Linux_sendmail邮件解决方案

 

第一部分： Sendmail 配置

一、配置前的说明

senmmail的主配置文件是sendmail.cf控制着sendmail的所有行为。该文件使用了大量的宏代码进行配置，使得用户很难直接修改这个文件。为了降低配置sendmail.cf的复杂度，sendmail系统提供了一个更容易阅读的宏文件sendmail.mc。用户可以对sendmail.mc文件进行修改，然后使用m4命令编译生成所需的sendmail.cf文件（为避免造成不必要的损失，在运行m4命令之前一定要备份原有的sendmail.mc文件和sendmail.cf文件）。

二、sendmail 的配置

第一步：修改sendmail.mc文件，使得sendmail可以监听正确的网络接口。

输入命令：vi /etc/mail/sendmail.mc，回车；将显示sendmail.mc的配置文件内容：

divert(-1)dnl

dnl #

dnl # This is the sendmail macro config file for m4. If you make changes to

dnl # /etc/mail/sendmail.mc, you will need to regenerate the

dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is

dnl # installed and then performing a

dnl #

dnl #      make -C /etc/mail

dnl #

include(`/usr/share/sendmail-cf/m4/cf.m4')dnl

VERSIONID(`setup for Red Hat Linux')dnl

OSTYPE(`linux')dnl

dnl #

dnl # default logging level is 9, you might want to set it higher to

dnl # debug the configuration

dnl #

dnl define(`confLOG_LEVEL', `9')dnl

dnl #

dnl # Uncomment and edit the following line if your outgoing mail needs to

dnl # be sent out through an external mail server:

dnl #

dnl define(`SMART_HOST',`smtp.your.provider')

dnl #

define(`confDEF_USER_ID',``8:12'')dnl

dnl define(`confAUTO_REBUILD')dnl

define(`confTO_CONNECT', `1m')dnl

define(`confTRY_NULL_MX_LIST',true)dnl

define(`confDONT_PROBE_INTERFACES',true)dnl

define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl

define(`ALIAS_FILE', `/etc/aliases')dnl

define(`STATUS_FILE', `/var/log/mail/statistics')dnl

define(`UUCP_MAILER_MAX', `2000000')dnl

define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl

define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl

define(`confAUTH_OPTIONS', `A')dnl

dnl #

dnl # The following allows relaying if the user authenticates, and disallows

dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links

dnl #

dnl define(`confAUTH_OPTIONS', `A p')dnl

dnl #

dnl # PLAIN is the preferred plaintext authentication method and used by

dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do

dnl # use LOGIN. Other mechanisms should be used if the connection is not

dnl # guaranteed secure.

dnl # Please remember that saslauthd needs to be running for AUTH.

dnl #

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl #

dnl # Rudimentary information on creating certificates for sendmail TLS:

dnl #      cd /usr/share/ssl/certs; make sendmail.pem

dnl # Complete usage:

dnl #      make -C /usr/share/ssl/certs usage

dnl #

dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')

dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')

dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')

dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')

dnl #

dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's

dnl # slapd, which requires the file to be readble by group ldap

dnl #

dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl

dnl #

dnl define(`confTO_QUEUEWARN', `4h')dnl

dnl define(`confTO_QUEUERETURN', `5d')dnl

dnl define(`confQUEUE_LA', `12')dnl

dnl define(`confREFUSE_LA', `18')dnl

define(`confTO_IDENT', `0')dnl

dnl FEATURE(delay_checks)dnl

FEATURE(`no_default_msa',`dnl')dnl

FEATURE(`smrsh',`/usr/sbin/smrsh')dnl

FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl

FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl

FEATURE(redirect)dnl

FEATURE(always_add_domain)dnl

FEATURE(use_cw_file)dnl

FEATURE(use_ct_file)dnl

dnl #

dnl # The following limits the number of processes sendmail can fork to accept

dnl # incoming messages or process its message queues to 12.) sendmail refuses

dnl # to accept connections once it has reached its quota of child processes.

dnl #

dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl

dnl #

dnl # Limits the number of new connections per second. This caps the overhead

dnl # incurred due to forking new sendmail processes. May be useful against

dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address

dnl # limit would be useful but is not available as an option at this writing.)

