Sendmail configuration Sendmail is often a "forbidden zone" for general system administrators, because most system users have high requirements and dependencies on e-mail, it can be said that the system manager should be prepared to accept the protests and complaints like snow! Sendmail's "internal mail" seems a little difficult to Sendmail.
Sendmail configuration
Sendmail is often a "forbidden zone" for general system administrators, because most systems use
The requirement and dependence on E-Mail are high, which can be said to be a slight error, and the system manager must be prepared to fly like a snow.
Come to protest and complain! The "internal letter" of Sendmail seems a little difficult to understand: it is related to the setting.
The sendmail. cf file, if not for a long time, reads like reading Tianshu, only knows that there is English text and
Number! So the average person can always do nothing, as long as they can use it. However, unfortunately, it generally comes with machines.
Sendmail always has an astonishing "additional function", that is, there are often some boring people as intrusion paths.
Path BUG or backend, some bugs also allow the attacker to get the highest permission root through Sendmail! Once the root permission
If the machine is taken away, the machine can be slaughtered at will, which is the worst and may damage the system!
Sun is widely used in China, and I am a little familiar with Sun. However, Sun's Sendmail
It is not flattering. it can be said that as long as Sun's Sendmail is still in use and there is no "regular" patch
We don't need to talk about system security. we also need to talk about it. if Sun's Sendmail is still in use, if the system holds
A non-fixed-time bomb may be detonated if you do not pay attention to it at any time :(. In this case, you can refer to CERT or 8lgm for a look.
Yes, as long as there is a sendmail problem, Sun mostly runs ..... Don't laugh at Sendmail from other systems.
The field rate is not as high as Sun, but it is also a problem. In addition, Sendmail 8.6.9 and earlier versions have just been released.
Ident bugs. If this is convenient, you must change to the latest version. If it is inconvenient
The version has a hard-to-solve method, that is, adding such a line to sendmail. cf:
Orident = 0
Indicates that no ident check is performed.
Before v8.6.5, you must replace it with the latest version.
This software has the highest rating in terms of system security. Currently, all known bugs have been modified. The main reason is that,
Of course, thanks to author Eric Allman. he (or they) can make a new version immediately after discovering major bugs (such as system installation ).
. This software is a public domain, and its source code can be found on various ftp servers on the network. For this software
Developers have automated some necessary setup steps. Therefore, installing the software is not as difficult as you would have imagined. For example
If the compile time is reached, the installation will be completed in less than half an hour! So, it's amazing! :
)
3. install Sendmail
3.1 download the latest Sendmail version
The latest Sendmail version can be obtained from the ftp://ftp.sendmail.org/pub/sendmail!
For example, sendmail.8.9.3.tar.gz is the latest version released as of the end of the article. size: 1068290 byte
For release of the latest version, browse the Sendmail home http://www.sendmail.org
3.2 install Sendmail
Remove the tar.gz package from tar fvxz sendmail.8.9.3.tar.gz and use make
-F starts compilation.
After compilation, the system will generate a system setting file, that is, sendmail. cf (this file is usually stored in/etc)
Next, follow these steps to continue the installation: (Note :~ /Sendmail is the unlocked sendmail directory)
1. switch to the config file directory ~ Under/sendmail/cf. Find an appropriate XXXX. mc file for your system. Author 1
Generally, tcpproto. mc is used. If you use the tcpproto. mc file
I tried 2.3. remember to add a line to the file:
OSTYPE (solaris2)
Sun 4.1.3. In the directory ~ /Sendmail/cf/ostype has several OSTYPE () available
OSTYPE () is only available in this directory (). Also, if it is system V's/bin/mail, like
You must add OSTYPE ().
For more information, see DOCUMENT :~ /Sendmail/cf/README. I hope some experienced friends can add :)
What if I accidentally forget to add OSTYPE? And there will be only "unknow mailer error" errors,
Then the email cannot be received.
One thing to remind everyone is: in ~ The. mc files of various systems seen by/sendmail/cf are
Eric Allman, author of Sendmail 8.6.x, "demo". Therefore, we can see that all file names have "cs ",
If these files are used without modification, errors will occur. There are a lot of changes to be made.
It is relatively simple to use tcpproto. mc and will not make mistakes :)
2. select a desired. mc file. then run m4 to generate the. cf file. Run the following command:
# M4 XXX. mc> YYY. cf if it is sun 4.1.3, the system may complain that the m4 version is too old. Please try:
#/Usr/5bin/m4 XXX. mc> YYY. cf
If it still doesn't work, take the new version of m4 back to compile (you can find gnu in http://www.gnu.org)
).
This step is to install the compile files to the system.
I have to remind you again: have you backed up the old file?
Good. if the compile results are not challenging and there are no errors, the. cf file generation process is not worth noting.
. The generated. cf file has also been changed. And most importantly: back up old files (not to scare me, this is to prevent
In case ).
