Sendmail + sasl2 Installation notes-Linux Enterprise Application-Linux server application information. The following is a detailed description. Sendmail + sasl2 Installation notes
Author: yjnet linuxsir (14:27:32)
Http://www.linuxsir.org/bbs/showthread.php? T = 103163
Installation Steps
1. Install cyrus-sasl-2.1.18.tar.gz first, and use the header file of sasl (simple authentication and security full-layer protocol) when installing sendmail.
Decompress:
# Tar-zxvf cyrus-sasl-2.1.18.tar.gz
Compile:
Go to the unzipped source code directory and run the following command to complete the installation.
#./Configure -- prefix =/usr/local/sasl2 -- enable-login
-- Enable-login must be added, because SASL2 does not support the login authentication method by default, while OUTLOOK performs SMTP verification through login.
# Make # compile
# Make install # install
After installing the above linux program, you can start the configuration and test.
2. Configure SASL
Some configuration work is required to apply SASL to sendmail authentication. Sendmail will go to the/usr/lib directory to find the SASL2 library, and we will install the program in/usr/local/sasl2, why not install the software in the/usr/lib directory? This is mainly to manage the software installed on your own. Therefore, we need to make a link under the/usr/lib directory:
# Cd/usr/lib
# Ln-s/usr/local/sasl2/lib /*.
OK. Create a directory under the/var/directory to provide temporary data to the saslauthd process.
# Cd/var
# Mkdir state
# Cd state
# Mkdir saslauthd
Note: if these directories are not available, an error is prompted when running saslauthd.
OK, then to ensure that the CYRUS-SASL2 function library knows how to verify the received SASL authentication request, you must create a SASL configuration file to define the MTA program as a SASL application. The configuration file name is Sendmail. conf (note the uppercase S), which is located in the/usr/lib/sasl2 directory, that is, the/usr/local/sasl2/lib/sasl2 directory, do you remember the link created above? In this file, you define the Authentication database method you want to use. The following example uses saslauthd to verify the authentication request.
# Cd/usr/lib/sasl2
# Echo 'pwcheck _ method: saslauthd'> Sendmail. conf
3. Test
OK. Now you can run saslauthd and perform the test.
# Cd/usr/local/sasl2/sbin
#./Saslauthd-a shadow
Use the shadow user and password for verification.
#./Testsaslauthd-u userid-p password
0: OK "Success ."
If the preceding information is displayed, saslauthd is running properly. The testsaslauthd program is not compiled by default. You need to run the # make testsaslauthd command in the saslauthd subdirectory of the source code directory tree to generate the program.
4. Install sendmail after sasl2 is installed.
Extract the sendmail source code.
# Tar-zxvf sendmail.8.12.10.tar.gz
If you want sendmail to support SASL, You need to modify the location configuration file site. config. m4 of the source code. Site. config. m4 is located in devtools/Site of the source code directory tree. The file should contain the following lines:
PREPENDDEF ('confmapdef ','-DMAP_REGEX ')
APPENDDEF ('confenvdef ','-DTCPWRAPPERS-DSASL = 2 ')
APPENDDEF ('conf _ sendmail_LIBS ','-lwrap-lsasl2 ')
APPENDDEF ('conflibdirs', '-L/usr/local/sasl2/lib ')
APPENDDEF ('confincdirs', '-I/usr/local/sasl2/include ')
Configure the regular expression content in the first line.
Lines 2 and 3 indicate that sasl2 and tcp_wrapper are supported in the sendmail Program (access can be controlled through hosts. allow and hosts. deny)
4. Configure the five elements to indicate the location of the sasl2 library file and header file.
OK, create some users and Directories Before compilation, and ensure that you have the correct permissions.
Sendmail must have a set-group-id (smmsp group by default) program to query queued emails in a writable directory. Therefore, we need to create an smmsp user and group. Create the following directory and set the relevant permissions. For specific settings, You can query the sendmail/SECURITY document under the source directory.
