Sendmail Study Notes Ver1.0

Sendmail Study Notes Ver1.0 -- Linux Enterprise Application-Linux server application information. For more information, see below. Sendmail Study Notes Ver 1.0
Completion Time: 2004-3-30
Author: Jims
Http://www.ringkee.com
Notes: you are welcome to reprint



Install Required Software
Sendmail.8.12.10.tar.gz Co., http://www.sendmail.org/
Cyrus-sasl-2.1.18.tar.gz http://asg.web.cmu.edu/cyrus/

Installation Steps
1. Install cyrus-sasl-2.1.18.tar.gz first, and use sasl (simple authentication and security layer-7 Protocol) to install sendmail.
2. header file of the library file.
Decompress:
# Tar-zxvf cyrus-sasl-2.1.18.tar.gz
Compile:
Go to the unzipped source code directory and run the following command to complete the installation.
#./Configure -- prefix =/usr/local/sasl2 -- enable-login
-- Enable-login must be added, because SASL2 does not support the login authentication method by default, while OUTLOOK uses
Login for SMTP authentication.
# Make # compile
# Make install # install
After installing the above linux program, you can start the configuration and test.

2. Configure SASL
Some configuration work is required to apply SASL to sendmail authentication. Sendmail will go to the/usr/lib directory.
Find the SASL2 library, and we install the program in/usr/local/sasl2. Why not install the software in the/usr/lib directory?
What about it? This is mainly to manage the software installed on your own. Therefore, we need to make a link under the/usr/lib directory:
# Cd/usr/lib
# Ln-s/usr/local/sasl2/lib /*.
OK. Create a directory under the/var/directory to provide temporary data to the saslauthd process.
# Cd/var
# Mkdir state
# Cd state
# Mkdir saslauthd
Note: if these directories are not available, an error is prompted when running saslauthd.
OK, then to ensure that the CYRUS-SASL2 function library knows how to verify the received SASL authentication request, you must create
A sasl configuration file to define the MTA program as a SASL application. The configuration file name is Sendmail. conf (note:
(S), in the/usr/lib/sasl2 directory, that is, the/usr/local/sasl2/lib/sasl2 directory.
Is the link created? In this file, you define the Authentication database method you want to use. The following example uses
Saslauthd to verify the authentication request.
# Cd/usr/lib/sasl2
# Echo 'pwcheck _ method: saslauthd'>; Sendmail. conf

3. Test
OK. Now you can run saslauthd and perform the test.
# Cd/usr/local/sasl2/sbin
#./Saslauthd-a shadow
Use the shadow user and password for verification.
#./Testsaslauthd-u userid-p password
0: OK "Success ."
If the preceding information is displayed, saslauthd is running properly. The testsaslauthd program is not compiled by default. You
Run the # make testsaslauthd command in the saslauthd subdirectory of the source code directory tree.

4. Install sendmail after sasl2 is installed.
Extract the sendmail source code.
# Tar-zxvf sendmail.8.12.10.tar.gz
If you want sendmail to support SASL, You need to modify the location configuration file site. config. m4 of the source code. Site. config. m4 bit
In the devtools/Site of the source code directory tree. The file should contain the following lines:
PREPENDDEF ('confmapdef ','-DMAP_REGEX ')
APPENDDEF ('confenvdef ','-DTCPWRAPPERS-DSASL = 2 ')
APPENDDEF ('conf _ sendmail_LIBS ','-lwrap-lsasl2 ')
APPENDDEF ('conflibdirs', '-L/usr/local/sasl2/lib ')
APPENDDEF ('confincdirs', '-I/usr/local/sasl2/include ')
Configure the regular expression content in the first line.
The second and third lines indicate that sasl2 and tcp_wrapper are supported in the sendmail Program (through hosts. allow and
Hosts. deny controls access)
4. Configure the five elements to indicate the location of the sasl2 library file and header file.

