RedHat9.0下带认证的Sendmail邮件服务器安装手册
点击次数:26 次 发布日期:2008-11-29 15:44:27 作者:源代码网
|
源代码网推荐 源代码网推荐 环境:RedHat Linux 9.0 完全安装或者确保以下安装包已经安装完毕: 源代码网推荐 imap-2001a-18.i286.rpm 源代码网推荐 sendmail-8.12.8-4.i386.rpm 源代码网推荐 m4-1.4.1-13.i386.rpm 源代码网推荐 cyrus-sasl-2.1.10-4.i386.rpm 源代码网推荐 cyrus-sasl-md5-2.1.10-4.i386.rpm 源代码网推荐 cyrus-sasl-plain-2.1.10-4.i386.rpm 源代码网推荐 cyrus-sasl-gssapi-2.1.10-4.i386.rpm 源代码网推荐 目的:实现带认证功能的邮件服务器的配置安装 源代码网推荐 源代码网推荐 一. Sendmail服务配置 源代码网推荐 1. 安装RedHat Linux 9.0后,修改/etc/mail/sendmail.mc,修改后文件如下: 源代码网推荐 divert(-1)dnl 源代码网推荐 dnl # 源代码网推荐 dnl # This is the sendmail macro config file for m4. If you make changes to 源代码网推荐 dnl # /etc/mail/sendmail.mc, you will need to regenerate the 源代码网推荐 dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is 源代码网推荐 dnl # installed and then performing a 源代码网推荐 dnl # 源代码网推荐 dnl # make -C /etc/mail 源代码网推荐 dnl # 源代码网推荐 include(`/usr/share/sendmail-cf/m4/cf.m4")dnl 源代码网推荐 VERSIONID(`setup for Red Hat Linux")dnl 源代码网推荐 OSTYPE(`linux")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # Uncomment and edit the following line if your outgoing mail needs to 源代码网推荐 dnl # be sent out through an external mail server: 源代码网推荐 dnl # 源代码网推荐 dnl define(`SMART_HOST",`smtp.your.provider") 源代码网推荐 dnl # 源代码网推荐 define(`confDEF_USER_ID",``8:12"")dnl 源代码网推荐 define(`confTRUSTED_USER", `smmsp")dnl 源代码网推荐 dnl define(`confAUTO_REBUILD")dnl 源代码网推荐 define(`confTO_CONNECT", `1m")dnl 源代码网推荐 define(`confTRY_NULL_MX_LIST",true)dnl 源代码网推荐 define(`confDONT_PROBE_INTERFACES",true)dnl 源代码网推荐 define(`PROCMAIL_MAILER_PATH",`/usr/bin/procmail")dnl 源代码网推荐 define(`ALIAS_FILE", `/etc/aliases")dnl 源代码网推荐 dnl define(`STATUS_FILE", `/etc/mail/statistics")dnl 源代码网推荐 define(`UUCP_MAILER_MAX", `2000000")dnl 源代码网推荐 define(`confUSERDB_SPEC", `/etc/mail/userdb.db")dnl 源代码网推荐 define(`confPRIVACY_FLAGS", `authwarnings,novrfy,noexpn,restrictqrun")dnl 源代码网推荐 define(`confAUTH_OPTIONS", `A")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # The following allows relaying if the user authenticates, and disallows 源代码网推荐 dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links 源代码网推荐 dnl # 源代码网推荐 dnl define(`confAUTH_OPTIONS", `A p")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # PLAIN is the preferred plaintext authentication method and used by 源代码网推荐 dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do 源代码网推荐 dnl # use LOGIN. Other mechanisms should be used if the connection is not 源代码网推荐 dnl # guaranteed secure. 源代码网推荐 dnl # 源代码网推荐 define(QUEUE_DIR, `/var/spool/mqueue/q*") 源代码网推荐 TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN")dnl 源代码网推荐 define(`confAUTH_MECHANISMS", `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # Rudimentary information on creating certificates for sendmail TLS: 源代码网推荐 dnl # make -C /usr/share/ssl/certs usage 源代码网推荐 dnl # 源代码网推荐 dnl define(`confCACERT_PATH",`/usr/share/ssl/certs") 源代码网推荐 dnl define(`confCACERT",`/usr/share/ssl/certs/ca-bundle.crt") 源代码网推荐 dnl define(`confSERVER_CERT",`/usr/share/ssl/certs/sendmail.pem") 源代码网推荐 dnl define(`confSERVER_KEY",`/usr/share/ssl/certs/sendmail.pem") 源代码网推荐 dnl # 源代码网推荐 dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP"s 源代码网推荐 dnl # slapd, which requires the file to be readble by group ldap 源代码网推荐 dnl # 源代码网推荐 dnl define(`confDONT_BLAME_SENDMAIL",`groupreadablekeyfile")dnl 源代码网推荐 dnl # 源代码网推荐 dnl define(`confTO_QUEUEWARN", `4h")dnl 源代码网推荐 dnl define(`confTO_QUEUERETURN", `5d")dnl 源代码网推荐 dnl define(`confQUEUE_LA", `12")dnl 源代码网推荐 dnl define(`confREFUSE_LA", `18")dnl 源代码网推荐 define(`confTO_IDENT", `0")dnl 源代码网推荐 dnl FEATURE(delay_checks)dnl 源代码网推荐 FEATURE(`no_default_msa",`dnl")dnl 源代码网推荐 FEATURE(`smrsh",`/usr/sbin/smrsh")dnl 源代码网推荐 FEATURE(`mailertable",`hash -o /etc/mail/mailertable.db")dnl 源代码网推荐 FEATURE(`virtusertable",`hash -o /etc/mail/virtusertable.db")dnl 源代码网推荐 FEATURE(redirect)dnl 源代码网推荐 FEATURE(always_add_domain)dnl 源代码网推荐 FEATURE(use_cw_file)dnl 源代码网推荐 FEATURE(use_ct_file)dnl 源代码网推荐 dnl # 源代码网推荐 dnl # The -t option will retry delivery if e.g. the user runs over his quota. 