# Groupadd smmsp
# Useradd smmsp-d/var/spool/clientmqueue-s/dev/null
# Mkdir/var/spool/clientmqueue
# Chown-R smmsp: smmsp/var/spool/clientmqueue
# Chmod-R 770/var/spool/clientmqueue
# Mkdir/etc/mail
# Mkdir/var/spool/mqueue
# Chmod go-w/etc/mail/usr/var/spool/mqueue
# Chown root/etc/mail/usr/var/spool/mqueue
OK, then you can go to the source code directory tree to start compilation.
#./Build-c
-C option can delete the last compiled file.
#./Build install
After compilation, you can install it.
5. sendmail configuration
To run sendmail properly, you also need to configure several files. The most important one is the sendmail. cf file. It has many examples under the cf/cf directory under the source code directory. You can copy and use it. Because the syntax in sendmail. cf is complex, it is not recommended to modify it manually. We can use the sendmail. mc document together with the macro under the sendmail-cf directory to automatically generate it through the m4 Preprocessor. The m4 Preprocessor is used to create the sendmail configuration file from a set of macro files. Macro files are read as input. Macro is expanded and then written to an output file. The sendmail-cf directory is generally stored in the/usr/share directory. In fact, the content of the sendmail-cf directory is the same as that of the cf directory under the source code directory. Therefore, to ensure that the content of the sendmail-cf directory is synchronized with the installed version, copy the content of the cf directory under the source code directory to the/usr/share/sendmail-cf directory.
The content of the sendmail. mc configuration document is as follows:
Divert (-1)
Include ('/usr/share/sendmail-cf/m4/cf. m4 ')
VERSIONID ('linux setup for Red Hat linux ') dnl
OSTYPE ('linux ')
Dnl Uncomment and edit the following line if your mail needs to be sent out
Dnl through an external mail server:
Dnl define ('smart _ host', 'smtp. your. provider ')
Define ('confdef _ USER_ID ', ''8: 12 '') dnl
Undefine ('ucp _ RELAY ') dnl
Undefine ('bitnet _ RELAY ') dnl
Dnl define ('confauto _ REBUILD ') dnl
Define ('confto _ CONNECT ', '1m') dnl
Define ('conftry _ NULL_MX_LIST ', true) dnl
Define ('confdont _ PROBE_INTERFACES ', true) dnl
Define ('procmail _ MAILER_PATH ','/usr/bin/procmail') dnl
Define ('Alias _ file', '/etc/mail/aliases') dnl
Define ('status _ file', '/etc/mail/statistics') dnl
Define ('ucp _ MAILER_MAX ', '2013') dnl
Define ('confuserdb _ SPEC ','/etc/mail/userdb. db') dnl
Define ('confprivacy _ FLAGS ', 'authwarnings, novrfy, noexpn, restrictqrun') dnl
Define ('confauth _ options', 'A') dnl
TRUST_AUTH_MECH ('external DIGEST-MD5 CRAM-MD5 login plain ') dnl
Define ('confauth _ MECHANISMS ', 'external GSSAPI DIGEST-MD5 CRAM-MD5 login plain') dnl
Dnl define ('confcacert _ path', '/usr/share/ssl/certs ')
Dnl define ('confcacert ','/usr/share/ssl/certs/ca-bundle.crt ')
Dnl define ('confserver _ cert', '/usr/share/ssl/certs/sendmail. pem ')
Dnl define ('confserver _ key', '/usr/share/ssl/certs/sendmail. pem ')
Dnl define ('confto _ queuewarn', '4h ') dnl
Dnl define ('confto _ queuereturn', '5d ') dnl
Dnl define ('confqueue _ la', '12') dnl
Dnl define ('confrefuse _ la', '18') dnl
Define ('confto _ IDENT ', '0') dnl
Dnl FEATURE (delay_checks) dnl
FEATURE ('no _ default_msa ', 'dnl') dnl
FEATURE ('smrsh', '/usr/sbin/smrsh') dnl
FEATURE ('mailertable', 'hash-o/etc/mail/mailertable. db') dnl
FEATURE ('your usertable', 'hash-o/etc/mail/Your usertable. db') dnl
FEATURE (redirect) dnl
FEATURE (always_add_domain) dnl
FEATURE (use_cw_file) dnl
FEATURE (use_ct_file) dnl
Dnl The '-t' option will retry delivery if e.g. the user runs over his quota.
