Configuration of sendmail in linux (RPM package)

Source: Internet
Author: User
Tags starttls
In linux, configure sendmail (RPM package)-Linux Enterprise Application-Linux server application information. For details, refer to the following section. Environment: RedHat Linux 9.0 is fully installed or the following installation packages have been installed:
Imap-2001a-18.i286.rpm
Sendmail-8.12.8-4.i386.rpm
M4-1.4.1-13.i386.rpm
Cyrus-sasl-2.1.10-4.i386.rpm
Cyrus-sasl-md5-2.1.10-4.i386.rpm
Cyrus-sasl-plain-2.1.10-4.i386.rpm
Cyrus-sasl-gssapi-2.1.10-4.i386.rpm
Objective: To configure and install an email server with authentication function
1. Sendmail service configuration
1. After installing RedHat Linux 9.0, modify/etc/mail/sendmail. mc. The modified file is as follows:
Divert (-1) dnl
Dnl #
Dnl # This is the sendmail macro config file for m4. If you make changes
Dnl #/etc/mail/sendmail. mc, you will need to regenerate
Dnl #/etc/mail/sendmail. cf file by confirming that the sendmail-cf package is
Dnl # installed and then Ming
Dnl #
Dnl # make-C/etc/mail
Dnl #
Include ('/usr/share/sendmail-cf/m4/cf. m4') dnl
VERSIONID ('setup for Red Hat Linux ') dnl
OSTYPE ('linux ') dnl
Dnl #
Dnl # Uncomment and edit the following line if your outgoing mail needs
Dnl # be sent out through an external mail server:
Dnl #
Dnl define ('smart _ host', 'smtp. your. provider ')
Dnl #
Define ('confdef _ USER_ID ', ''8: 12 '') dnl
Define ('conftrusted _ user', 'smmsp ') dnl
Dnl define ('confauto _ REBUILD ') dnl
Define ('confto _ CONNECT ', '1m') dnl
Define ('conftry _ NULL_MX_LIST ', true) dnl
Define ('confdont _ PROBE_INTERFACES ', true) dnl
Define ('procmail _ MAILER_PATH ','/usr/bin/procmail') dnl
Define ('Alias _ file', '/etc/aliases') dnl
Dnl define ('status _ file', '/etc/mail/statistics') dnl
Define ('ucp _ MAILER_MAX ', '2013') dnl
Define ('confuserdb _ SPEC ','/etc/mail/userdb. db') dnl
Define ('confprivacy _ FLAGS ', 'authwarnings, novrfy, noexpn, restrictqrun') dnl
Define ('confauth _ options', 'A') dnl
Dnl #
Dnl # The following allows relaying if the user authenticates, and disallows
Dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
Dnl #
Dnl define ('confauth _ options', 'a p') dnl
Dnl #
Dnl # PLAIN is the preferred plaintext authentication method and used
Dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
Dnl # use LOGIN. Other mechanic ISMs shoshould be used if the connection is not
Dnl # guaranteed secure.
