The email server plays a very important role on the Internet. SMTP simple mail Transmission Protocol) is a commonly used protocol for email transmission between computers on the Internet. Sendmail is a widely used mail transmission agent in Unix systems that constitute the mail server, it complies with the SMTP protocol and provides powerful mail service functions that can carry e-mail communication services for up to tens of thousands of users.
In the United States, Sendmail does not authenticate the identity of users when sending emails to users, which provides opportunities for advertisers or spam creators-anyone who wants to send emails, you can use any Sendmail server without authentication and "open relay" to send a large number of spam or ad mails to it. Although Sendmail versions 8.9.3 and later provide some function to restrict Email Forwarding, this can be restricted to some extent, however, it can only be restricted based on static IP addresses, email addresses, or domain names, so that legal users can only use the email server within a fixed IP address range, otherwise it will be rejected. This makes it inconvenient for users to use it. For example, if a user returns home from work or is on a business trip, he or she cannot use the work unit's email server to send emails, you cannot use the school email server to send emails when you leave school on holidays. However, if the email server is set to the open relay mode, the server forwarding function may be abused. This is a very conflicting issue and has long plagued the mail server administrator.
In order to prevent emails from becoming a transfer station for spam and be rejected by external email servers, in the past, many email server administrators had to choose the mail relay mode. Now, with the continuous update of the Sendmail software version, new features also emerge. The new version of Sendmail 8.12.5 email server software can be used with the Cyrus-SASLSimple Authentication and Security Layer) Identity Authentication Library to solve the identity Authentication problem for mail users. After the server has the authentication function, anyone who wants to send a letter through the mail server must first enter the user name and password for identity authentication.
The following describes how to compile and install the Cyrus-SASL Library and the Sendmail 8.12.5 software to enable the mail system to support the SMTP authentication function of SASL.
I. Environment
Operating System Platform: Solaris 2.7 or Linux 6.2 or higher
Software used: Cyrus-SASL 1.5.27 and Sendmail 8.12.5
2. Compile and install the Cyrus-SASL Library:
2. Unpack:
Tar xvfz cyrus-sasl-1.5.27.tar.gz
3. Compilation and installation:
Go to the cyrus-sasl-1.5.27 directory:
# Cd cyrus-sasl-1.5.27
Compilation Configuration:
#./Configure -- enable-login -- enable-plain
Because the SASL library does not support the use of some client software by default, some feature options need to be added when generating the configuration file. For details about what to add, run the following command:
#./Configure-help
For example, if "-- enable-login" is added because OutLook Expresss uses the LOGIN authentication method, SASL library does not support this method by default, so it is important to add it when generating the configuration file.
By default, all library functions are installed in the "/usr/local/lib" directory, however, the library functions used by Sendmail are in the "/usr/lib" directory, so some modifications are required. Modify the default path before running the configure script. Open the configure file and find the following line:
Ac_default_prefix =/usr/local
Changed:
Ac_default_prefix =/usr
Compile:
# Make
Installation:
# Make install
The SASL library has been installed, so it is important that no error warning is displayed throughout the compilation and installation process ).
Next, you must set the Sendmail user authentication method. Because the system account and password are used for verification, you must go to "/usr/lib/Sendmail. conf file:
# Cd/usr/lib/sasl/
# Cat> Sendmail. conf
Pwcheck_method: shadow
^ D
Related Articles]
- Tip: Avoid blacklisting your email server
- Install and configure Open WebMail to set up a free email server
- Set up a secure email server in RedHat Linux 9.0