如何编译安装Sendmail?

Sendmail

1 Sendmail的简介

– Sendmail是一种重要的邮件传输代理程序(MTA即Mail Transfer Agent)
– Sendmail支持多种邮件传输和传递方法
– Sendmail支持SMTP协议

2 最佳实践

2.1 安装前的配置

2.1.1 环境信息

OS = CentOS 5.x x86_64
DNS = any
Host Name = any
IP Address = any

2.1.2 卸载系统旧版本

yum remove -y sendmail

2.1.3 准备编译环境

yum install -y gcc make m4

2.1.4 安装常用软件包

yum install -y vim

2.1.5 下载软件包

cd ~
wget https://ftp.sendmail.org/sendmail.8.15.2.tar.gz

另外,如果需要其他版本,请从以下链接下载,
https://ftp.sendmail.org/

2.2 编译安装软件包

2.2.1 检查运行用户

id smmsp

如果以上命令找不到用户,请使用如下命令创建,

groupadd -g 51 smmsp
useradd -c "Sendmail Daemon" -g smmsp -d /var/spool/mqueue -s /sbin/nologin -u 51 smmsp

另外,需要使用如下命令确保用户家目录存在,

ls -ld /var/spool/mqueue/

如果找不到需要使用如下命令创建,

install -v -o root -g mail -m 700 -d /var/spool/mqueue

2.2.2 解压软件包

cd ~
tar -xf sendmail.8.15.2.tar.gz

2.2.3 修改手册位置

cd ~/sendmail-8.15.2/
sed -i 's|/usr/man/man|/usr/share/man/man|' devtools/OS/Linux

2.2.4 准备编译配置文件

cd ~/sendmail-8.15.2/
cp devtools/Site/site.config.m4.sample devtools/Site/site.config.m4
vim devtools/Site/site.config.m4

编译选项修改如下,

APPENDDEF(`confENVDEF', `-UNIS')
APPENDDEF(`confENVDEF',`-DDNSMAP -DHES_GETMAILHOST -DIPV6_FULL -DLDAPMAP -DLOG -DMAP_REGEX -DMATCHGECOS -DMILTER -DMIME7TO8 -DMIME8TO7 -DNAMED_BIND -DNETINET -DNETINET6 -DNETUNIX -DNEWDB -DPIPELINING -DSASL -DSCANF -DSOCKETMAP -DSTARTTLS')
APPENDDEF(`confLIBS', `-lssl -lcrypto -lsasl2 -lldap -llber -ldb')
APPENDDEF(`confLIBDIRS', `-L/usr/lib64/openssl,-R/usr/lib64/openssl')
APPENDDEF(`confINCDIRS', `-I/usr/include/openssl')
APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')

需要注意的是,
– 参数“confENVDEF”定义禁用或启用的模块
– 参数“confLIBS”定义编译所需的编译库模块
– 参数“confLIBDIRS”定义编译所需的动态编译库目录
– 参数“confINCDIRS”定义编译所需的静态编译库目录

2.2.5 编译软件包

cd ~/sendmail-8.15.2/sendmail/
sh Build

如果遇到如下错误,

make[1]: *** [depend] Error 1
make[1]: Leaving directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm'
Making in /root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm
make[1]: Entering directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm'
cc -O2 -I. -I../../include  -I/usr/include/openssl -I/usr/include/sasl -DMAP_REGEX -UNIS -DSTARTTLS -DSTARTTLS -DSASL -DLDAPMAP      -c -o assert.o assert.c
In file included from ../../include/sm/gen.h:20,
                 from assert.c:11:
../../include/sm/config.h:150:20: error: lber.h: No such file or directory
../../include/sm/config.h:151:20: error: ldap.h: No such file or directory
make[1]: *** [assert.o] Error 1
make[1]: Leaving directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm'
make: *** [/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsm/libsm.a] Error 2