dnl #

dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl

dnl #

dnl # The -t option will retry delivery if e.g. the user runs over his quota.

dnl #

FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl

FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl

FEATURE(`blacklist_recipients')dnl

EXPOSED_USER(`root')dnl

dnl #

dnl # The following causes sendmail to only listen on the IPv4 loopback address

dnl # 127.0.0.1 and not on any other network devices. Remove the loopback

dnl # address restriction to accept email from the internet or intranet.

dnl #

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 587 for

dnl # mail from MUAs that authenticate. Roaming users who can't reach their

dnl # preferred sendmail daemon due to port 25 being blocked or redirected find

dnl # this useful.

dnl #

dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 465, but

dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed

dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't

dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS

dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps

dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.

dnl #

dnl # For this to work your OpenSSL certificates must be configured.

dnl #

dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

dnl #

dnl # The following causes sendmail to additionally listen on the IPv6 loopback

dnl # device. Remove the loopback address restriction listen to the network.

dnl #

dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl

dnl #

dnl # enable both ipv6 and ipv4 in sendmail:

dnl #

dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')

dnl #

dnl # We strongly recommend not accepting unresolvable domains if you want to

dnl # protect yourself from spam. However, the laptop and users on computers

dnl # that do not have 24x7 DNS do need this.

dnl #

FEATURE(`accept_unresolvable_domains')dnl

dnl #

dnl FEATURE(`relay_based_on_MX')dnl

dnl #

dnl # Also accept email sent to "localhost.localdomain" as local email.

dnl #

LOCAL_DOMAIN(`localhost.localdomain')dnl

dnl #

dnl # The following example makes mail from this host and any additional

dnl # specified domains appear to be sent from mydomain.com

dnl #

dnl MASQUERADE_AS(`mydomain.com')dnl

dnl #

dnl # masquerade not just the headers, but the envelope as well

dnl #

dnl FEATURE(masquerade_envelope)dnl

dnl #

dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well

dnl #

dnl FEATURE(masquerade_entire_domain)dnl

dnl #

dnl MASQUERADE_DOMAIN(localhost)dnl

dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl

dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl

dnl MASQUERADE_DOMAIN(mydomain.lan)dnl

MAILER(smtp)dnl

MAILER(procmail)dnl

sendmail服务器默认只监听locallhost，即IP地址127.0.0.1，而该地址无法在网络中提供实际服务。为了让sendmail能够监听网络中的用户请求，应该将sendmail.mc文件中的行：

DAEMON-OPTIONS(‘Port=smtp,Addr=127.0.0.1,Name=MTA’) dnl

修改为：

dnl DAEMON-OPTIONS(‘Port=smtp,Addr=127.0.0.1,Name=MTA’) dnl

即将改行注释掉，使其监听网络和本机的用户请求。

第二步：将sendmail.mc文件编译为sendmail.cf，方法是运行命令：

# m4  /etc/mail/sendmail.mc > /etc/sendmail.cf

第三步：为使邮件服务器可以接受其他邮件服务器发来的邮件，需要修改DNS记录。在权威的DNS服务器中增加相关区域的MX记录，如：

$TTL     86400

@        IN      SOA     localhost. root.localhost. (

                                      1997022700 ; Serial

                                      28800      ; Refresh

                                      14400      ; Retry

                                      3600000    ; Expire

                                      86400 )    ; Minimum

              IN      NS      localhost.

www            IN    A          192.168.0.244

@               IN    MX       10 www.sneader.com.

pop3             IN    CNAME    www

第四步：使用下面的命令重新启动sendmail守护进程：

#service sendmail restart

三、设置邮件服务器中继

设置邮件服务器中继有两种方式：方式一是在access配置文件中增加允许中继的客户机，方式二是配置sendmail的认证功能。

方式一：

进行邮件中继设置，通常情况下，Sendmail不会为邮件服务Relay信息，这样可以防止一些有恶意的人利用别人的邮件服务器乱发邮件。缺省情况下，Sendmail关闭了Relay功能。如果你要为别的服务器Relay邮件，可以进行如下设置——在access文件中加入要为其Relay信件的机器，格式为：