OK, create some users and Directories Before compilation, and ensure that you have the correct permissions.
Sendmail must have a set-group-id (smmsp group by default) program to query data in a writable directory.
Queue emails. Therefore, we need to create an smmsp user and group. Create the following directory and set the corresponding permissions.
You can query the sendmail/SECURITY document under the source code directory.
# Groupadd smmsp
# Useradd smmsp-d/var/spool/clientmqueue-s/dev/null
# Mkdir/var/spool/clientmqueue
# Chown-R smmsp: smmsp/var/spool/clientmqueue
# Chmod-R 770/var/spool/clientmqueue
# Mkdir/etc/mail
# Mkdir/var/spool/mqueue
# Chmod go-w/etc/mail/usr/var/spool/mqueue
# Chown root/etc/mail/usr/var/spool/mqueue

OK, then you can go to the source code directory tree to start compilation.
#./Build-c
-C option can delete the last compiled file.
#./Build install
After compilation, you can install it.

5. sendmail configuration
To run sendmail properly, you also need to configure several files. The most important one is the sendmail. cf file. It is in the source
The cf/cf directory under the Code directory contains many examples for reference. You can copy and use it. Because of the syntax in sendmail. cf
It is very complicated, so it is not recommended to manually modify it. We can use the sendmail. mc document together with the macro communication under the sendmail-cf directory
Automatically generated by the m4 Preprocessor. The m4 Preprocessor is used to create the sendmail configuration file from a set of macro files. Macro
Is read as input. Macro is expanded and then written to an output file. The sendmail-cf directory is generally stored in/usr/share.
Directory. In fact, the content of the sendmail-cf directory is the same as that of the cf directory under the source code directory.
To ensure that the content of the sendmail-cf directory is synchronized with the installed version, copy the content of the cf directory under the source code directory
/Usr/share/sendmail-cf directory.

The content of the sendmail. mc configuration document is as follows:
Divert (-1)
Include ('/usr/share/sendmail-cf/m4/cf. m4 ')
VERSIONID ('linux setup for Red Hat linux ') dnl
OSTYPE ('linux ')
Dnl Uncomment and edit the following line if your mail needs to be sent out
Dnl through an external mail server:
Dnl define ('smart _ host', 'smtp. your. provider ')
Define ('confdef _ USER_ID ', ''8: 12 '') dnl
Undefine ('ucp _ RELAY ') dnl
Undefine ('bitnet _ RELAY ') dnl
Dnl define ('confauto _ REBUILD ') dnl
Define ('confto _ CONNECT ', '1m') dnl
Define ('conftry _ NULL_MX_LIST ', true) dnl
Define ('confdont _ PROBE_INTERFACES ', true) dnl
Define ('procmail _ MAILER_PATH ','/usr/bin/procmail') dnl
Define ('Alias _ file', '/etc/mail/aliases') dnl
Define ('status _ file', '/etc/mail/statistics') dnl
Define ('ucp _ MAILER_MAX ', '2013') dnl
Define ('confuserdb _ SPEC ','/etc/mail/userdb. db') dnl
Define ('confprivacy _ FLAGS ', 'authwarnings, novrfy, noexpn, restrictqrun') dnl
Define ('confauth _ options', 'A') dnl
TRUST_AUTH_MECH ('external DIGEST-MD5 CRAM-MD5 login plain ') dnl
Define ('confauth _ MECHANISMS ', 'external GSSAPI DIGEST-MD5 CRAM-MD5
Login plain ') dnl
Dnl define ('confcacert _ path', '/usr/share/ssl/certs ')
Dnl define ('confcacert ','/usr/share/ssl/certs/ca-bundle.crt ')
Dnl define ('confserver _ cert', '/usr/share/ssl/certs/sendmail. pem ')
Dnl define ('confserver _ key', '/usr/share/ssl/certs/sendmail. pem ')
Dnl define ('confto _ queuewarn', '4h ') dnl
Dnl define ('confto _ queuereturn', '5d ') dnl
Dnl define ('confqueue _ la', '12') dnl
Dnl define ('confrefuse _ la', '18') dnl
Define ('confto _ IDENT ', '0') dnl
Dnl FEATURE (delay_checks) dnl
FEATURE ('no _ default_msa ', 'dnl') dnl
FEATURE ('smrsh', '/usr/sbin/smrsh') dnl
FEATURE ('mailertable', 'hash-o/etc/mail/mailertable. db') dnl
FEATURE ('your usertable', 'hash-o/etc/mail/Your usertable. db') dnl
FEATURE (redirect) dnl
FEATURE (always_add_domain) dnl
FEATURE (use_cw_file) dnl
FEATURE (use_ct_file) dnl
Dnl The '-t' option will retry delivery if e.g. the user runs over his quota.
FEATURE (local_procmail, '', 'procmail-t-Y-a $ h-d $ U') dnl
FEATURE ('Access _ db', 'hash-T ;-O/etc/mail/access. db') dnl
FEATURE ('blacklist _ recipients ') dnl
EXPOSED_USER ('root') dnl
Dnl This changes sendmail to only listen on the loopback device 127.0.0.1
Dnl and not on any other network devices. Comment this out if you want
Dnl to accept email over the network.
DAEMON_OPTIONS ('port = smtp, Addr = 0.0.0.0, Name = MTA ')
Dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires
Dnl a kernel patch
Dnl DAEMON_OPTIONS ('port = smtp, Addr =: 1, Name = MTA-v6, Family = inet6 ')
Dnl We stronugly recommend to comment this one out if you want to protect
Dnl yourself from spam. However, the laptop and users on computers that do
Dnl not have 24x7 DNS do need this.
FEATURE ('Accept _ unresolvable_domains ') dnl
Dnl FEATURE ('relay _ based_on_MX ') dnl
MAILER (smtp) dnl
MAILER (procmail) dnl