1. pick a boss who is not using mail, and quickly switch to the directory ~ /Sendmail/src:
# Make-f Makefile. XXX install
The system will output compile ~ /Sendmail/src/sendmail and man document copy to their own directory (
So if you haven't backed up/usr/lib/sendmail, please pray that there will be no problems in the future, or you will be prepared for tears.
Cry!
Because the old one will be overwritten by the sendmail provided by compile)
2. switch to the directory ~ /Sendmail/cf: Copy the generated YYY. cf file to sendmail. cf in the system.
,
For example,/etc or/etc/mail.
3. kill the process of the old sendmail daemon. (This should not have to be me! Use ps-ax | grep
Sendmail | grep-v grep find the old daemon process (or head-1/etc/sendmail. pid or head-1
/Etc/mail/sendmail. pid), and then kill it with kill-9 processID (or directly kill-9 'head-1
/Etc/sendmail. pid ').
4. start the new daemon. For example, run the following command:
/Usr/lib/sendmail-bd-q30m
Of course, keep it conservative to see how the old daemon runs. the parameter is always correct.
At this time, the initial installation is complete. Next, see setting sendmail.
3.3 precautions for installing Sendmail
If the installation fails, refer to the following questions:
Use vi or any editor to edit the makefile file and make some necessary modifications. There are not many places to modify.
It is possible to modify the surface:
1. "CC =" if the compiler used in the original file is not in our system, this should be changed.
2. Does the system have a New database with Berkerlay installed? If yes, skip the current point to the 3rd point. If no (
For example, if SunOS is not installed, modify these lines (Makefile. SunOS is used as an example below, but other systems are similar
Like ):
A. change the value of DBMDEF =-DNDBM-DNEWDB-DNIS to DBMDEF =-DNDBM-DNIS (
Drop-DNEWDB)
B. REMARK the two rows: INCDIRS =-I/usr/sww/include/db --> #
INCDIRS =-I/usr/sww/include/db
LIBDIRS =-L/usr/sww/lib --> # LIBDIRS =-L/usr/sww/lib
C. modify the line LIBS =-ldb-ldbm-lresolv to LIBS =-ldbm-lresolv (that is, remove-db)
3. change the nroff "-mandoc" parameter to "-man" that is acceptable to the general system. (of course, this depends on your system.
If you use groff, you can easily use it directly without having to change this parameter :). If it is not changed
Install sendmail, but you cannot see the formatted sendmail file.
For directory permissions, you need to execute two commands:
Chmod go-w/etc/mail/usr/var/spool/mqueue
Chown root/etc/mail/usr/var/spool/mqueue
In many system spool directories,/usr/spool is used instead of/var/spool.
Yes/etc. if you want to set the RunAsUser option in sendmail. cf, the/var/spool/mqueue Directory requires
To RunAsUser user permissions, OK, then compile Sendmail and execute this command
Sendmail-v-bi
At this time, initialize alias database. if it displays:
WARNING: writable directory/etc
WARNING: writable directory/usr/spool/mqueue
This directory lists inappropriate write privileges and should avoid security attacks in many aspects.
4.1 Set Sendmail. cf
The generated YYY. cf generally needs to be changed to a place to receive messages normally. Find "Cw", the original. cf file, Cw should
Yes: Add all the host names that may be used as the email address on your machine after localhost.
For example, I have a machine named ftp.games.net.cn, which is also called gopher.games.net.cn,
And I want the two names of this machine to receive emails, so I want to do this:
Cwlocalhost ftp.games.net.cn gopher.games.net.cn
By the way, after Cw, only the name of the current machine can be written. never write the name of another machine. otherwise
Can be sent, then the written cannot be sent.
In fact, the above is a simple statement. if you are familiar with DNS, you can refer to this section to determine whether to be in Cw
And then write it to the east. Otherwise, skip this section and close your eyes and write all the names used by the machine :)
1. on a machine, if there are multiple names (hostnames), they are created using CNAME, for example:
$ ORIGIN games.net.cn
Ftp in a 140.119.1.2
Gopher in cname ftp
You do not need to mark it on Cw. The system will find its Canonical name through DNS.
2. if A machine has multiple names, however, each name is created using A record. For example:
$ ORIGIN games.net.cn.
Ftp in a 192.168.25.2
Gopher in a 192.168.25.2
In this case, remember to write the name of the email you want to receive after Cw. What if I forget to write this?
?
If you forget that there will be emails sent from external machines, but the machine names that have not been written cannot receive the emails, the machine will complain:
"Local configuration error ".
For example, the Cw line in my sendmail. cf is as follows: Cw games.net.cn
I will not be able to use this address:
Username@games.net.cn
And can only be used
Username@ftp.games.net.cn otherwise the above error will occur.
If an error is found, add it.
3. if a machine has multiple interfaces, each interface has its own name and needs to receive emails.
In this case, all hostnames to be received must be indicated after Cw.
OK! A standard sendmail. cf file is set up!
