Linux基础知识之Sendmail 邮件服务器配置

电子邮件是计算机史上最老的服务了，目前常用的MTA(邮件传输代理)软件主要有sendmail和postfix,exchange,qmail等；其中sendmail最为古老，且最为复杂；邮件传输过程中主要有MTA,MUA,MAA,MDA等，MUA，邮件用户代理主要指的是客户端程序，比如outlook,foxmail,thunderbird等；MAA则是指dovecot软件提供的pop3,imap等收信服务，MDA则是邮件过滤代理，主要有procmail等…，sendmail的配置十分的复杂，本节中只介绍rhce考试的热点…

1：配置sendmail监听本机所有端口，并在远程客户端上进行发邮件测试
[root@server2 ~]# rpm -q sendmail-cf  //安装sendmail-cf包，改包提供了主要的模板
package sendmail-cf is not installed
[root@server2 ~]# yum -y install sendmail-cf
[root@server2 ~]# service sendmail status
sendmail (pid  2591) 正在运行…
[root@server2 ~]# netstat -ntpl |grep :25  //sendmail默认启动，且只侦听回环接口上的25端口
tcp        0      0 127.0.0.1:25                0.0.0.0:*                  LISTEN      2591/sendmail: acce

[root@server2 ~]# cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.orig  //备份下模板和主配置文件，这步很关键
[root@server2 ~]# cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.orig
[root@server2 ~]# grep ‘127.0.0.1’ /etc/mail/sendmail.mc 
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl  //注释掉本行，dnl代表注释，也可将127.0.0.1改成0.0.0.0
[root@server2 ~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf  //使用m4宏生成半二进制的配置文件
[root@server2 ~]# cat /etc/mail/local-host-names
# local-host-names – include all aliases for your machine here.
server2.yang.com
[root@server2 ~]# service sendmail restart          //重启服务
关闭 sm-client：                                          [确定]
关闭 sendmail：                                            [确定]
启动 sendmail：                                            [确定]
启动 sm-client：                                          [确定]
[root@server2 ~]# netstat -ntpl |grep :25
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                  LISTEN    2673/sendmail: acce

[root@server2 ~]# useradd -s /sbin/nologin test1  //添加两个测试用户
[root@server2 ~]# useradd -s /sbin/nologin test2
[root@server2 ~]# echo  ‘123’|passwd –stdin test1
Changing password for user test1.
passwd: all authentication tokens updated successfully.
[root@server2 ~]# echo  ‘123’|passwd –stdin test2
Changing password for user test2.
passwd: all authentication tokens updated successfully.

C:\>telnet 192.168.122.20 25  //使用telnet命令测试，sendmial默认配置helo和mail from可以进行欺骗，可在配置文件中调整
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Fri, 9 Apr 2010 12:51:55
+0800
helo www.6688.cc
250 localhost.localdomain Hello [192.168.122.50], pleased to meet you
mail from:admin@6688.cc
250 2.1.0 admin@6688.cc… Sender ok
rcpt to:test1@server2.yang.com 
250 2.1.5 test1@server2.yang.com… Recipient ok
data
354 Enter mail, end with “.” on a line by itself
just one test!
.
250 2.0.0 o394ptpb002905 Message accepted for delivery
quit
[root@server2 ~]# mailq  //查看邮件队列，用于MTA-MTA之间
/var/spool/mqueue is empty
Total requests: 0
[root@server2 ~]# mailq -Ac      //查看邮件队列，用于MTA-MUA之间
/var/spool/clientmqueue is empty
Total requests: 0
[root@server2 ~]# grep ‘o394ptpb002905’ /var/log/maillog  //查看邮件日志信息
Apr  9 12:53:01 server2 sendmail[2905]: o394ptpb002905: from=admin@6688.cc, size=15, class=0, nrcpts=1, msgid=<201004090452.o394ptpb002905@localhost.localdomain>, proto=SMTP, daemon=MTA, relay=[192.168.122.50]Apr  9 12:53:02 server2 sendmail[2912]: o394ptpb002905: to=test1@server2.yang.com, delay=00:00:16, xdelay=00:00:00,
mailer=local, pri=30333, dsn=2.0.0, stat=Sent(使用outlook收信，需要配置dovecot)