可通过如下命令解决依赖关系,

yum install -y openldap-devel

如果遇到如下错误,

Configuration: pfx=, os=Linux, rel=2.6.18-53.el5, rbase=2, rroot=2.6.18-53, arch=x86_64, sfx=, variant=optimized
Making in /root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/sendmail
(cd ../../libsmutil; sh Build )
Configuration: pfx=, os=Linux, rel=2.6.18-53.el5, rbase=2, rroot=2.6.18-53, arch=x86_64, sfx=, variant=optimized
Making in /root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsmutil
make[1]: Entering directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsmutil'
cc -O2 -I. -I../../sendmail   -I../../include  -I/opt/nph/include -I/usr/local/ssl/include -DPH_MAP -UNIS -DSTARTTLS -DNOT_SENDMAIL      -c -o debug.o debug.c
In file included from debug.c:11:
../../sendmail/sendmail.h:125:26: error: openssl/ssl.h: No such file or directory
In file included from debug.c:11:
../../sendmail/sendmail.h:737: error: expected specifier-qualifier-list before ‘SSL’
../../sendmail/sendmail.h:1434:23: error: phclient.h: No such file or directory
../../sendmail/sendmail.h:1440: error: expected specifier-qualifier-list before ‘PH’
../../sendmail/sendmail.h:2000: error: expected ‘)’ before ‘*’ token
../../sendmail/sendmail.h:2004: error: expected ‘)’ before ‘*’ token
../../sendmail/sendmail.h:2005: error: expected ‘)’ before ‘*’ token
../../sendmail/sendmail.h:2015: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
../../sendmail/sendmail.h:2815: error: expected ‘)’ before ‘*’ token
make[1]: *** [debug.o] Error 1
make[1]: Leaving directory `/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsmutil'
make: *** [/root/sendmail-8.15.2/obj.Linux.2.6.18-53.el5.x86_64/libsmutil/libsmutil.a] Error 2

可通过如下命令解决依赖关系,

yum install -y openssl-devel

如果遇到如下错误,

In file included from conf.c:21:
../../include/sm/bdb.h:17:17: error: db.h: No such file or directory
make: *** [conf.o] Error 1

可通过如下命令解决依赖关系,

yum install -y db4-devel

2.2.6 编译sendmail.cf文件

cd ~/sendmail-8.15.2/cf/cf/
cp generic-linux.mc sendmail.mc
sh Build sendmail.cf

2.3 部署软件包

2.3.1 部署sendmail.cf

cd ~/sendmail-8.15.2/cf/cf/
install -v -d -m755 /etc/mail
sh Build install-cf

2.3.2 部署应用程序

cd ~/sendmail-8.15.2/
sh Build install

部署完毕后,我们建议执行以下命令确认编译的模块,

sendmail -bp -d0.13

可见如下显示,

Version 8.15.2
 Compiled with: DNSMAP HES_GETMAILHOST IPV6_FULL LDAPMAP LOG MAP_REGEX
                MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
                NETUNIX NEWDB PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS USERDB
                USE_LDAP_INIT XDEBUG
    OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD
                HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
                HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
                HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
                HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC SFS_VFS
                USE_DOUBLE_FORK USE_SIGLONGJMP
Kernel symbols: /boot/vmlinux
     Conf file: /etc/mail/submit.cf (default for MSP)
     Conf file: /etc/mail/sendmail.cf (default for MTA)
      Pid file: /var/run/sendmail.pid (default)
 libsm Defines: SM_CONF_LDAP_INITIALIZE SM_CONF_LDAP_MEMFREE
                SM_CONF_LONGLONG SM_CONF_MEMCHR SM_CONF_MSG SM_CONF_SEM
                SM_CONF_SIGSETJMP SM_CONF_SHM SM_CONF_SSIZE_T SM_CONF_STDDEF_H
                SM_CONF_SYS_CDEFS_H SM_CONF_UID_GID DO_NOT_USE_STRCPY
                SM_HEAP_CHECK SM_OS=sm_os_linux SM_VA_STD
   FFR Defines:
#...