hostname RELAY

ipaddress RELAY

如果要为一个域内多个机器Relay信件，则可以在/etc/mail/access文件中直接加入其子网IP或域名，如下所示：

domainname.com RELAY       （允许为域domainname的所有计算机relay邮件）
localhost RELAY

192.168.1.0 RELAY               (为192.168.1.0子网内所有机器relay邮件)

输入命令： #  vi /etc/mail/access

在下面的配置文件中增加允许中继的子网，本文以192.168.0.0/24子网为例进行配置，如下所示：

# Check the /usr/share/doc/sendmail/README.cf file for a description

# of the format of this file. (search for access_db in that file)

# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc

# package.

#

# by default we allow relaying from localhost...

localhost.localdomain            RELAY

localhost                        RELAY

127.0.0.1                        RELAY

192.168.0.0                      RELAY

方式二：配置带认证的sendmail

我们为什么要配置带认证的sendmail？道理很简单：

为了让合法或允许的用户采用通过我们配置的sendmail邮件服务器进行接发邮件，而其他一些非法，匿名或无正确密码的用户不能通过它来接发邮件。

我们在没有配置带认证的sendmail 的情况下，我们在配置outlook的时候，不勾选“我的服务器需要身份验证”，我们发现：一个非法用户，没有输入密码的情况下，依然可以正常收发邮件。这是我们不愿看到的。

带认证的sendmail的配置方法：在上面二中描述的sendmail的配置基础上将：

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

修改为：

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

即将前面的注释符去掉即可。

按照上面的方法重新编译sendmail.mc文件，并重新启动sendmail服务。

最后把SASL开启

# service saslauthd status                     Saslauthd is stopped

# service saslauthd start                     Starting saslauthd: [  OK  ]

这样带身份验证的sendmail的邮件服务就配置好了。

第二部分：Openwebmail 配置

一、概述

随着internet的普及，越来越多的网络应用采用B/S结构，这种结构的好处是使用Web浏览器作为客户端程序，客户计算机不需要额外的安装，另外Web方式的界面也非常友好，通常不需要用户进行特别的培训。

以下是在RedHat 企业版4上的Webmail解决方案：Apache + Openwebmail。

二、安装配置

在安装之前要准备好以下四个tar包，并且在安装四个包之前，要确认系统的相关开发包已经安装，其它的邮件服务要关闭。

CGI.pm-3.05.tar.gz

MIME-Base64-3.01.tar.gz

libnet-1.19.tar.gz

Text-Iconv-1.2.tar.gz

第一步：按照如下描述的方法和步骤顺序进行安装。

安装 CGI.pm

       cd /tmp

   tar -zxvf CGI.pm-3.05.tar.gz

   cd CGI.pm-3.05

   perl Makefile.PL

   make

   make install

 

安装MIME-Base64

       cd /tmp

   tar -zxvf MIME-Base64-3.01.tar.gz

   cd MIME-Base64-3.01

   perl Makefile.PL

   make

   make install

 

安装libnet

   cd /tmp

   tar -zxvf libnet-1.19.tar.gz

   cd libnet-1.19

   perl Makefile.PL

   make

   make install

 

安装Text-Iconv

       cd /tmp

   tar -zxvf Text-Iconv-1.2.tar.gz

   cd Text-Iconv-1.2

   perl Makefile.PL

   make

 make install

第二步：安装Openwebmail

将openwebmail-1.xx.tar.gz复制到文件夹 /etc/www下，按照下面的方向进行安装。

       cd /var/www

   tar -zxvBpf openwebmail-1.xx.tar.gz

第三步：编辑auth_unix.conf配置文件，运行如下命令：

#vi /var/www/cgi-bin/openwebmail/etc/defaults/auth_unix.conf

显示如下的配置信息：

# config file for auth_unix.pl

#

 

# passwdfile_plaintext

# -----------------------------------------------------------------------

# the plaintext file containing all usernames and related uid, gid,

# homedir, shell info. The default is /etc/passwd on most unix systems.

 

# passwdfile_encrypted

# -----------------------------------------------------------------------

……………………

……………………

# ***** IMPORTANT *****

#

# If you are going to use this option for check then the webmail on your

# Cobalt MUST be accessed via the the FQDN 'http://HOST.DOMAIN.COM'.

# Using 'http://DOMAIN.COM' will fail the user security check.

 

