sendmail+squirrelmail设置邮件服务器

配置环境redhatAS3
kernellinux2.4.21-4.EL
sendmail-8.12.10-1
sendmail-cf-8.12.10-1
httpd-devel-2.0.46-25.ent
httpd-2.0.46-25.ent
squirrelmail-1.4.10a

1设置DNS

采用希网http://www.3322.org/提供的域名绑定功能（支持固定IP静态绑定，稳定不需要客户端软件），设置域名为myname.3322.org邮件服务器(mx)也为myname.3322.org

2配置sendmail

2.1编辑/etc/mail/sendmail.mc
divert(-1)dnl//为m4定义一个缓冲动作，当n=-1时缓冲被删除，n=0时开始一个新缓冲
include(`/usr/share/sendmail-cf/m4/cf.m4")dnl
VERSIONID(`setupforRedHatLinux")dnl
OSTYPE(`linux")dnl//定义宏所使用的操作系统，该宏允许m4程序增加同相关操作系统相关的文件
define(`SMART_HOST",`myname.3322.org")//设置邮件服务器域名(有时不是必须的）
dnl#
define(`confDEF_USER_ID",``8:12"")dnl
dnldefine(`confAUTO_REBUILD")dnl
define(`confTO_CONNECT",`1m")dnl
define(`confTRY_NULL_MX_LIST",true)dnl
define(`confDONT_PROBE_INTERFACES",true)dnl
define(`PROCMAIL_MAILER_PATH",`/usr/bin/procmail")dnl
define(`ALIAS_FILE",`/etc/aliases")dnl
dnldefine(`STATUS_FILE",`/etc/mail/statistics")dnl
define(`UUCP_MAILER_MAX",`2000000")dnl
define(`confUSERDB_SPEC",`/etc/mail/userdb.db")dnl
define(`confPRIVACY_FLAGS",`authwarnings,novrfy,noexpn,restrictqrun")dnl
define(`confAUTH_OPTIONS",`A")dnl
dnl#
dnl#Thefollowingallowsrelayingiftheuserauthenticates,anddisallows
dnl#plaintextauthentication(PLAIN/LOGIN)onnon-TLSlinks
dnl#
dnldefine(`confAUTH_OPTIONS",`Ap")dnl
dnl#
dnl#PLAINisthepreferredplaintextauthenticationmethodandusedby
dnl#MozillaMailandEvolution,thoughOutlookExpressandotherMUAsdo
dnl#useLOGIN.Othermechanismsshouldbeusediftheconnectionisnot
dnl#guaranteedsecure.
dnl#
TRUST_AUTH_MECH(`EXTERNALDIGEST-MD5CRAM-MD5LOGINPLAIN")dnl
//设定smtp认证，它的意思是如果access.db访问控制
//没有设置，则启用此验证方式进行smtp验证
define(`confAUTH_MECHANISMS",`EXTERNALGSSAPIDIGEST-MD5CRAM-MD5LOGINPLAIN")dnl
dnl#
dnl#RudimentaryinformationoncreatingcertificatesforsendmailTLS:
dnl#make-C/usr/share/ssl/certsusage
dnl#
dnldefine(`confCACERT_PATH",`/usr/share/ssl/certs")
dnldefine(`confCACERT",`/usr/share/ssl/certs/ca-bundle.crt")
dnldefine(`confSERVER_CERT",`/usr/share/ssl/certs/sendmail.pem")
dnldefine(`confSERVER_KEY",`/usr/share/ssl/certs/sendmail.pem")
dnl#
dnl#ThisallowssendmailtouseakeyfilethatissharedwithOpenLDAP"s
dnl#slapd,whichrequiresthefiletobereadblebygroupldap
dnl#
dnldefine(`confDONT_BLAME_SENDMAIL",`groupreadablekeyfile")dnl
dnl#
dnldefine(`confTO_QUEUEWARN",`4h")dnl
dnldefine(`confTO_QUEUERETURN",`5d")dnl
dnldefine(`confQUEUE_LA",`12")dnl
dnldefine(`confREFUSE_LA",`18")dnl
define(`confTO_IDENT",`0")dnl
dnlFEATURE(delay_checks)dnl
FEATURE(`no_default_msa",`dnl")dnl
FEATURE(`smrsh",`/usr/sbin/smrsh")dnl
FEATURE(`mailertable",`hash-o/etc/mail/mailertable.db")dnl
FEATURE(`virtusertable",`hash-o/etc/mail/virtusertable.db")dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl#