注:“#…”表示省略

2.3.3 部署sendmail.mc

cd ~/sendmail-8.15.2/
install -v -m644 cf/cf/{submit,sendmail}.mc /etc/mail

2.3.4 部署其他配置文件

cd ~/sendmail-8.15.2/
cp -v -R cf/ /usr/share/sendmail-cf/

2.3.5 部署手册文档

cd ~/sendmail-8.15.2/
install -v -m755 -d /usr/share/doc/sendmail-8.15.2/{cf,sendmail}
install -v -m644 CACerts FAQ KNOWNBUGS LICENSE PGPKEYS README RELEASE_NOTES /usr/share/doc/sendmail-8.15.2
install -v -m644 sendmail/{README,SECURITY,TRACEFLAGS,TUNING} /usr/share/doc/sendmail-8.15.2/sendmail
install -v -m644 cf/README /usr/share/doc/sendmail-8.15.2/cf
for manpage in sendmail editmap mailstats makemap praliases smrsh
do
    install -v -m644 $manpage/$manpage.8 /usr/share/man/man8
done
install -v -m644 sendmail/aliases.5    /usr/share/man/man5
install -v -m644 sendmail/mailq.1      /usr/share/man/man1
install -v -m644 sendmail/newaliases.1 /usr/share/man/man1
install -v -m644 vacation/vacation.1   /usr/share/man/man1
cd ~/sendmail-8.15.2/doc/op
sed -i 's/groff/GROFF_NO_SGR=1 groff/' Makefile
make op.txt op.pdf
install -v -d -m755 /usr/share/doc/sendmail-8.15.2
install -v -m644 op.ps op.txt op.pdf /usr/share/doc/sendmail-8.15.2

2.3.6 部署日志目录

install -v -d -m755 /var/log/mail/
install -v -m600 /dev/null /var/log/mail/statistics

2.4 部署配置文件

2.4.1 部署配置文件local-host-names

cat > /etc/mail/local-host-names << "EOF"
# local-host-names - include all aliases for your machine here.
EOF

2.4.2 部署配置文件trusted-users

cat > /etc/mail/trusted-users << "EOF"
# trusted-users - users that can send mail as others without a warning
# apache, mailman, majordomo, uucp, are good candidates
EOF

2.4.3 部署配置文件mailertable

cat > /etc/mail/mailertable << "EOF"
# The "mailer table" can be used to override routing for particular domains
# (which are not in class {w}, i.e. local host names).
#
# hash /etc/mail/mailertable
#
# Keys in this database are fully qualified domain names or partial domains
# preceded by a dot -- for example, "vangogh.CS.Berkeley.EDU" or
# ".CS.Berkeley.EDU". As a special case of the latter, "." matches any domain
# not covered by other keys. Values must be of the form:
#
# mailer:domain
#
# where "mailer" is the internal mailer name, and "domain" is where to send
# the message. These maps are not reflected into the message header. As a
# special case, the forms:
#
# local:user
#
# will forward to the indicated user using the local mailer,
#
# local:
#
# will forward to the original user in the e-mail address using the local
# mailer, and
#
# error:code message
# error:D.S.N:code message
#
# will give an error message with the indicated SMTP reply code and message,
# where D.S.N is an RFC 1893 compliant error code.
EOF

配置编辑完毕后,你需要执行以下命令更新配置,

makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable

2.4.4 部署配置文件access

cat > /etc/mail/access << "EOF"
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the
# cyrus-sasl-plain package installed.
#
# By default we allow relaying from localhost...
Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY
EOF