# change_smbpasswd

# -----------------------------------------------------------------------

# if this option is set to yes, openwebmail will also change the

# smbpasswd after changing the unix password successfully

 

passwdfile_plaintext     /etc/passwd

passwdfile_encrypted    /etc/shadow

passwdmkdb             none

check_expire             no

check_nologin            no

check_shell              no

check_cobaltuser         no

change_smbpasswd         no

将passwdfile_encrypted设置为/etc/shadow（上图中加粗斜体部分）

将passwdmkdb设置为none（上图中加粗斜体部分）

第四步：配置openwebmail.conf。

运行命令

#vi /var/www/cgi-bin/openwebmail/etc/openwebmail.conf 

显示如下的配置文件：

# Open WebMail configuration file

#

# This file contains just the overrides from defaults/openwebmail.conf,

# please make all changes to this file.

#

# This file sets options for all domains and all users.

# To set options on per domain basis, please put them in sites.conf/domainname

# To set options on per user basis, please put them in users.conf/username

#

# Open WebMail configuration file

#

# This file contains just the overrides from defaults/openwebmail.conf,

# please make all changes to this file.

#

# This file sets options for all domains and all users.

# To set options on per domain basis, please put them in sites.conf/domainname

# To set options on per user basis, please put them in users.conf/username

#

# Please refer to openwebmail.conf.help for the description of each option

#

domainnames             auto

auth_module             auth_unix.pl

mailspooldir            /var/spool/mail

ow_cgidir               /var/www/cgi-bin/openwebmail

ow_cgiurl               /cgi-bin/openwebmail

ow_htmldir              /var/www/data/openwebmail

ow_htmlurl              /openwebmail

logfile                 /var/log/openwebmail.log

 

enable_viruscheck        no

enable_spamcheck         no

enable_learnspam         no

 

default_iconset          Default

default_fscharset        none

 

<default_signature>

--

Open WebMail Project (http://openwebmail.org)

</default_signature>

将上面配置文件中，如下所列的各项按照下面的配置进行修改（上面配置文件中加粗斜体部分）。

domainnames          auto

auth_module           auth_unix.pl

mailspooldir            /var/spool/mail

ow_cgidir                      /var/www/cgi-bin/openwebmail

ow_cgiurl                      /cgi-bin/openwebmail

ow_htmldir             /var/www/data/openwebmail

ow_htmlurl             /openwebmail

logfile                     /var/log/openwebmail.log

spellcheck                     /usr/bin/aspell

第五步：修改dbm.conf文件。

运行命令

#vi /var/www/cgi-bin/openwebmail/etc/defaults

显示如下的配置文件：

#

# config file for dbm.pl

#

 

# dbm_ext

# -----------------------------------------------------------------------

# This is the extension name for the dbm file on your system

#

# ps: You can run 'perl openwebmail/misc/test/dbmtest.pl' to get value for this

 

# dbmopen_ext

# -----------------------------------------------------------------------

# This is the db extension passed to the dbmopen() call.

# It should be set to 'none' in most case. You need to set it to %dbm_ext%

# only if you use any DB File module in script explicitly

#

# ps: It is said this option needs to be set to '%dbm_ext%' on the Sun

#      Cobal server or Slackware 8.x.

#      You can run 'perl openwebmail/misc/test/dbmtest.pl' to get value for this

 

# dbmopen_haslock

# -----------------------------------------------------------------------

# If your perl dbm system will do filelock in dbmopen() by itself,

# set this option to 'yes' so openwebmail won't do unnecessary filelock

# before dbmopen. On most systems, this option should be set to 'no'.

#

# ps: If your openwebmail hangs after login or saving preference,

#      you probablely need to set this option to 'yes'

 

dbm_ext                 .db

dbmopen_ext             .db

dbmopen_haslock         no

将上面配置文件中，如下所列的各项按照下面的配置进行修改（上面配置文件中加粗斜体部分）。

dbm_ext                              .db

dbmopen_ext                       .db

dbmopen_haslock                no

第六步：执行Openwebmail的初始化。

运行命令：

# /var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init

第七步：启动httpd服务。

运行命令：

# service httpd start

这样就完成了Openwebmail 的所有配置。

第一部分： Sendmail 配置

一、配置前的说明

senmmail的主配置文件是sendmail.cf控制着sendmail的所有行为。该文件使用了大量的宏代码进行配置，使得用户很难直接修改这个文件。为了降低配置sendmail.cf的复杂度，sendmail系统提供了一个更容易阅读的宏文件sendmail.mc。用户可以对sendmail.mc文件进行修改，然后使用m4命令编译生成所需的sendmail.cf文件（为避免造成不必要的损失，在运行m4命令之前一定要备份原有的sendmail.mc文件和sendmail.cf文件）。