FEATURE (local_procmail, '', 'procmail-t-Y-a $ h-d $ U') dnl
FEATURE ('Access _ db', 'hash-T -O/etc/mail/access. db') dnl
FEATURE ('blacklist _ recipients ') dnl
EXPOSED_USER ('root') dnl
Dnl This changes sendmail to only listen on the loopback device 127.0.0.1
Dnl and not on any other network devices. Comment this out if you want
Dnl to accept email over the network.
DAEMON_OPTIONS ('port = smtp, Addr = 0.0.0.0, Name = MTA ')
Dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires
Dnl a kernel patch
Dnl DAEMON_OPTIONS ('port = smtp, Addr =: 1, Name = MTA-v6, Family = inet6 ')
Dnl We stronugly recommend to comment this one out if you want to protect
Dnl yourself from spam. However, the laptop and users on computers that do
Dnl not have 24x7 DNS do need this.
FEATURE ('Accept _ unresolvable_domains ') dnl
Dnl FEATURE ('relay _ based_on_MX ') dnl
MAILER (smtp) dnl
MAILER (procmail) dnl
Remember to make the following two statements valid. It means that if access. db access control is not set, the following authentication method is enabled for smtp authentication.
TRUST_AUTH_MECH ('external DIGEST-MD5 CRAM-MD5 login plain ') dnl
Define ('confauth _ MECHANISMS ', 'external GSSAPI DIGEST-MD5 CRAM-MD5 login plain') dnl
Sendmail macro definition
Divert (n) defines a Buffer Action for m4. When n =-1, the buffer is deleted, and when n = 0, a new buffer is started.
OSTYPE defines the operating system used by the macro, which allows the m4 program to add files related to the relevant operating system.
Domain defines the domains that the MTA will use to transmit messages.
Feature defines a specific Feature set used in the configuration file
Define defines a specific option value in the configuration file
MASQUERADE_AS defines other host names for sendmail to respond to emails
MAILER defines the mail transmission method used by sendmail
Dnl Annotation
After writing the sendmail. mc document, you can use the m4 program to generate the official sendmail. cf configuration document. Syntax:
# M4 sendmail. mc> sendmail. cf
You can also use the cf/Build command under the source code directory. The premise is that you have a sendmail. mc document in this directory. Syntax:
#./Build sendmail. cf
OK. Then you can install the sendmail. cf and submit. cf documents in the/etc/mail directory. The syntax is as follows:
#./Build install-cf
In fact, you can also copy it by using the cp command. Remember to copy the sendmail. mc document to the/etc/mail directory so that you can generate the sendmail. cf document again when you modify the configuration later.
OK, configure some documents in the/etc/mail directory.
# Cd/etc/mail
# Echo 'examply. com'> local-host-names
# Echo 'localhost RELAY '> access is used to reject or allow emails from a domain. In this example, local Forwarding is allowed.
# Makemap hash access <access generates the access. db database
# Touch domaintable is used to map old domain names to new domain names
# Makemap hash domaintable <domaintable
# Touch mailertable to overwrite the route to the specified domain
# Makemap hash mailertable <mailertable
# Touch trusted-users
# Touch login usertable is used to map users and domain names to other addresses
# Makemap hash partition usertable <partition usertable
# Chown root: wheel/var/spool/mqueue/
# Chmod 700/var/spool/mqueue
# Touch aliases alias database in text format. Refer to the sendmail/aliases file under the source code directory.
# Newaliases creates a new alias database file from a text file.
# Start sendmail-v-bi debugging.
/Etc/mail/aliases: 42 aliases, longest 10 bytes, 432 bytes total
If the preceding message is displayed, the instance is successfully started. Run the following command to start the service:
# Sendmail-bd-q30m
Run this command in-bd mode and make it round-robin once every 30 minutes (-q30m) to check whether new emails exist.
After the server is started, you can use telnet to connect to the server.
# Telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 test. tigerhead ESMTP Sendmail 8.12.10/8.12.10; Tue, 30 Mar 2004 14:50:14 + 0800
Ehlo test the command you entered and press enter to finish.