4.2 set access
Open/etc/mail/access and you will see (note that some system access files are no longer stored in/etc/mail, if they cannot be found)
Please use whereis to find or check whether the installation is normal)
# Checkthe/usr/doc/sendmail-8.9.3/README. cf file for a description
# Of the format of this file. (search for access_db in that file)
# The/usr/doc/sendmail-8.9.3/README. cf is part of the sendmail-doc
# Package.
#
# By default we allow relaying from localhost...
Localhost. localdomain RELAY
Localhost RELAY
If your IP address is 192.168.25.11, add 192.168.25.11 RELAY to the last line.
The last three lines of the file should be:
Localhost. localdomain RELAY
Localhost RELAY
192.168.25.11 RELAY
With this sentence, you can use sendmail to send and receive mail! However, if you want others to use sendmail's
Then, the IP address is 202.1625.22, so that 20255.25.22 RELAY is added to the last line.
The last four lines of the file should be:
Localhost. localdomain RELAY
Localhost RELAY
192.168.25.11 RELAY
192.168.25.22 RELAY
I think, you must have a question: if I want to set up 50 people to use sendmail, do I need to add 50 IP addresses !?
Hey, no, that's it. sendmail allows you to add the entire class C address when considering multiple users.
I have never tried it !)
The format is as follows:
Localhost. localdomain RELAY
Localhost RELAY
192.168.25 RELAY
In this way, you add the entire C address 192.168.52 to sendmail. if the user of this class C address is in your system
If you have an account in the system, you can use sendmail to send and receive emails!
4.3 set pop3
If you need pop3 to receive mail, you need to open the pop3 port,
Vi/etc/inetd. conf found
# Pop-3 stream tcp nowait root/usr/sbin/tcpd ipop3d
Delete.
Vi/etc/services found
# Pop-3 110/tcp # POP version 3
Delete.
In this way, after restart inetd, pop3 port 110 will be able to receive messages! If the problem persists, check whether pop is installed.
Port 3!
4.4 how to restart sendmail; inetd and precautions
One thing to remind everyone is to use "kill-9 [pid-of-sendmail]" to start sendmail again.
If you use kill-HUP, it will not work! (This is a problem that many people often encounter. remember !)
Use/etc/rc. d/init. d/sendmail restart in redhat6!
Inetd is/etc/rc. d/init. d/inetd restart
5.1 sendmail alias and forward
(1) send emails directly using IP addresses
Mail user @ [166.111.IP.Address]
You only need to use [] to enclose the IP address.
(2) about alias
Sendmail has two files in/etc: aliases and aliases. db. The latter uses newaliases
The generated alias Database. you can manually edit/etc/aliases, and then run newaliases to update the database (its
Real newaliases is a symlink to sendmail)
Eg: nickname: user@hotmail.com
Alias-name: real-user-account
Then mail nickname will be able to send the mail to the user@hotmail.com
And other people to the alias-name@your.domain.name of the letter will be transferred to the real user
Real-user-account
(3) about forward
Edit a. forward file under your $ HOME directory, and write the target email you want to forward
Address or the user name of the local machine, you can automatically forward the mail to the corresponding address
Eg:. forward: user@hotmail.com
Or other-user-account
Then, the e-mail to this person will be forwarded to hotmail or other-user-account.
(4) vacation
Find a vacation package (for example, a vacation rpm exists in the contrib of RedHat ).
/Usr/bin/vacation program and a man.
Run vacation first. it will let you edit the $ HOME/. vacation. msg file, that is, send it back to the other party.
Tell him what you don't read now. then edit the $ HOME/. forward file and write this \ username,
"|/Usr/bin/vacation username", username should be replaced with your own and then run vacation-I to create
Just set $ HOME/. vacation. db (see man for details)
(5) Some sendmail files
/Var/log/maillog sendmail log, useful for analyzing errors
/Var/spool/mail/$ USER. each USER has a file
/Var/spool/mqueue mail queue. you can use mailq to view emails to be sent in the queue.
(Mailq is also the symlink of sendmail)
Dfxxxxxx this is the content of the letter
Listen xxxxxx this is the subject of the letter and other information (every letter has a number, paired)
/Etc/sendmail. cf sendmail configuration file. be careful when modifying it.
/Etc/sendmail. cw if your machine has many alias, write the name
In this file, all messages can be written in this way.
5.2 restrict email size
Modify/etc/sendmail. cf:
Mlocal, P =/bin/mail, F = lsDFMrmn, S = 10, R = 20/40,
Maxsize = 1000000,
A = mail-d $ u
Mprog, P =/usr/local/sendmail/smrsh, F = lsDFMeu, S = 10, R = 20/40, D = $ z :/,
Maxsize = 1000000,
A = sh-c $ u
This limits incoming mail processed by smrsh and/bin/mail to 1 million bytes.
You can do the same with the Mstmp, Mesmtp, and Mrelay statements to limit
Size of outgoing mail as well.
You can do the same with the Mstmp, Mesmtp, and Mrelay statements to limit
Size of outgoing mail as well.