyes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE)
RETVAL=$?
killproc sendmail -HUP
RETVAL=$?
echo
if [ $RETVAL -eq 0 -a -f /var/run/sm-client.pid ]; then
echo -n $"reloading sm-client: "
killproc sm-client -HUP
RETVAL=$?
echo
fi
return $RETVAL
}
stop() {
# Stop daemons.
if test -f /var/run/sm-client.pid ; then
echo -n $"Shutting down sm-client: "
killproc sm-client
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/run/sm-client.pid
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sm-client
fi
echo -n $"Shutting down $prog: "
killproc sendmail
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sendmail
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
RETVAL=$?
;;
restart)
stop
start
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/sendmail ]; then
stop
start
RETVAL=$?
fi
;;
status)
status sendmail
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
exit $RETVAL
EOF
然后,使用如下命令赋予执行权限
chmod +x /etc/init.d/sendmail
2.5.3 启动服务并设置自启动
/etc/init.d/sendmail start /etc/init.d/sendmail status chkconfig sendmail on /etc/init.d/saslauthd start /etc/init.d/saslauthd status chkconfig saslauthd on
2.5.4 配置防火墙
vim /etc/sysconfig/iptables
加入如下配置,
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
配置修改后,请使用如下命令重启服务使配置生效,
/etc/init.d/iptables restart
2.6 使用Sendmail
由于本章重点是编译Sendmail,关于使用,请参阅以下文档,
参阅文档
=================
Sendmail官方主页
————
https://www.proofpoint.com/us/products/email-protection/open-source-email-solution
Sendmail编译文档
——————–
https://www.linuxfromscratch.org/blfs/view/svn/server/sendmail.html
镜像地址
—————
https://www.proofpoint.com/us/sendmail/list-of-mirrors
下载地址
———————
https://ftp.sendmail.org/
http://ftp.ntua.gr/pub/net/mail/sendmail/
github
————–
https://en.wikipedia.org/wiki/Sendmail
编译错误参考
—————–
https://stackoverflow.com/questions/14477948/gcc-compiler-unrecognized-option-r-usr
https://www.linuxquestions.org/questions/linux-software-2/sendmail-build-problem-91353/
https://www.linuxquestions.org/questions/linux-server-73/sendmail-unable-to-start-throwing-error-messeges-872976/
证书创建
——————
https://docs.oracle.com/cd/E24847_01/html/E22299/mailadmin-43.html
没有评论