Problem
Configuration of SendMail
SendMail is often a "no-go area" for general system managers, because most systems use
The need for e-mail and dependence on the degree of high, can be said to be a bit of a mistake, system managers will be ready to accept the snowflakes like flying
To the protests and complaints! and sendmail this Dongdong "inner letter", seems to be a little less easy to understand: and set about
SENDMAIL.CF file, if not after some dead kung fu, then read like a Bible, only know that there are English words and
Digital! So the average person can always stay still, as long as it can be used. But unfortunately, it's usually followed by the machine.
SendMail always have the "additional function" of shocking, that is, there are often some can let boring people as an intrusion road
Bug or rear door, some bugs can also allow the intruder to obtain the highest privileges through SendMail root! Once root permissions
is taken away, then the machine can be arbitrarily slaughtered, the worst, but also can damage the system!
Sun in the domestic use of a large population, the author of Sun is slightly more familiar with a bit. However, Sun's SendMail
is quite a compliment, almost as long as it is still using Sun's sendmail without "often"patch words, that
What system security does not need to talk about, talk about is also white talk; If you are still using Sun's sendmail, then if the system is holding a
No time bomb, at any moment without notice, can detonate: (. This, you can flip a cert or 8LGM to see, almost
As long as there are sendmail problems, Sun mostly ran ... Other system SendMail also don't steal laugh though everybody's out
The field rate is not sun high, but it is often problematic. On the other hand, Sendmail 8.6.9 with the previous version just recently found there
A ident aspect of the bug. If convenient, please be sure to change to the latest version. If it's not convenient, after the v8.6.5
The version has a difficult remedy, namely, to join the line in SENDMAIL.CF:
Orident=0
Indicates no ident inspection.
The version before v8.6.5 must be replaced with the latest version.
The software in the system security, is currently the highest evaluation, the current known bugs have been modified, the main reason,
Thanks to the author Eric Allman, of course, he (or they) can make a discovery of major bugs (such as system installation) immediately out of the new
。 This software is a public domain, you can find its source code on each FTP server on the Internet. Because of the software
The development has automated some of the necessary setup steps, so installing the software is not the kind of difficulty imaginable. Such as
Fruit even compile time also count down, smooth words, not half an hour can install complete! So, "Mai Jing"! :
)
3. Install SendMail
3.1 Download SendMail latest version
The latest version of SendMail can be obtained from ftp://ftp.sendmail.org/pub/sendmail/!
such as sendmail.8.9.3.tar.gz This is the latest version of the article released, Size:1068290byte
For the latest release, please visit SendMail's home page http://www.sendmail.org
3.2 Installation SendMail
When you log in with root or Su to root, first tar.gz the package of tar Fvxz sendmail.8.9.3.tar.gz, using make
-F Start compiling
After compiling, the system will produce the system setup file, namely SENDMAIL.CF (usually this file is stored under/ETC)
Next, this is followed by a few steps to continue the installation: (Note: ~/sendmail is the SendMail directory after the unraveling)
1. Please switch to ~/SENDMAIL/CF/CF under the set file directory. Find a XXXX.MC file that fits your system. Author A
This is the use of TCPPROTO.MC this is not a UUCP file. If you are using TCPPROTO.MC this file, the author in the Solaris
2.3 Try, remember to add a line in the file:
OSType (SOLARIS2)
Sun 4.1.3 need not, other systems do not know. Under the directory ~/sendmail/cf/ostype there are several ostype () that can be
In the file, only this directory has the information may be able to ostype (). And if it's the/bin/mail of System V, it's like
It is necessary to add OSType ().
An old saying, please see Document:~/sendmail/cf/readme for details. It is hoped that experienced friends can add:
What if you accidentally forget to add OSType ()? Also will not how, only then has "Unknow Mailer error" The Mistake,
Then the letter was not received.
One thing to remind everyone is that the various systems that are seen in ~/SENDMAIL/CF/CF. mc Files, all
Eric allman", author of SendMail 8.6.x, demonstrates" to everyone, so you can see that the filename has a "CS"
If you use these files without modification, it is certain that there will be a mistake. and to be modified, there are quite a few places to change, so, like a pen
Usually lazy people, with TCPPROTO.MC or relatively simple without error:
2. OK, select a desirable. mc file, then you can perform M4 production. cf file. Please follow the instructions:
# m4 XXX.MC > YYY.CF If it is Sun 4.1.3, the system may complain that the M4 version is too old. Please try it:
#/USR/5BIN/M4 XXX.MC >yyy.cf
If not, then please grab the new M4 back compile (you can find GNU in http://www.gnu.org
of M4).
This step is to put compile good files, install to the system up.
Wordy I still have to remind you again to see: The old file back up?
Well, suppose that the results of the compile are very challenging without any errors, resulting in. The CF file process is not worth noticing.
's message. The resulting. cf file has been changed, too. And most important: Make backups of old files (not that I'm scary, this is in case
In case).