Dnl #
Define (QUEUE_DIR, '/var/spool/mqueue/q *')
TRUST_AUTH_MECH ('external DIGEST-MD5 CRAM-MD5 login plain ') dnl
Define ('confauth _ MECHANISMS ', 'external GSSAPI DIGEST-MD5 CRAM-MD5 login plain') dnl
Dnl #
Dnl # Rudimentary information on creating certificates for sendmail TLS:
Dnl # make-C/usr/share/ssl/certs usage
Dnl #
Dnl define ('confcacert _ path', '/usr/share/ssl/certs ')
Dnl define ('confcacert ','/usr/share/ssl/certs/ca-bundle.crt ')
Dnl define ('confserver _ cert', '/usr/share/ssl/certs/sendmail. pem ')
Dnl define ('confserver _ key', '/usr/share/ssl/certs/sendmail. pem ')
Dnl #
Dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
Dnl # slapd, which requires the file to be readble by group ldap
Dnl #
Dnl define ('confdont _ blame_sendmail', 'groupreadablekeyfile') dnl
Dnl #
Dnl define ('confto _ queuewarn', '4h ') dnl
Dnl define ('confto _ queuereturn', '5d ') dnl
Dnl define ('confqueue _ la', '12') dnl
Dnl define ('confrefuse _ la', '18') dnl
Define ('confto _ IDENT ', '0') dnl
Dnl FEATURE (delay_checks) dnl
FEATURE ('no _ default_msa ', 'dnl') dnl
FEATURE ('smrsh', '/usr/sbin/smrsh') dnl
FEATURE ('mailertable', 'hash-o/etc/mail/mailertable. db') dnl
FEATURE ('your usertable', 'hash-o/etc/mail/Your usertable. db') dnl
FEATURE (redirect) dnl
FEATURE (always_add_domain) dnl
FEATURE (use_cw_file) dnl
FEATURE (use_ct_file) dnl
Dnl #
Dnl # The-t option will retry delivery if e.g. the user runs over his quota.
Dnl #
FEATURE (local_procmail, '', 'procmail-t-Y-a $ h-d $ U') dnl
FEATURE ('Access _ db', 'hash-T ;-O/etc/mail/access. db') dnl
FEATURE ('blacklist _ recipients ') dnl
EXPOSED_USER ('root') dnl
Dnl #
Dnl # The following causes sendmail to only listen on the IPv4 loopback address
Dnl #127.0.0.1 and not on any other network devices. Remove the loopback
Dnl # address restriction to accept email from the internet or intranet.
Dnl #
Dnl DAEMON_OPTIONS ('port = smtp, Addr = 127.0.0.1, Name = MTA ') dnl
Dnl #
Dnl # The following causes sendmail to additionally listen to port 587
Dnl # mail from MUAs that authenticate. Roaming users who can't reach their
Dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
Dnl # this useful.
Dnl #
DAEMON_OPTIONS ('port = 25, Name = Ms') dnl
Dnl #
Dnl # The following causes sendmail to additionally listen to port 465,
Dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
Dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
Dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
Dnl # and doesn' t support the deprecated smtps; Evolution <1.1.1 uses smtps
Dnl # when SSL is enabled -- STARTTLS support is available in version 1.1.1.
Dnl #
Dnl # For this to work your OpenSSL certificates must be configured.
Dnl #
Dnl DAEMON_OPTIONS ('port = smtps, Name = TLSMTA, M = S') dnl
Dnl #
Dnl # The following causes sendmail to additionally listen on the IPv6 loopback
Dnl # device. Remove the loopback address restriction listen to the network.
Dnl #
Dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
Dnl # a kernel patch
Dnl #
Dnl DAEMON_OPTIONS ('port = smtp, Addr =: 1, Name = MTA-v6, Family = inet6 ') dnl
Dnl #
Dnl # We stronugly recommend not accepting unresolvable domains if you want
Dnl # protect yourself from spam. However, the laptop and users on computers
Dnl # that do not have 24x7 DNS do need this.
Dnl #
FEATURE ('Accept _ unresolvable_domains ') dnl
Dnl #
Dnl FEATURE ('relay _ based_on_MX ') dnl
Dnl #
Dnl # Also accept email sent to "localhost. localdomain" as local email.
Dnl #
LOCAL_DOMAIN ('localhost. localdomain ') dnl
Dnl #
Dnl # The following example makes mail from this host and any additional
Dnl # specified domains appear to be sent from mydomain.com
Dnl #
Dnl MASQUERADE_AS ('mydomain. com') dnl
Dnl #
Dnl # masquerade not just the headers, but the envelope as well
Dnl #
Dnl FEATURE (masquerade_envelope) dnl
Dnl #
Dnl # masquerade not just @ mydomainalias.com, but @ * .mydomainalias.com as well
Dnl #
Dnl FEATURE (masquerade_entire_domain) dnl
Dnl #
Dnl MASQUERADE_DOMAIN (localhost) dnl
Dnl MASQUERADE_DOMAIN (localhost. localdomain) dnl
Dnl MASQUERADE_DOMAIN (mydomainalias.com) dnl
Dnl MASQUERADE_DOMAIN (mydomain. lan) dnl
MAILER (smtp) dnl
MAILER (procmail) dnl

In the file, where the red font behavior needs to be modified, a total of five lines need to be modified.