二、sendmail 的配置

第一步：修改sendmail.mc文件，使得sendmail可以监听正确的网络接口。

输入命令：vi /etc/mail/sendmail.mc，回车；将显示sendmail.mc的配置文件内容：

divert(-1)dnl

dnl #

dnl # This is the sendmail macro config file for m4. If you make changes to

dnl # /etc/mail/sendmail.mc, you will need to regenerate the

dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is

dnl # installed and then performing a

dnl #

dnl #      make -C /etc/mail

dnl #

include(`/usr/share/sendmail-cf/m4/cf.m4')dnl

VERSIONID(`setup for Red Hat Linux')dnl

OSTYPE(`linux')dnl

dnl #

dnl # default logging level is 9, you might want to set it higher to

dnl # debug the configuration

dnl #

dnl define(`confLOG_LEVEL', `9')dnl

dnl #

dnl # Uncomment and edit the following line if your outgoing mail needs to

dnl # be sent out through an external mail server:

dnl #

dnl define(`SMART_HOST',`smtp.your.provider')

dnl #

define(`confDEF_USER_ID',``8:12'')dnl

dnl define(`confAUTO_REBUILD')dnl

define(`confTO_CONNECT', `1m')dnl

define(`confTRY_NULL_MX_LIST',true)dnl

define(`confDONT_PROBE_INTERFACES',true)dnl

define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl

define(`ALIAS_FILE', `/etc/aliases')dnl

define(`STATUS_FILE', `/var/log/mail/statistics')dnl

define(`UUCP_MAILER_MAX', `2000000')dnl

define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl

define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl

define(`confAUTH_OPTIONS', `A')dnl

dnl #

dnl # The following allows relaying if the user authenticates, and disallows

dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links

dnl #

dnl define(`confAUTH_OPTIONS', `A p')dnl

dnl #

dnl # PLAIN is the preferred plaintext authentication method and used by

dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do

dnl # use LOGIN. Other mechanisms should be used if the connection is not

dnl # guaranteed secure.

dnl # Please remember that saslauthd needs to be running for AUTH.

dnl #

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl #

dnl # Rudimentary information on creating certificates for sendmail TLS:

dnl #      cd /usr/share/ssl/certs; make sendmail.pem

dnl # Complete usage:

dnl #      make -C /usr/share/ssl/certs usage

dnl #

dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')

dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')

dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')

dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')

dnl #

dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's

dnl # slapd, which requires the file to be readble by group ldap

dnl #

dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl

dnl #

dnl define(`confTO_QUEUEWARN', `4h')dnl

dnl define(`confTO_QUEUERETURN', `5d')dnl

dnl define(`confQUEUE_LA', `12')dnl

dnl define(`confREFUSE_LA', `18')dnl

define(`confTO_IDENT', `0')dnl

dnl FEATURE(delay_checks)dnl

FEATURE(`no_default_msa',`dnl')dnl

FEATURE(`smrsh',`/usr/sbin/smrsh')dnl

FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl

FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl

FEATURE(redirect)dnl

FEATURE(always_add_domain)dnl

FEATURE(use_cw_file)dnl

FEATURE(use_ct_file)dnl

dnl #

dnl # The following limits the number of processes sendmail can fork to accept

dnl # incoming messages or process its message queues to 12.) sendmail refuses

dnl # to accept connections once it has reached its quota of child processes.

dnl #

dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl

dnl #

dnl # Limits the number of new connections per second. This caps the overhead

dnl # incurred due to forking new sendmail processes. May be useful against

dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address

dnl # limit would be useful but is not available as an option at this writing.)

dnl #

dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl

dnl #

dnl # The -t option will retry delivery if e.g. the user runs over his quota.