dnl#The-toptionwillretrydeliveryife.g.theuserrunsoverhisquota.
dnl#
FEATURE(local_procmail,`",`procmail-t-Y-a$h-d$u")dnl
FEATURE(`access_db",`hash-T<TMPF>-o/etc/mail/access.db")dnl
FEATURE(`blacklist_recipients")dnl
EXPOSED_USER(`root")dnl
dnl#
dnl#ThefollowingcausessendmailtoonlylistenontheIPv4loopbackaddress
dnl#127.0.0.1andnotonanyothernetworkdevices.Removetheloopback
dnl#addressrestrictiontoacceptemailfromtheinternetorintranet.
dnl#
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0,Name=MTA")dnl//设置成0.0.0.0方可接收外部邮件，局//域网邮件服务器可以设成127.0.0.1
dnl#
dnl#Thefollowingcausessendmailtoadditionallylistentoport587for
dnl#mailfromMUAsthatauthenticate.Roaminguserswhocan"treachtheir
dnl#preferredsendmaildaemonduetoport25beingblockedorredirectedfind
dnl#thisuseful.
dnl#
dnlDAEMON_OPTIONS(`Port=submission,Name=MSA,M=Ea")dnl
dnl#
dnl#Thefollowingcausessendmailtoadditionallylistentoport465,but
dnl#startingimmediatelyinTLSmodeuponconnecting.Port25or587followed
dnl#bySTARTTLSispreferred,butroamingclientsusingOutlookExpresscan"t
dnl#doSTARTTLSonportsotherthan25.MozillaMailcanONLYuseSTARTTLS
dnl#anddoesn"tsupportthedeprecatedsmtps;Evolution<1.1.1usessmtps
dnl#whenSSLisenabled--STARTTLSsupportisavailableinversion1.1.1.
dnl#
dnl#ForthistoworkyourOpenSSLcertificatesmustbeconfigured.
dnl#
dnlDAEMON_OPTIONS(`Port=smtps,Name=TLSMTA,M=s")dnl
dnl#
dnl#ThefollowingcausessendmailtoadditionallylistenontheIPv6loopback
dnl#device.Removetheloopbackaddressrestrictionlistentothenetwork.
dnl#
dnl#NOTE:bindingbothIPv4andIPv6daemontothesameportrequires
dnl#akernelpatch
dnl#
dnlDAEMON_OPTIONS(`port=smtp,Addr=::1,Name=MTA-v6,Family=inet6")dnl
dnl#
dnl#Westronglyrecommendnotacceptingunresolvabledomainsifyouwantto
dnl#protectyourselffromspam.However,thelaptopandusersoncomputers
dnl#thatdonothave24x7DNSdoneedthis.
dnl#
FEATURE(`accept_unresolvable_domains")dnl
dnl#
dnlFEATURE(`relay_based_on_MX")dnl
dnl#
dnl#Alsoacceptemailsentto"localhost.localdomain"aslocalemail.
dnl#
LOCAL_DOMAIN(`localhost.localdomain")dnl
dnl#
dnl#Thefollowingexamplemakesmailfromthishostandanyadditional
dnl#specifieddomainsappeartobesentfrommydomain.com
dnl#
dnlMASQUERADE_AS(`mydomain.com")dnl//定义sendmail来应答邮件的其它主机名
dnl#
dnl#masqueradenotjusttheheaders,buttheenvelopeaswell
dnl#
dnlFEATURE(masquerade_envelope)dnl
dnl#
dnl#masqueradenotjust@mydomainalias.com,but@*.mydomainalias.comaswell
dnl#
dnlFEATURE(masquerade_entire_domain)dnl
dnl#
dnlMASQUERADE_DOMAIN(localhost)dnl
dnlMASQUERADE_DOMAIN(localhost.localdomain)dnl
dnlMASQUERADE_DOMAIN(mydomainalias.com)dnl
dnlMASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl//定义sendmail使用的邮件传输方法smtp
MAILER(procmail)dnl