The first line is manually added and has nothing to do with authentication. It is used to Start Multiple message queues for better transmission performance.
The second and third rows remove the comments at the beginning of the line ." TRUST_AUTH_MECH enables sendmail to relay messages that are verified by EXTERNAL, LOGIN, PLAIN, CRAM-MD5, or DIGEST-MD5 regardless of how the access file is set, "confauth_mechanic isms" is used to determine the authentication method of the system. Outlook Express supports LOGIN authentication.
The fourth line is to add comments so that sendmail can listen to all network devices and provide services for the entire network, not just for the local machine.
The fifth line is modified. The original content is:
Dnl DAEMON_OPTIONS ('port = submission, Name = MSA, M = Ea ') dnl
Remove the annotator at the beginning of the line and change the content to Port = 25:
DAEMON_OPTIONS ('port = 25, Name = Ms') dnl
Authenticate the default smtp port (25), instead of the port 587. In this way, all users who use this email server to forward emails can only send emails after authentication.
2. Run:
# M4/etc/mail/sendmail. mc>;/etc/sendmail. cf
Use m4 to regenerate the sendmail. cf file
3. Since we have opened multiple queues, now we create multiple queue directories under/var/spool/mqueue/and run:
# Cd/var/spool/mqueue
# Mkdir q1 q2 q3 q4 q5 q6
4. Modify/etc/mail/local-host-names to add the mailbox name you want the mail server to use, for example, if the mailbox is: xxx@abc.com.cn, add abc.com.cn to the file.
5. Restart the sendmail service and run:
# Killall? HUP sendmail
6. You can telnet the local IP address 25 to verify that the sendmail service has been properly started. If the login is successful, the sendmail service has been successfully started.
# Telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'
220 localhost. localdomain ESMTP Sendmail 8.12.8/8.12.8; Wed, 12 May 2004 15:57:01 + 0800
Ehlo localhost
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
December 250-SIZE
250-DSN
250-AUTH GSSAPI LOGIN PLAIN
250-DELIVERBY
250-HELP
Quit
#
After AUTH, LOGIN can basically be authenticated on OutlookExpress.
Ii. Pop3 Service Configuration:
1. Run:
# Ntsysv
Select ipop3 in the system service list, and select 'OK' to save the launch.
2. Restart the xinetd service and run:
# Service xinetd restart
3. Run the netstat command to check whether the smtp and pop3 services have been started.
# Netstat-l
I used to refer to my post about configuring the sendmail email server with the authentication function in RedHat8.0 by Shen Yu and peng, but I found a problem after doing so. What's wrong is the configuration file.
Two sentences in/etc/mail/sendmail. mc:
DAEMON_OPTIONS ('port = 25, Name = MTA ') dnl
DAEMON_OPTIONS ('port = 587, Name = MSA, M = Ea ') dnl
According to this configuration, sendmail enforces identity authentication only on port 587, while port 25 is used by default on the smtp service (port 25 is used by default on OutlookExpress) the user does not recognize
Authentication does not matter. I select "my server requires Identity Authentication" sendmail on OutlookExpress for authentication. If this option is not selected, the sendmail server will forward any authentication.
He mail. This policy is obviously unreasonable. The security policy only enforces identity authentication on the default port 25. Otherwise, emails will not be forwarded and emails will not be opened on other ports. Therefore, the two sentences should be merged into one sentence:
DAEMON_OPTIONS ('port = 25, Name = Ms') dnl
In this configuration, the email server does not perform identity authentication only when both the receiving and receiving sides are local users. authentication is required in other cases.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.