dnl #

FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl

FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl

FEATURE(`blacklist_recipients')dnl

EXPOSED_USER(`root')dnl

dnl #

dnl # The following causes sendmail to only listen on the IPv4 loopback address

dnl # 127.0.0.1 and not on any other network devices. Remove the loopback

dnl # address restriction to accept email from the internet or intranet.

dnl #

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 587 for

dnl # mail from MUAs that authenticate. Roaming users who can't reach their

dnl # preferred sendmail daemon due to port 25 being blocked or redirected find

dnl # this useful.

dnl #

dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 465, but

dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed

dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't

dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS

dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps

dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.

dnl #

dnl # For this to work your OpenSSL certificates must be configured.

dnl #

dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

dnl #

dnl # The following causes sendmail to additionally listen on the IPv6 loopback

dnl # device. Remove the loopback address restriction listen to the network.

dnl #

dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl

dnl #

dnl # enable both ipv6 and ipv4 in sendmail:

dnl #

dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')

dnl #

dnl # We strongly recommend not accepting unresolvable domains if you want to

dnl # protect yourself from spam. However, the laptop and users on computers

dnl # that do not have 24x7 DNS do need this.

dnl #

FEATURE(`accept_unresolvable_domains')dnl

dnl #

dnl FEATURE(`relay_based_on_MX')dnl

dnl #

dnl # Also accept email sent to "localhost.localdomain" as local email.

dnl #

LOCAL_DOMAIN(`localhost.localdomain')dnl

dnl #

dnl # The following example makes mail from this host and any additional

dnl # specified domains appear to be sent from mydomain.com

dnl #

dnl MASQUERADE_AS(`mydomain.com')dnl

dnl #

dnl # masquerade not just the headers, but the envelope as well

dnl #

dnl FEATURE(masquerade_envelope)dnl

dnl #

dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well

dnl #

dnl FEATURE(masquerade_entire_domain)dnl

dnl #

dnl MASQUERADE_DOMAIN(localhost)dnl

dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl

dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl

dnl MASQUERADE_DOMAIN(mydomain.lan)dnl

MAILER(smtp)dnl

MAILER(procmail)dnl

sendmail服务器默认只监听locallhost，即IP地址127.0.0.1，而该地址无法在网络中提供实际服务。为了让sendmail能够监听网络中的用户请求，应该将sendmail.mc文件中的行：

DAEMON-OPTIONS(‘Port=smtp,Addr=127.0.0.1,Name=MTA’) dnl

修改为：

dnl DAEMON-OPTIONS(‘Port=smtp,Addr=127.0.0.1,Name=MTA’) dnl

即将改行注释掉，使其监听网络和本机的用户请求。

第二步：将sendmail.mc文件编译为sendmail.cf，方法是运行命令：

# m4  /etc/mail/sendmail.mc > /etc/sendmail.cf

第三步：为使邮件服务器可以接受其他邮件服务器发来的邮件，需要修改DNS记录。在权威的DNS服务器中增加相关区域的MX记录，如：

$TTL     86400

@        IN      SOA     localhost. root.localhost. (

                                      1997022700 ; Serial

                                      28800      ; Refresh

                                      14400      ; Retry

                                      3600000    ; Expire

                                      86400 )    ; Minimum

              IN      NS      localhost.

www            IN    A          192.168.0.244

@               IN    MX       10 www.sneader.com.

pop3             IN    CNAME    www

第四步：使用下面的命令重新启动sendmail守护进程：

#service sendmail restart

三、设置邮件服务器中继

设置邮件服务器中继有两种方式：方式一是在access配置文件中增加允许中继的客户机，方式二是配置sendmail的认证功能。

方式一：

进行邮件中继设置，通常情况下，Sendmail不会为邮件服务Relay信息，这样可以防止一些有恶意的人利用别人的邮件服务器乱发邮件。缺省情况下，Sendmail关闭了Relay功能。如果你要为别的服务器Relay邮件，可以进行如下设置——在access文件中加入要为其Relay信件的机器，格式为：