2：配置允许192.168.122.0/24段的ip进行RELAY操作，同时限制test2@server2.yang.com发送邮件

默认不允许进行中继，只允许中继localhost,localhost.localdoamin,127.0.0.1
[root@server2 ~]# grep -v ‘^#’ /etc/mail/access
Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY
Connect:192.168.122                     RELAY
From:test2@server2.yang.com             ERROR:550 bad name

[root@server2 ~]# makemap  hash /etc/mail/access < /etc/mail/access  //生成hash数据库

[root@server2 ~]# grep ‘ylw6006’ /var/log/maillog  //查看日志信息
Apr  9 13:01:33 server2 sendmail[3037]: o3951WuZ003037: ruleset=check_rcpt, arg1=<ylw6006@163.com>, relay=[192.168.122.50], reject=550 5.7.1 <ylw6006@163.com>… Relaying denied. IP name lookup failed [192.168.122.50]Apr  9 13:08:38 server2 sendmail[3066]: o3958VN6003064: to=<ylw6006@163.com>, ctladdr=<test1@server2.yang.com> (500/501), delay=00:00:06, xdelay=00:00:05, mailer=esmtp, pri=121260, relay=mxnew-b.163.com. [220.181.12.90], dsn=2.0.0, stat=Sent (Mail OK queued as mx44,WsCowKD7365Ztr5LqLb9Aw–.1247S2 1270789727)

[root@jsb-ylw-5024 ~]# telnet 192.168.122.20 25  //test2@server2.yang.com用户发送邮件测试
Trying 192.168.122.20…
Connected to 192.168.122.20 (192.168.122.20).
Escape character is ‘^]’.
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Fri, 9 Apr 2010 13:13:46 +0800
helo www.6688.cc
250 localhost.localdomain Hello [192.168.122.1], pleased to meet you
mail from:test2@server2.yang.com
550 5.0.0 test2@server2.yang.com… bad name

3：配置邮件别名，将发送到test1用户的邮件转到root用户上，这样配置完后，test1用户将不会收到任何邮件
[root@server2 ~]# tail -1 /etc/aliases
test1:          root
[root@server2 ~]# newaliases   //使用newaliases命令生效，关键
/etc/aliases: 77 aliases, longest 10 bytes, 774 bytes total

[root@server2 ~]# mail
Mail version 8.1 6/6/93.  Type ? for help.
“/var/spool/mail/root”: 1 message 1 new
>N  1 test1@server2.yang.c  Fri Apr  9 13:36  45/1831  “mail from test1@serve”
& 1

4：配置邮件过滤，凡是邮件主题或者正文中包含相关关键字的邮件进行过滤，重点…
[root@server2 ~]# cat /etc/procmailrc
LOGFILE=/var/spool/mail/procmail.log  //日志文件保存位置
VERBOSE=yes    //记录详细日志
:0 cHB         //固定格式，HB表示过滤主题和邮件正文
* .* rhce      //关键字信息
/var/spool/mail/procmail.txt   //过滤邮件保存位置

[root@server2 ~]# ll /usr/bin/procmail    //给promail组上程序赋S位，5.1环境需要执行，5.4可以跳过
-rwxr-xr-x 1 root mail 99128 2006-07-13 /usr/bin/procmail
[root@server2 ~]# chmod g+s /usr/bin/procmail

//测试
[root@server2 ~]# echo “one test for RHCE,good luck for you…”|mail -s ‘rhce’ test1@server2.yang.com
[root@server2 ~]# tail /var/spool/mail/procmail.txt
by localhost.localdomain (8.13.8/8.13.8/Submit) id o397b50t006246
for test1@server2.yang.com; Fri, 9 Apr 2010 15:37:05 +0800
Date: Fri, 9 Apr 2010 15:37:05 +0800
From: root <root@localhost.localdomain>
Message-Id: <201004090737.o397b50t006246@localhost.localdomain>
To: test1@server2.yang.com
Subject: rhce

one test for RHCE,good luck for you…

[root@server2 ~]# tail -f /var/spool/mail/procmail.log
Folder: /var/mail/root                                                1244017
procmail: [6249] Fri Apr  9 15:37:06 2010
procmail: Match on “.* rhce”
procmail: Assigning “LASTFOLDER=/var/spool/mail/procmail.txt”
procmail: Opening “/var/spool/mail/procmail.txt”
procmail: Acquiring kernel-lock
procmail: Assigning “PATH=/root/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/X11R6/bin”
From root@localhost.localdomain  Fri Apr  9 15:37:06 2010
Subject: rhce
Folder: /var/mail/root                                                    693