Remember to make the following two statements valid, which means that if access. db access control is not set, enable the following
Smtp authentication.
TRUST_AUTH_MECH ('external DIGEST-MD5 CRAM-MD5 login plain ') dnl
Define ('confauth _ MECHANISMS ', 'external GSSAPI DIGEST-MD5 CRAM-MD5
Login plain ') dnl

Sendmail macro definition
Divert (n) defines a Buffer Action for m4. When n =-1, the buffer is deleted, and when n = 0, a new buffer is started.
OSTYPE defines the operating system used by the macro, which allows the m4 program to add
File
Domain defines the domains that the MTA will use to transmit messages.
Feature defines a specific Feature set used in the configuration file
Define defines a specific option value in the configuration file
MASQUERADE_AS defines other host names for sendmail to respond to emails
MAILER defines the mail transmission method used by sendmail
Dnl Annotation

After writing the sendmail. mc document, you can use the m4 program to generate the official sendmail. cf configuration document. The syntax is as follows:
Below:
# M4 sendmail. mc>; sendmail. cf
You can also use the cf/Build command under the source code directory. If you want to have sendmail. mc in this directory
Documentation. Syntax:
#./Build sendmail. cf

OK. Then you can install the sendmail. cf and submit. cf documents in the/etc/mail directory. The syntax is as follows:
#./Build install-cf
In fact, you can also copy it by using the cp command. Remember to copy the sendmail. mc document to the/etc/mail directory,
This allows you to regenerate the sendmail. cf document when you modify the configuration later.

OK, configure some documents in the/etc/mail directory.
# Cd/etc/mail
# Echo 'examply. com' >;>; local-host-names host name for receiving emails
# Echo 'localhost RELAY '>; access is used to reject or allow emails from a domain. In this example
Local forwarding.
# Makemap hash access <access generates the access. db database
# Touch domaintable is used to map old domain names to new domain names
# Makemap hash domaintable <domaintable
# Touch mailertable to overwrite the route to the specified domain
# Makemap hash mailertable <mailertable
# Touch trusted-users
# Touch login usertable is used to map users and domain names to other addresses
# Makemap hash partition usertable <partition usertable
# Chown root: wheel/var/spool/mqueue/
# Chmod 700/var/spool/mqueue
# Touch aliases alias database in text format. Refer to the source code directory tree
Sendmail/aliases file.
# Newaliases creates a new alias database file from a text file.
# Start sendmail-v-bi debugging.
/Etc/mail/aliases: 42 aliases, longest 10 bytes, 432 bytes total
If the preceding message is displayed, the instance is successfully started. Run the following command to start the service:
# Sendmail-bd-q30m
Run this command in-bd mode and make it round-robin once every 30 minutes (-q30m)
Column to check for new emails.