1. Choose a boss not in the mail time, quick-footed switch to the directory ~/SENDMAIL/SRC, the following instructions:
# make-f Makefile.xxx Install
The system copies the compile ~/sendmail/src/sendmail and man document to their directory (
So if you don't have a backup/usr/lib/sendmail, then just pray for the back and don't go wrong, or get ready for the tears.
Let's cry!
Because the old will be compile out of the sendmail covered)
2. Switch to the directory ~/SENDMAIL/CF/CF, the resulting yyy.cf file copy to the system sendmail.cf should be
The place,
such as:/etc or/etc/mail.
3. Kill the process of the old SendMail daemon. (This should not be my wordy!) With Ps-ax |grep
SendMail |grep-v grep to find the old daemon process (or head-1/etc/sendmail.pid or head-1
/etc/mail/sendmail.pid), and then use kill-9 ProcessID to kill it (or directly with Kill-9 ' head-1
/etc/sendmail.pid ').
4. Start new daemon. For example, the following instruction:
/usr/lib/sendmail-bd-q30m
Of course, conservative, see the old daemon how to run, as usual to the parameters should be no problem.
At this point, the initial installation has been completed, and then see the settings SendMail
3.3 Installation SendMail precautions
If the installation is unsuccessful, refer to the following question:
Use VI or any editor, edit the makefile file, make a little necessary changes. There are not many places to revise, under
The face is the place that may be modified:
1. "CC =" If the original file used compiler is not our system, this will be changed.
2. Does the system have a new database for installing Berkerlay? If so, skip this point and go to the 3rd. If not (
such as: General SunOS are not installed), then please modify these lines (below Makefile.sunos for example, but other systems are also class
Like):
A. In the dbmdef=-dndbm-dnewdb-dnis line, please change to: dbmdef=-dndbm-dnis (ie go
Off-dnewdb)
B. Remark these two lines: incdirs=-i/usr/sww/include/db-->
incdirs=-i/usr/sww/include/db
Libdirs=-l/usr/sww/lib--> # Libdirs=-l/usr/sww/lib
C. Modify Libs=-ldb-ldbm-lresolv This line: libs=-ldbm-lresolv (that is, remove-db)
3. Change the "-mandoc" parameter of Nroff to "-man" acceptable to the general system (of course, it depends on your system.
, if you are using Groff, that can be very enjoyable to use directly, do not need to change this parameter:). If you don't change it, it doesn't make a shadow.
Sound SendMail installation, just can not see the format of the SendMail related files.
Questions about directory permissions you need to execute 2 commands:
chmod go-w//etc/etc/mail/usr/var/var/spool/var/spool/mqueue
Chown Root//etc/etc/mail/usr/var/var/spool/var/spool/mqueue
Many systems have spool directories that use/usr/spool instead of/var/spool to set aliases Etc/mail instead
is/etc if you want to set the RunAsUser option in SENDMAIL.CF,/var/spool/mqueue this directory needs
To runasuser the user's rights, OK, then start compiling sendmail, execute this command
Sendmail-v-bi
At this point, start initializing the alias database. If it shows:
Warning:writable directory/etc
Warning:writable Directory/usr/spool/mqueue
This directory lists inappropriate write privileges and should avoid multiple security attacks.
4.1 Setting SENDMAIL.CF
Produced yyy.cf generally have to change a place in order to normal receipt of the letter. Please look for "CW", originally produced. cf file, CW should
Yes: Cwlocalhost Please add your machine after localhost all the possible host name for the delivery address.
For example I have a machine called: ftp.games.net.cn, but also called: gopher.games.net.cn,
And I want this machine to receive all two names, and that's what I'm going to do:
Cwlocalhost ftp.games.net.cn gopher.games.net.cn
By the way, the CW can only write the name of the machine, never write the names of other machines, otherwise, where
All can send, that is written must not send.
The above is actually a brief statement, if you are familiar with DNS, you can refer to this section to judge whether the need for the CW
And then write the stuff. Otherwise please skip this section directly and close your eyes and write all the names used in this machine as follows:
1. On a machine, if there are multiple names (hostname), it is built with CNAME, such as:
$ORIGIN games.net.cn
FTP in A 140.119.1.2
Gopher in CNAME FTP
So you don't have to label it on the CW. The system will find its Canonical name through DNS.
2. If a machine has multiple names, each name is established with a record. Such as:
$ORIGIN games.net.cn.
FTP in A 192.168.25.2
Gopher in A 192.168.25.2
In this case "must" remember to write the name of the letter you want to receive after the CW. What's the problem if I forget to write this?
?
Forget that there will be a letter from the outside machine, not written on the machine name is not received, the machine will complain:
"Local Configuration Error".
For example: CW in my sendmail.cf This line is as follows: CW games.net.cn
Then I will not be able to use this address:
username@games.net.cn
and can only use
username@ftp.games.net.cn Otherwise this error will occur.
If you find a mistake, you can add it to it.
3. If a machine has many interface, each interface has its own name and must receive a letter.
This situation should also be followed by the CW to write down all the hostname to receive the letter.
ok! a standard SENDMAIL.CF file is set!