配置编辑完毕后,你需要执行以下命令更新配置,

makemap hash /etc/mail/access.db < /etc/mail/access

2.4.5 部署配置文件virtusertable

cat > /etc/mail/virtusertable << "EOF"
# A domain-specific form of aliasing, allowing multiple virtual domains to be
# hosted on one machine.
#
# info@foo.com  foo-info
# info@bar.com  bar-info
# joe@bar.com   error:nouser 550 No such user here
# jax@bar.com   error:5.7.0:550 Address invalid
# @baz.org      jane@example.net
#
# then mail addressed to info@foo.com will be sent to the address foo-info,
# mail addressed to info@bar.com will be delivered to bar-info, and mail
# addressed to anyone at baz.org  will be sent to jane@example.net, mail to
# joe@bar.com will be rejected with the specified error message, and mail to
# jax@bar.com will also have a RFC 1893  compliant error code 5.7.0.
#
# The username from the original address is passed as %1 allowing:
#
# @foo.org      %1@example.com
#
# Additionally, if the local part consists of "user+detail" then "detail" is
# passed as %2 and "+detail" is passed as %3  when a match against user+* is
# attempted, so entries like
#
# old+*@foo.org new+%2@example.com
# gen+*@foo.org %2@example.com
# +*@foo.org    %1%3@example.com
# X++@foo.org   Z%3@example.com
# @bar.org      %1%3
#
# Note: to preserve "+detail" for a default case (@domain) %1%3 must be used
# as RHS. There are two wildcards after "+": "+" matches only a non-empty
# detail, "*" matches also empty details, e.g., user+@foo.org  matches#
# +*@foo.org but not ++@foo.org. This can be used to ensure that the
# parameters %2 and %3 are not empty.
#
# All the host names on the left hand side (foo.com, bar.com, and baz.org)
# must be in class {w} or class {VirtHost}. The latter can be defined by the
# macros VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE (analogously to
# MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). If VIRTUSER_DOMAIN or
# VIRTUSER_DOMAIN_FILE is used, then the entries of class {VirtHost} are
# added to class {R}, i.e., relaying is allowed to (and from) those domains.
EOF

配置编辑完毕后,你需要执行以下命令更新配置,

makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable

2.4.6 部署配置文件sendmail.mc

cat > /etc/mail/sendmail.mc << "EOF"
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     /etc/mail/make
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Do not advertize sendmail version.
dnl #
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # which realm to use in SASL database (sasldb2)
dnl #
define(`confAUTH_REALM', `mail')dnl
dnl # 
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH. 
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Basic sendmail TLS configuration with self-signed certificate for
dnl # inbound SMTP (and also opportunistic TLS for outbound SMTP).
dnl #
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/private/sendmail.key')dnl
define(`confTLS_SRV_OPTIONS', `V')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl # If you're operating in a DSCP/RFC-4594 environment with QoS
dnl define(`confINET_QOS', `AF11')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept 
dnl # incoming messages or process its message queues to 20.) sendmail refuses 
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead 
dnl # incurred due to forking new sendmail processes. May be useful against 
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address 
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl # 
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl # 
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
EOF

如果需要使配置生效,还需执行如下操作,

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

2.4.7 部署配置文件submit.mc

cat > /etc/mail/submit.mc << "EOF"
divert(-1)
#
# Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers.
#       All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#

#
#  This is the prototype file for a set-group-ID sm-msp sendmail that
#  acts as a initial mail submission program.
#

divert(0)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`linux setup')dnl
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`confPID_FILE', `/var/run/sm-client.pid')dnl
dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
FEATURE(`use_ct_file')dnl
dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[127.0.0.1]')dnl
EOF

如果需要使配置生效,还需执行如下操作,

m4 /etc/mail/submit.mc > /etc/mail/submit.cf

2.4.8 部署公钥和私钥证书

mkdir -p /etc/pki/tls/private/
mkdir /etc/pki/tls/private/
touch /etc/pki/tls/certs/sendmail.pem
touch /etc/pki/tls/private/sendmail.key
chmod 600 /etc/pki/tls/private/sendmail.key
chmod 600 /etc/pki/tls/certs/sendmail.pem