源代码网推荐 dnl # 源代码网推荐 FEATURE(local_procmail,`",`procmail -t -Y -a $h -d $u")dnl 源代码网推荐 FEATURE(`access_db",`hash -T<TMPF> -o /etc/mail/access.db")dnl 源代码网推荐 FEATURE(`blacklist_recipients")dnl 源代码网推荐 EXPOSED_USER(`root")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # The following causes sendmail to only listen on the IPv4 loopback address 源代码网推荐 dnl # 127.0.0.1 and not on any other network devices. Remove the loopback 源代码网推荐 dnl # address restriction to accept email from the internet or intranet. 源代码网推荐 dnl # 源代码网推荐 dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # The following causes sendmail to additionally listen to port 587 for 源代码网推荐 dnl # mail from MUAs that authenticate. Roaming users who can"t reach their 源代码网推荐 dnl # preferred sendmail daemon due to port 25 being blocked or redirected find 源代码网推荐 dnl # this useful. 源代码网推荐 dnl # 源代码网推荐 DAEMON_OPTIONS(`Port=25, Name=MSA, M=Ea")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # The following causes sendmail to additionally listen to port 465, but 源代码网推荐 dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed 源代码网推荐 dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can"t 源代码网推荐 dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS 源代码网推荐 dnl # and doesn"t support the deprecated smtps; Evolution <1.1.1 uses smtps 源代码网推荐 dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. 源代码网推荐 dnl # 源代码网推荐 dnl # For this to work your OpenSSL certificates must be configured. 源代码网推荐 dnl # 源代码网推荐 dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # The following causes sendmail to additionally listen on the IPv6 loopback 源代码网推荐 dnl # device. Remove the loopback address restriction listen to the network. 源代码网推荐 dnl # 源代码网推荐 dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires 源代码网推荐 dnl # a kernel patch 源代码网推荐 dnl # 源代码网推荐 dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # We strongly recommend not accepting unresolvable domains if you want to 源代码网推荐 dnl # protect yourself from spam. However, the laptop and users on computers 源代码网推荐 dnl # that do not have 24x7 DNS do need this. 源代码网推荐 dnl # 源代码网推荐 FEATURE(`accept_unresolvable_domains")dnl 源代码网推荐 dnl # 源代码网推荐 dnl FEATURE(`relay_based_on_MX")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # Also accept email sent to "localhost.localdomain" as local email. 源代码网推荐 dnl # 源代码网推荐 LOCAL_DOMAIN(`localhost.localdomain")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # The following example makes mail from this host and any additional 源代码网推荐 dnl # specified domains appear to be sent from mydomain.com 源代码网推荐 dnl # 源代码网推荐 dnl MASQUERADE_AS(`mydomain.com")dnl 源代码网推荐 dnl # 源代码网推荐 dnl # masquerade not just the headers, but the envelope as well 源代码网推荐 dnl # 源代码网推荐 dnl FEATURE(masquerade_envelope)dnl 源代码网推荐 dnl # 源代码网推荐 dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well 源代码网推荐 dnl # 源代码网推荐 dnl FEATURE(masquerade_entire_domain)dnl 源代码网推荐 dnl # 源代码网推荐 dnl MASQUERADE_DOMAIN(localhost)dnl 源代码网推荐 dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl 源代码网推荐 dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl 源代码网推荐 dnl MASQUERADE_DOMAIN(mydomain.lan)dnl 源代码网推荐 MAILER(smtp)dnl 源代码网推荐 MAILER(procmail)dnl 源代码网推荐 源代码网推荐 文件中,红色字体的行为需要修改的地方,共有五行需要修改。 源代码网推荐 第一行是手动添加的,与认证无关,作用是启动多个邮件队列,为了获得更好的传输性能。 源代码网推荐 第二行和第三行是去掉行首的注释。”TRUST_AUTH_MECH”的作用是使sendmail不管access文件中如何设置,都能 relay 那些通过EXTERNAL, LOGIN, PLAIN, CRAM-MD5或DIGEST-MD5等方式验证的邮件,”confAUTH_MECHANISMS" 的作用是确定系统的认证方式。Outlook Express支持的认证方式是LOGIN。 源代码网推荐 第四行是加上注释,以便让sendmail可以侦听所有网络设备,为整个网络提供服务,而不仅仅只 源代码网推荐 源代码网推荐 源代码网推荐 源代码网推荐 源代码网供稿. |
