首先是脚本mail.sh,非常简单!
#!/bin/bash
to=$1
subject=$2
context=$3
echo -e "$context" | mail -v -s "$subject" "$to"
然后就是配置网易邮箱
开启SMTP服务,
申请授权码:
记下来你的授权码:一串字符
#解决使用密码发邮件报错535 Error:authentication failed
修改centos 的/etc/mail.rc文件,添加如下配置:
set bsdcompat
set from=xxxxxxxx@163.com
set smtp=smtps://smtp.163.com:465
set smtp-auth-user=xxxxxxxx@163.com
set smtp-auth-password=FHKGZDxxxxxxxx #这里填写授权码
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/root/.certs #证书的存放目录
创建证书目录
mkdir -p /root/.certs/
[root@VM-16-10-centos]# echo -n | openssl s_client -connect smtp.163.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/163.crt
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust CN RSA CA G1
verify return:1
depth=0 C = CN, ST = Zhejiang, L = Hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", OU = IT Dept., CN = *.163.com
verify return:1
DONE
导入SSL库
certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt
导入全局库
certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt
执行
[root@VM-16-10-centos]# certutil -L -d /root/.certs
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
GeoTrust SSL CA C,,
切到证书目录下
cd /root/.certs/
[root@VM-16-10-centos .certs]# certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ./ -i 163.crt
Notice: Trust flag u is set automatically if the private key is present.
执行邮件发送测试
echo 'hello' |mail -v -s "test" 25XXXXXXXX@qq.com
Resolving host smtp.163.com . . . done.
Connecting to 220.181.12.14:465 . . . connected.
Comparing DNS name: "*.163.com"
SSL parameters: cipher=AES-256-GCM, keysize=256, secretkeysize=256,
issuer=CN=GeoTrust CN RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
subject=CN=*.163.com,OU=IT Dept.,O="NetEase (Hangzhou) Network Co., Ltd",L=Hangzhou,ST=Zhejiang,C=CN
220 163.com Anti-spam GT for Coremail System (163com[20141201])
>>> EHLO VM-16-10-centos
250-mail
250-PIPELINING
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2Ur8GTnJUCa0xDrUUUUj
250-STARTTLS
250 8BITMIME
>>> AUTH LOGIN
334 dXNlcm5hbWU6
>>> bWluZ21pbmc0NzQ1QDE2My5jb20=
334 UGFzc3dvcmQ6
>>> RkhLR1pEQk5TVlZDWldHVw==
235 Authentication successful
>>> MAIL FROM:<XXXXXXXXXX@163.com>
250 Mail OK
>>> RCPT TO:<2XXXXXXXX@qq.com>
250 Mail OK
>>> DATA
354 End data with <CR><LF>.<CR><LF>
>>> .
250 Mail OK queued as smtp10,DsCowACnkL55VJthITyeTw--.5953S2 1637569658
>>> QUIT
221 Bye
成功了
特殊情况
当你把这条命令加到脚本文件里面准备让zabbix去执行时你会发现执行不了,这是我使用了几天之后才发现的,发送邮件的时候会报这样的错误:Error initializing NSS: Unknown error -8015.
问题的根源就在于证书:/root/.certs
这个位置的证书root去执行没有问题,但是zabbix用户就执行不了。
将证书目录移动到zabbix用户可以访问到的地方
]# mv /root/.certs/ /etc/zabbix/
]# ls /etc/zabbix/.certs/
163.crt cert8.db key3.db secmod.db
修改/etc/mail.rc文件证书目录
set from=xxx@163.com #之前设置好的邮箱地址
set smtp="smtps://smtp.163.com:465" #邮件服务器
set smtp-auth-user=xxx@163.com #之前设置好的邮箱地址
set smtp-auth-password=xxxx #授权码
set smtp-auth=login #默认login即可
set ssl-verify=ignore #ssl认证方式
set nss-config-dir=/etc/zabbix/.certs #证书所在目录
测试发邮件,成功!
测试zabbix,还没有权限