需要注意的是,
– 以上用“touch”创建的空证书文件会报错,但不影响服务启动(默认没有使用SSL)
– 证书请自行创建自签名证书或者到腾讯云申请,详细请查阅下文,此处不再详述,
https://cloud.tencent.com/product/ssl
另外,如需禁用SSL,请使用如下命令编辑配置文件,

vim /etc/mail/sendmail.mc

然后注解如下代码并重新生成配置且重启服务即可,

dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/private/sendmail.key')dnl
dnl define(`confTLS_SRV_OPTIONS', `V')dnl

2.5 配置服务运行

2.5.1 手动启动服务

/usr/sbin/sendmail -bd -q1h
/usr/sbin/sendmail -L sm-msp-queue -Ac -q1h

– 参数“bd”声明以守护进程模式运行(以25端口倾听并获取SMTP链接)
– 参数“q”声明处理队列保存信息的时间间隔(单位秒分时日周即“s”、“m”、“h”、“d”、“w”,例如“-q1h30m”)
– 参数“L”声明系统日志消息的标签
– 参数“Ac”声明使用submit.cf配置
命令执行后,请使用如下命令查看启动的进程,

ps -ef | grep sendmail | grep -v grep

可见如下显示,

smmsp    12872     1  0 11:12 ?        00:00:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
root     12884     1  0 11:12 ?        00:00:00 sendmail: accepting connections

请使用如下命令查看端口倾听,

netstat -antp | grep sendmail

可见如下显示,

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      12884/sendmail: acc

然后,如果需要退出服务,请使用如下命令,

kill -s 9 `pgrep -u root sendmail`
kill -s 9 `pgrep -u smmsp sendmail`

另外,如果遇到启动故障,请使用如下命令查看日志,

tail -f /var/log/maillog

2.5.2 部署服务控制脚本

cat > /etc/init.d/sendmail << "EOF"
#!/bin/bash
#
# sendmail      This shell script takes care of starting and stopping
#               sendmail.
#
# chkconfig: 2345 80 30
# description: Sendmail is a Mail Transport Agent, which is the program \
#              that moves mail from one machine to another.
# processname: sendmail
# config: /etc/mail/sendmail.cf
# pidfile: /var/run/sendmail.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network

# Source sendmail configureation.
if [ -f /etc/sysconfig/sendmail ] ; then
    . /etc/sysconfig/sendmail
else
    DAEMON=yes
    QUEUE=1h
fi
[ -z "$SMQUEUE" ] && SMQUEUE="$QUEUE"
[ -z "$SMQUEUE" ] && SMQUEUE=1h

# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 0

[ -f /usr/sbin/sendmail ] || exit 0

RETVAL=0
prog="sendmail"

start() {
    # Start daemons.

    echo -n $"Starting $prog: "
    if test -x /usr/bin/make -a -f /etc/mail/Makefile ; then
      make all -C /etc/mail -s > /dev/null
    else
      for i in virtusertable access domaintable mailertable ; do
        if [ -f /etc/mail/$i ] ; then
        makemap hash /etc/mail/$i < /etc/mail/$i
        fi
      done
    fi
    /usr/bin/newaliases > /dev/null 2>&1
    daemon /usr/sbin/sendmail $([ "x$DAEMON" = xyes ] && echo -bd) \
            $([ -n "$QUEUE" ] && echo -q$QUEUE) $SENDMAIL_OPTARG
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail

    if ! test -f /var/run/sm-client.pid ; then
    echo -n $"Starting sm-client: "
    touch /var/run/sm-client.pid
    chown smmsp:smmsp /var/run/sm-client.pid
    if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
        /sbin/restorecon /var/run/sm-client.pid
    fi
    daemon --check sm-client /usr/sbin/sendmail -L sm-msp-queue -Ac \
            -q$SMQUEUE $SENDMAIL_OPTARG
    RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sm-client
        fi