hostname RELAY

ipaddress RELAY

如果要为一个域内多个机器Relay信件，则可以在/etc/mail/access文件中直接加入其子网IP或域名，如下所示：

domainname.com RELAY       （允许为域domainname的所有计算机relay邮件）
localhost RELAY

192.168.1.0 RELAY               (为192.168.1.0子网内所有机器relay邮件)

输入命令： #  vi /etc/mail/access

在下面的配置文件中增加允许中继的子网，本文以192.168.0.0/24子网为例进行配置，如下所示：

# Check the /usr/share/doc/sendmail/README.cf file for a description

# of the format of this file. (search for access_db in that file)

# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc

# package.

#

# by default we allow relaying from localhost...

localhost.localdomain            RELAY

localhost                        RELAY

127.0.0.1                        RELAY

192.168.0.0                      RELAY

方式二：配置带认证的sendmail

我们为什么要配置带认证的sendmail？道理很简单：

为了让合法或允许的用户采用通过我们配置的sendmail邮件服务器进行接发邮件，而其他一些非法，匿名或无正确密码的用户不能通过它来接发邮件。

我们在没有配置带认证的sendmail 的情况下，我们在配置outlook的时候，不勾选“我的服务器需要身份验证”，我们发现：一个非法用户，没有输入密码的情况下，依然可以正常收发邮件。这是我们不愿看到的。

带认证的sendmail的配置方法：在上面二中描述的sendmail的配置基础上将：

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

修改为：

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

即将前面的注释符去掉即可。

按照上面的方法重新编译sendmail.mc文件，并重新启动sendmail服务。

最后把SASL开启

# service saslauthd status                     Saslauthd is stopped

# service saslauthd start                     Starting saslauthd: [  OK  ]

这样带身份验证的sendmail的邮件服务就配置好了。

第二部分：Openwebmail 配置

一、概述

随着internet的普及，越来越多的网络应用采用B/S结构，这种结构的好处是使用Web浏览器作为客户端程序，客户计算机不需要额外的安装，另外Web方式的界面也非常友好，通常不需要用户进行特别的培训。

以下是在RedHat 企业版4上的Webmail解决方案：Apache + Openwebmail。

二、安装配置

在安装之前要准备好以下四个tar包，并且在安装四个包之前，要确认系统的相关开发包已经安装，其它的邮件服务要关闭。

CGI.pm-3.05.tar.gz

MIME-Base64-3.01.tar.gz

libnet-1.19.tar.gz

Text-Iconv-1.2.tar.gz

第一步：按照如下描述的方法和步骤顺序进行安装。

安装 CGI.pm

       cd /tmp

   tar -zxvf CGI.pm-3.05.tar.gz

   cd CGI.pm-3.05

   perl Makefile.PL

   make

   make install

 

安装MIME-Base64

       cd /tmp

   tar -zxvf MIME-Base64-3.01.tar.gz

   cd MIME-Base64-3.01

   perl Makefile.PL

   make

   make install

 

安装libnet

   cd /tmp

   tar -zxvf libnet-1.19.tar.gz

   cd libnet-1.19

   perl Makefile.PL

   make

   make install

 

安装Text-Iconv

       cd /tmp

   tar -zxvf Text-Iconv-1.2.tar.gz

   cd Text-Iconv-1.2

   perl Makefile.PL

   make

 make install

第二步：安装Openwebmail

将openwebmail-1.xx.tar.gz复制到文件夹 /etc/www下，按照下面的方向进行安装。

       cd /var/www

   tar -zxvBpf openwebmail-1.xx.tar.gz

第三步：编辑auth_unix.conf配置文件，运行如下命令：

#vi /var/www/cgi-bin/openwebmail/etc/defaults/auth_unix.conf

显示如下的配置信息：

# config file for auth_unix.pl

#

 

# passwdfile_plaintext

# -----------------------------------------------------------------------

# the plaintext file containing all usernames and related uid, gid,

# homedir, shell info. The default is /etc/passwd on most unix systems.

 

# passwdfile_encrypted

# -----------------------------------------------------------------------

……………………

……………………

# ***** IMPORTANT *****

#

# If you are going to use this option for check then the webmail on your

# Cobalt MUST be accessed via the the FQDN 'http://HOST.DOMAIN.COM'.

# Using 'http://DOMAIN.COM' will fail the user security check.

 