完成sendmail.mc文档的编写后就可以用m4程序生成正式的sendmail.cf配置文档。语法如
下：
#m4sendmail.mc>sendmail.cf
检测SMTP认证
#telnetmyname.3322.org25
Trying159.226.XX.XX...
Connectedtomail.myname.3322.org(159.226.XX.XX).
Escapecharacteris"^]".
220mail.myname.3322.orgESMTPSendmail8.12.10/8.12.10;Wed,16May200717:24:38+0800
ehlomyname.3322.org(输入此命令)
250-mail.myname.3322.orgHellomail.myname.3322.org[159.226.XX.XX],pleasedtomeetyou
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTHGSSAPIDIGEST-MD5CRAM-MD5LOGINPLAIN(出现此行代表设定正确)
250-DELIVERBY
250HELP
^]---ctrl+]中断
telnet>q---q退出
Connectionclosed.

2.2设定收发限制
修改/etc/mail/access:
localhostRELAY
159.226RELAY
localhost.localdomainRELAY
127.0.0.1RELAY
然后
#makemap-vhash/etc/mail/access</etc/mail/access

2.3将主机域名加到/etc/mail/local-host-names文件中内容如下：
myname.3322.org//好像也是非必须

3设定POP与IMAP服务器.

1)首先确定/etc/servicese有以下内容
pop2109/tcppop-2postoffice#POPversion2
pop2109/udppop-2
pop3110/tcppop-3#POPversion3
pop3110/udppop-3
.......
imap143/tcpimap2#InterimMailAccessProtov2
imap143/udpimap2
利用xinetd启动POP,IMAP,
#vi/etc/xinetd.d/imap
serviceimap
{
disable=no
socket_type=stream
wait=no
user=root
server=/usr/sbin/imapd
log_on_success+=HOSTDURATION
log_on_failure+=HOST
}
[root@mis010/]#vi/etc/xinetd.d/ipop3
servicepop3
{
disable=no
socket_type=stream
wait=no
user=root
server=/usr/sbin/ipop3d
log_on_success+=HOSTDURATION
log_on_failure+=HOST
}
[root@mis010/]#vi/etc/xinetd.d/ipop2
servicepop2
{
disable=no
socket_type=stream
wait=no
user=root
server=/usr/sbin/ipop2d
log_on_success+=HOSTDURATION
log_on_failure+=HOST
}
让xinetd重新读取设定值.
#/etc/rc.d/init.d/xinetdreload
测试POP3
telnetmyname.3322.org110
测试imap
telnetmyname.3322.org53

4安装squirrelmail

(这是一个比较流行的webmail程序，使用php4开发，可以使用它来基于web收发邮件)

4.1下载squirrelmail-1.4.10a.tar.gz
4.2安装:
解压后复制到/var/www/html/squirrelmail
4.3配置squirrelmail
#/var/www/html/squirrelmail/configure
1)配置基本信息,需要配置的是组织名称,登录logo,logo大小,标题,这些都可以后来配置,首先要配置的是:第5项和第6项,配置的值分别是空格(5项)和ISO-2022-CN(6项目)
2)配置服务器参数，domain:配置为的邮件服务器的域(这里为myname.3322.org),SendmailorSMTP:配置为sendmail输入R返回
4)进入常规配置
配置1.DataDirectory:/var/www/html/squirrelmail/data/
配置2.AttachmentDirectory:/var/www/html/squirrelmail/attachments/（可能需要自己创建）
返回;
8)进入插件管理,添加所由插件(输入数字可以选择),返回;选择S,保存数据,选择Q退出）

5测试

5.1创建测试帐号：
#useradd-s/bin/falsetest#passwdtest
5.2启动apache,使用如下命令：
#servicehttpdstart
5.3测试
在浏览起中输入http://myname.3322.org/squirrelmail/,使用test登录，即可进行邮件的收发了。

6小结

目前163,sina,mails.tsinghua.edu.cn,mails.gucas.ac.cn,home.ipe.ac.cn,gmail均可向该邮箱发信，其中sina,mails.tsinghua无法接受该邮箱发信，怀疑是由于该邮箱采用3322.org后缀，直接被过滤
另外由于3322.org绑定域名不支持反向域名解析，可能会有部分公网邮箱收不到该邮箱发信（目前没有遇到）
同时还需要进一步加强安全性防范