记录一下Centos7.9 成功发邮件配置 mail -v -s

首先是脚本mail.sh，非常简单！

#!/bin/bash
to=$1
subject=$2
context=$3
echo -e "$context" | mail -v -s "$subject" "$to"

然后就是配置网易邮箱

开启SMTP服务，

 申请授权码：

记下来你的授权码：一串字符 

 #解决使用密码发邮件报错535 Error：authentication failed

修改centos 的/etc/mail.rc文件，添加如下配置：

set bsdcompat
set from=xxxxxxxx@163.com
set smtp=smtps://smtp.163.com:465 
set smtp-auth-user=xxxxxxxx@163.com
set smtp-auth-password=FHKGZDxxxxxxxx  #这里填写授权码
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/root/.certs  #证书的存放目录

创建证书目录

mkdir -p /root/.certs/

[root@VM-16-10-centos]# echo -n | openssl s_client -connect smtp.163.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/163.crt
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust CN RSA CA G1
verify return:1
depth=0 C = CN, ST = Zhejiang, L = Hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", OU = IT Dept., CN = *.163.com
verify return:1
DONE

导入SSL库 

certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt

导入全局库

certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt

 执行

[root@VM-16-10-centos]# certutil -L -d /root/.certs

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

GeoTrust SSL CA                                              C,,  

切到证书目录下 

cd /root/.certs/

[root@VM-16-10-centos .certs]# certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu"  -d ./ -i 163.crt
Notice: Trust flag u is set automatically if the private key is present.

 执行邮件发送测试

echo 'hello' |mail -v -s "test" 25XXXXXXXX@qq.com

Resolving host smtp.163.com . . . done.
Connecting to 220.181.12.14:465 . . . connected.
Comparing DNS name: "*.163.com"
SSL parameters: cipher=AES-256-GCM, keysize=256, secretkeysize=256,
issuer=CN=GeoTrust CN RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
subject=CN=*.163.com,OU=IT Dept.,O="NetEase (Hangzhou) Network Co., Ltd",L=Hangzhou,ST=Zhejiang,C=CN
220 163.com Anti-spam GT for Coremail System (163com[20141201])
>>> EHLO VM-16-10-centos
250-mail
250-PIPELINING
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2Ur8GTnJUCa0xDrUUUUj
250-STARTTLS
250 8BITMIME
>>> AUTH LOGIN
334 dXNlcm5hbWU6
>>> bWluZ21pbmc0NzQ1QDE2My5jb20=
334 UGFzc3dvcmQ6
>>> RkhLR1pEQk5TVlZDWldHVw==
235 Authentication successful
>>> MAIL FROM:<XXXXXXXXXX@163.com>
250 Mail OK
>>> RCPT TO:<2XXXXXXXX@qq.com>
250 Mail OK
>>> DATA
354 End data with <CR><LF>.<CR><LF>
>>> .
250 Mail OK queued as smtp10,DsCowACnkL55VJthITyeTw--.5953S2 1637569658
>>> QUIT
221 Bye

成功了

特殊情况

当你把这条命令加到脚本文件里面准备让zabbix去执行时你会发现执行不了，这是我使用了几天之后才发现的，发送邮件的时候会报这样的错误：Error initializing NSS: Unknown error -8015.

问题的根源就在于证书：/root/.certs

这个位置的证书root去执行没有问题，但是zabbix用户就执行不了。

将证书目录移动到zabbix用户可以访问到的地方

]# mv /root/.certs/   /etc/zabbix/
]# ls /etc/zabbix/.certs/
163.crt  cert8.db  key3.db  secmod.db

修改/etc/mail.rc文件证书目录

set from=xxx@163.com #之前设置好的邮箱地址
set smtp="smtps://smtp.163.com:465" #邮件服务器
set smtp-auth-user=xxx@163.com #之前设置好的邮箱地址
set smtp-auth-password=xxxx #授权码
set smtp-auth=login #默认login即可
set ssl-verify=ignore #ssl认证方式
set nss-config-dir=/etc/zabbix/.certs #证书所在目录

测试发邮件，成功！

测试zabbix，还没有权限