After the server is started, you can use telnet to connect to the server.
# Telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 test. tigerhead ESMTP Sendmail 8.12.10/8.12.10; Tue, 30 Mar 2004 14:50:14 + 0800
Ehlo test the command you entered and press enter to finish.
250-test.tigerhead Hello LOCALHOST. localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
December 250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
Server Response Information starting with 250. Note that the last row indicates that smtp verification is successfully configured.
Enter quit to exit.



After installation, you must adjust the directory permissions to ensure system security. Refer to the sendmail source code directory.
Sendmail/SECURITY document.
# Chmod 0640/etc/mail/aliases. {db, pag, dir}
# Chmod 0640/etc/mail/*. {db, pag, dir}
# Chmod 0640/etc/mail/statistics/var/log/sendmail. st
# Chmod 0600/var/run/sendmail. pid/etc/mail/sendmail. pid
-R-xr-sr-x root smmsp.../PATH/TO/sendmail
Drwxrwx --- smmsp.../var/spool/clientmqueue
Drwx ------ root wheel.../var/spool/mqueue
-R -- root wheel.../etc/mail/sendmail. cf
-R -- root wheel.../etc/mail/submit. cf

6. sendmail features
Aliases alias database settings
Test: test1, test2, test3 sets the alias of the test group. test is not an actual user, but an alias. Send
Test messages, test1, 2, and 3 can be received.
Test: test, testbak in testbak mailbox backup test mail.
Test: test, test@163.com remote mail backup, the same principle.
Test: include:/etc/mail/userlist use the user list to set a group.
The userlist format is as follows:
Test1 ,\
Test2 ,\
Test3 ,\
Test4
For system preset aliases, because sendmail uses mailer-daemon and postmaster as the data transmitter,
Or the account returned by the email, but the system does not actually have these two accounts, so you need to set the alias as follows.
Mailer-daemon: postmaster
Postmaster: root
Do not forget to use the newaliases command to generate a database.

~ /. Forward file configuration
In fact, the role of this document is similar to that of the aliases database. It is configured with aliases for Email Forwarding. Because alises
It can only be controlled by administrators and cannot be modified by individual users. Therefore, you can create a Forwarding Document in the personal directory. To
Set the personal mail forwarding list. The document format is as follows:
Test
Test1
Test2
Test3
And OS on
However, due to the poor security awareness of individual users, security vulnerabilities may occur if improperly configured, which is not recommended.

Access Control List settings
92.168 RELAY
Test. NET OK
Test. COM REJECT
Test. COM 550 SORRY, we don't ALLOW SPAMMERS HERE
Test. ORG DISCARD
OK -- the remote host can send emails to your email server;
RELAY -- allow transit;
REJECT -- you cannot send emails to your email server or send emails to your email server;
DISCARD-emails sent will be discarded without returning an error message to the sender.
Nnn text-emails sent will be discarded, but sendmail will return nnn-determined smtp Code and text to the sender
The text description determined by the variable.
After the settings are complete, use the makemap hash access. db <access command to generate a database.

Mailq Message Queue query command.
Q-ID email id.
Size the mail capacity.
Q-Time: Why can't I mail emails to the queue (that is, the/var/spool/mqueue directory.
The email address of the Sender and Recipient of the Sender/Recipient.

Mailstats mail status query command to query the total number of mails sent and received Since sendmail was run.
M:
Msgsfr: Number of sent mails.
Bytes_from: mail capacity
Megsto: Number of emails received.
Bytes_to: Same as above
Msgsrej: Number of deny emails.
Msgsdis: the number of discard mails.
Mailer: esmtp external mail, local mail.

Mail command
View the email content in the/var/spool/mail/directory. Exit with q and save the viewed emails in
~ /Mbox.
Mail test@example.com direct mail to people.
Mail-s 'title text' test@example.com <mail.txt mailed the content in the document.
Mail-f ~ /Mbox to view the mailbox content in the home directory.
It is also feasible to send attachments by mail. The uuencode and uudecode commands must be used for encoding.
Encoding: uuencode [file] name example: uuencode hello>; hello. uue default input
Is stdin; default output is stdout.
Decoding: uudecode [-o outfile] name example: uudecode hello. uue can use the-o option to output another
File Name.
# Uuencode ~ /. Bashrc | mail-s 'test uencode' test@example.com