# change_smbpasswd

# -----------------------------------------------------------------------

# if this option is set to yes, openwebmail will also change the

# smbpasswd after changing the unix password successfully

 

passwdfile_plaintext     /etc/passwd

passwdfile_encrypted    /etc/shadow

passwdmkdb             none

check_expire             no

check_nologin            no

check_shell              no

check_cobaltuser         no

change_smbpasswd         no

将passwdfile_encrypted设置为/etc/shadow（上图中加粗斜体部分）

将passwdmkdb设置为none（上图中加粗斜体部分）

第四步：配置openwebmail.conf。

运行命令

#vi /var/www/cgi-bin/openwebmail/etc/openwebmail.conf 

显示如下的配置文件：

# Open WebMail configuration file

#

# This file contains just the overrides from defaults/openwebmail.conf,

# please make all changes to this file.

#

# This file sets options for all domains and all users.

# To set options on per domain basis, please put them in sites.conf/domainname

# To set options on per user basis, please put them in users.conf/username

#

# Open WebMail configuration file

#

# This file contains just the overrides from defaults/openwebmail.conf,

# please make all changes to this file.

#

# This file sets options for all domains and all users.

# To set options on per domain basis, please put them in sites.conf/domainname

# To set options on per user basis, please put them in users.conf/username

#

# Please refer to openwebmail.conf.help for the description of each option

#

domainnames             auto

auth_module             auth_unix.pl

mailspooldir            /var/spool/mail

ow_cgidir               /var/www/cgi-bin/openwebmail

ow_cgiurl               /cgi-bin/openwebmail

ow_htmldir              /var/www/data/openwebmail

ow_htmlurl              /openwebmail

logfile                 /var/log/openwebmail.log

 

enable_viruscheck        no

enable_spamcheck         no

enable_learnspam         no

 

default_iconset          Default

default_fscharset        none

 

<default_signature>

--

Open WebMail Project (http://openwebmail.org)

</default_signature>

将上面配置文件中，如下所列的各项按照下面的配置进行修改（上面配置文件中加粗斜体部分）。

domainnames          auto

auth_module           auth_unix.pl

mailspooldir            /var/spool/mail

ow_cgidir                      /var/www/cgi-bin/openwebmail

ow_cgiurl                      /cgi-bin/openwebmail

ow_htmldir             /var/www/data/openwebmail

ow_htmlurl             /openwebmail

logfile                     /var/log/openwebmail.log

spellcheck                     /usr/bin/aspell

第五步：修改dbm.conf文件。

运行命令

#vi /var/www/cgi-bin/openwebmail/etc/defaults

显示如下的配置文件：

#

# config file for dbm.pl

#

 

# dbm_ext

# -----------------------------------------------------------------------

# This is the extension name for the dbm file on your system

#

# ps: You can run 'perl openwebmail/misc/test/dbmtest.pl' to get value for this

 

# dbmopen_ext

# -----------------------------------------------------------------------

# This is the db extension passed to the dbmopen() call.

# It should be set to 'none' in most case. You need to set it to %dbm_ext%

# only if you use any DB File module in script explicitly

#

# ps: It is said this option needs to be set to '%dbm_ext%' on the Sun

#      Cobal server or Slackware 8.x.

#      You can run 'perl openwebmail/misc/test/dbmtest.pl' to get value for this

 

# dbmopen_haslock

# -----------------------------------------------------------------------

# If your perl dbm system will do filelock in dbmopen() by itself,

# set this option to 'yes' so openwebmail won't do unnecessary filelock

# before dbmopen. On most systems, this option should be set to 'no'.

#

# ps: If your openwebmail hangs after login or saving preference,

#      you probablely need to set this option to 'yes'

 

dbm_ext                 .db

dbmopen_ext             .db

dbmopen_haslock         no

将上面配置文件中，如下所列的各项按照下面的配置进行修改（上面配置文件中加粗斜体部分）。

dbm_ext                              .db

dbmopen_ext                       .db

dbmopen_haslock                no

第六步：执行Openwebmail的初始化。

运行命令：

# /var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init

第七步：启动httpd服务。

运行命令：

# service httpd start

这样就完成了Openwebmail的所有配置。

 

转载于:https://blog.51cto.com/sngyqd/393263