250-test.tigerhead Hello LOCALHOST. localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
December 250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
Server Response Information starting with 250. Note that the last row indicates that smtp verification is successfully configured.
Enter quit to exit.
After installation, you must adjust the directory permissions to ensure system security. Refer to the sendmail/SECURITY document in the sendmail source code directory.
# Chmod 0640/etc/mail/aliases. {db, pag, dir}
# Chmod 0640/etc/mail/*. {db, pag, dir}
# Chmod 0640/etc/mail/statistics/var/log/sendmail. st
# Chmod 0600/var/run/sendmail. pid/etc/mail/sendmail. pid
-R-xr-sr-x root smmsp.../PATH/TO/sendmail
Drwxrwx --- smmsp.../var/spool/clientmqueue
Drwx ------ root wheel.../var/spool/mqueue
-R -- root wheel.../etc/mail/sendmail. cf
-R -- root wheel.../etc/mail/submit. cf
6. sendmail features
Aliases alias database settings
Test: test1, test2, test3 sets the alias of the test group. test is not an actual user, but an alias. All messages sent to test, test1, 2, and 3 can be received.
Test: test, testbak in testbak mailbox backup test mail.
Test: test, test@163.com remote mail backup, the same principle.
Test: include:/etc/mail/userlist use the user list to set a group.
The userlist format is as follows:
Test1 ,\
Test2 ,\
Test3 ,\
Test4
For the system-preset aliases, because sendmail uses mailer-daemon and postmaster as the data transmitter by default, or the account returned by the email, but the system does not actually have these two accounts, you need to set the alias as follows.
Mailer-daemon: postmaster
Postmaster: root
Do not forget to use the newaliases command to generate a database.
~ /. Forward file configuration
In fact, the role of this document is similar to that of the aliases database. It is configured with aliases for Email Forwarding. Alises can only be controlled by administrators and cannot be modified by individual users. Therefore, you can create a Forwarding Document in the personal directory. To set the personal mail forwarding list. The document format is as follows:
Test
Test1
Test2
Test3
And OS on
However, due to the poor security awareness of individual users, security vulnerabilities may occur if improperly configured, which is not recommended.
Access Control List settings
92.168 RELAY
Test. NET OK
Test. COM REJECT
Test. COM 550 SORRY, we don't ALLOW SPAMMERS HERE
Test. ORG DISCARD
OK -- the remote host can send emails to your email server;
RELAY -- allow transit;
REJECT -- you cannot send emails to your email server or send emails to your email server;
DISCARD-emails sent will be discarded without returning an error message to the sender.
Nnn text-emails sent will be discarded, but sendmail will return the smtp Code determined by nnn and text description determined by the text variable to the sender.
After the settings are complete, use the makemap hash access. db <access command to generate a database.
Mailq Message Queue query command.
Q-ID email id.
Size the mail capacity.
Q-Time: Why can't I mail emails to the queue (that is, the/var/spool/mqueue directory.
The email address of the Sender and Recipient of the Sender/Recipient.
Mailstats mail status query command to query the total number of mails sent and received Since sendmail was run.
M:
Msgsfr: Number of sent mails.
Bytes_from: mail capacity
Megsto: Number of emails received.
Bytes_to: Same as above
Msgsrej: Number of deny emails.
Msgsdis: the number of discard mails.
Mailer: esmtp external mail, local mail.
Mail command
View the email content in the/var/spool/mail/directory. Exit with q and save the emails you have viewed in ~ /Mbox.
Mail test@example.com direct mail to people.
Mail-s 'title text' test@example.com <mail.txt mailed the content in the document.
Mail-f ~ /Mbox to view the mailbox content in the home directory.
It is also feasible to send attachments by mail. The uuencode and uudecode commands must be used for encoding.
Encoding: uuencode [file] name example: uuencode hello> hello. uue default input is stdin; default output is stdout.
Decoding: uudecode [-o outfile] name example: uudecode hello. uue can use the-o option to output another file name.
# Uuencode ~ /. Bashrc | mail-s 'test uencode' test@example.com
Http://www.fanqiang.com)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.