4.2 Set Access
Open/etc/mail/access, you will see (note that some system access files are no longer/etc/mail, such as not found
Please use Whereis to find or check if the installation is normal)
# Check THE/USR/DOC/SENDMAIL-8.9.3/README.CF file for a description
# of the format of this file. (Search for access_db in that file)
# THE/USR/DOC/SENDMAIL-8.9.3/README.CF is part of the Sendmail-doc
# package.
#
# By default we allow relaying from localhost ...
Localhost.localdomain RELAY
localhost RELAY
If your IP address is 192.168.25.11, then please add 192.168.25.11 to the last line RELAY
The last three lines of its file should be:
Localhost.localdomain RELAY
localhost RELAY
192.168.25.11 RELAY
Add this sentence you can use SendMail send receive mail! But if you want someone else to be able to use SendMail's
, his IP is 202.168.25.22, so he joins 202.168.25.22 in the last line RELAY
The last four lines of its file should be:
Localhost.localdomain RELAY
localhost RELAY
192.168.25.11 RELAY
192.168.25.22 RELAY
I think, you must have a question now, if I want to set 50 people with SendMail is not need to add 50 IP Ah!?
Hey, no, that's it, sendmail. When considering multi-user, it allows you to add the entire C class address, (B class good
Like, I didn't try! )
The format is as follows:
Localhost.localdomain RELAY
localhost RELAY
192.168.25 RELAY
In this way, you are putting 192.168.52 this whole C into the sendmail, this C-class address of the user, if in your department
There is an account in the EC, you can use SendMail send and receive letters!
4.3 setting POP3
If you need POP3 to receive the letter, you need to open the POP3 port,
Vi/etc/inetd.conf, find it.
# pop-3 Stream TCP nowait ROOT/USR/SBIN/TCPD ipop3d
Delete the # number.
Vi/etc/services, find it.
#pop-3 110/tcp # Pop version 3
Delete the # number.
In this way, after the restart inetd, the POP3 110 port can receive the letter! If it still doesn't work, check to see if the pop is installed
Port 3!
4.4 How to restart sendmail;inetd and precautions
One thing to remind everyone, to use "kill-9 [Pid-of-sendmail]", the new start SendMail
If you use Kill-hup, it won't work! (This is a lot of people often encounter problems, remember!) )
In the REDHAT6 with/etc/rc.d/init.d/sendmail restart can!
inetd is/etc/rc.d/init.d/inetd restart.
alias and forward of 5.1 sendmail
(1) on the direct use of IP address letters
Mail User@[166.111.ip. Address]
just use [] to enclose the IP address.
(2) About Alias
SendMail has two documents aliases and Aliases.db under/etc, the former used newaliases
The generated alias database. You can edit/etc/aliases manually, and then run the newaliases Update database (its
Real Newaliases is a symlink to SendMail.
Eg:nickname:user@hotmail.com
Alias-name:real-user-account
Then mail nickname will be able to send the letter to the User@hotmail.com place
And the letters that people send to alias-name@your.domain.name will be forwarded to the real user.
Real-user-account
(3) About forward
Under your $home directory, edit a. Forward file that contains the e-mail you want to forward.
Address or the user name of this computer, you can automatically forward the letter to the appropriate address
Eg:. forward:user@hotmail.com
or Other-user-account
The e-mail to this person will be forward to Hotmail or Other-user-account.
(4) About vacation
To find a vacation bag (such as the vacation rpm in the Redhat contrib), put it on a
/usr/bin/vacation program and a man.
Run vacation first, it will let you edit $home/.vacation.msg file, is to send back to each other
Tell him you don't read the letter now. Then edit $home/.forward file, write such a sentence \username,
"|/usr/bin/vacation username", username to change back to your own and then run Vacation-i built
Just $home/.vacation.db. (See man for more details)
(5) Some documents about SendMail
/var/log/maillog sendmail Log, parsing error is useful
/var/spool/mail/$USER come in the letter that each user a file
/var/spool/mqueue mail queue, you can use MAILQ to see the letter in the queue
(MAILQ is also SendMail's symlink.)
Dfxxxxxx This is the content of the letter
Qfxxxxxx This is the letter of subject and other information (anyway, each letter a number, paired)
/ETC/SENDMAIL.CF sendmail configuration file, change it to be careful
/ETC/SENDMAIL.CW If your machine has a lot of alias, write your name on it.
In this file, you can get a letter like this.
5.2 Limit the size of messages
MODIFY/ETC/SENDMAIL.CF:
MLocal, P=/bin/mail, F=lsdfmrmn, s=10, R=20/40,
maxsize=1000000,
A=mail-d $u
Mprog, P=/usr/local/sendmail/smrsh, F=lsdfmeu, s=10, R=20/40, d= $z:/,
maxsize=1000000,
A=sh-c $u
This limits incoming mail processed by by Smrsh and/bin/mail to 1 million bytes.
You can does the same with the mstmp, MESMTP, and Mrelay statements to limit the
Size of outgoing mail as.
You can does the same with the mstmp, MESMTP, and Mrelay statements to limit the
Size of outgoing mail as.