    return $RETVAL
}

reload() {
    # Stop daemons.
        echo -n $"reloading $prog: "
    /usr/bin/newaliases > /dev/null 2>&1
    if [ -x /usr/bin/make -a -f /etc/mail/Makefile ]; then
      make all -C /etc/mail -s > /dev/null
    else
      for i in virtusertable access domaintable mailertable ; do
        if [ -f /etc/mail/$i ] ; then
        makemap hash /etc/mail/$i < /etc/mail/$i
        fi
      done
    fi
    daemon /usr/sbin/sendmail $([ "x$DAEMON" = xyes ] && echo -bd) \
        $([ -n "$QUEUE" ] && echo -q$QUEUE)
    RETVAL=$?
    killproc sendmail -HUP
    RETVAL=$?
    echo
    if [ $RETVAL -eq 0 -a -f /var/run/sm-client.pid ]; then
        echo -n $"reloading sm-client: "
        killproc sm-client -HUP
        RETVAL=$?
        echo
    fi
    return $RETVAL
}

stop() {
    # Stop daemons.
    if test -f /var/run/sm-client.pid ; then
        echo -n $"Shutting down sm-client: "
        killproc sm-client
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && rm -f /var/run/sm-client.pid
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sm-client
    fi
    echo -n $"Shutting down $prog: "
    killproc sendmail
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sendmail
    return $RETVAL
}

# See how we were called.
case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  reload)
    reload
    RETVAL=$?
    ;;
  restart)
    stop
    start
    RETVAL=$?
    ;;
  condrestart)
    if [ -f /var/lock/subsys/sendmail ]; then
        stop
        start
        RETVAL=$?
    fi
    ;;
  status)
    status sendmail
    RETVAL=$?
    ;;
  *)
    echo $"Usage: $0 {start|stop|restart|condrestart|status}"
    exit 1
esac

exit $RETVAL
EOF

然后,使用如下命令赋予执行权限

chmod +x /etc/init.d/sendmail

2.5.3 启动服务并设置自启动

/etc/init.d/sendmail start
/etc/init.d/sendmail status
chkconfig sendmail on
/etc/init.d/saslauthd start
/etc/init.d/saslauthd status
chkconfig saslauthd on

2.5.4 配置防火墙

vim /etc/sysconfig/iptables

加入如下配置,

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

配置修改后,请使用如下命令重启服务使配置生效,

/etc/init.d/iptables restart

2.6 使用Sendmail

由于本章重点是编译Sendmail,关于使用,请参阅以下文档,

如何部署Sendmail?

参阅文档
=================
Sendmail官方主页
————
https://www.proofpoint.com/us/products/email-protection/open-source-email-solution

Sendmail编译文档
——————–
https://www.linuxfromscratch.org/blfs/view/svn/server/sendmail.html

镜像地址
—————
https://www.proofpoint.com/us/sendmail/list-of-mirrors

下载地址
———————
https://ftp.sendmail.org/
http://ftp.ntua.gr/pub/net/mail/sendmail/

github
————–
https://en.wikipedia.org/wiki/Sendmail

编译错误参考
—————–
https://stackoverflow.com/questions/14477948/gcc-compiler-unrecognized-option-r-usr
https://www.linuxquestions.org/questions/linux-software-2/sendmail-build-problem-91353/
https://www.linuxquestions.org/questions/linux-server-73/sendmail-unable-to-start-throwing-error-messeges-872976/

证书创建
——————
https://docs.oracle.com/cd/E24847_01/html/E22299/mailadmin-43.html

没有评论

发表回复

Sendmail
如何解决SendMail SSL错误?

1 前言 一个问题,一篇文章,一出故事。 笔者最近SendMail服务器更换下一跳的smtp中继服务 …

PHP
如何编译安装php-fpm的模块?

1 前言 一个问题,一篇文章,一出故事。 笔者最新部署了一个PHP-FPM的环境,本章将整理如何部署 …

PHP
如何基于Oracle Linux 9.x编译安装PHP-FPM 8.x?

1 前言 一个问题,一篇文章,一出故事。 PHP-FPM可以跟Nginx配合使Nginx环境具备运行 …