服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 如何设置sendmail实际发送邮件(!)
Intereting Posts
最近的Sun机架服务器上的ILOM是否完全支持Linux? 如何防止作为本地pipe理员的Windows客户端删除已安装的程序? libapache2-mod-auth-pgsql和ssl-cert在CentOS中相当 如何组织video和音乐等媒体内容的存储? Robocopy作业,将文件从VM Windows 2003复制到Windows 2008 DFS Share(通过WAN) 将邮件与ssmtp一起发送到SES时发生错误 AS400 IFS的Windowsnetworking驱动器映射(IBM iSeries) 使用一个IP在一台电子邮件服务器上托pipe多个域 禁用Linux命令 卸载Redis CentOs 7 Ubuntu 12.04 – 英镑反向代理和Adobe Flex / Flashauthentication 迁移到数据中心 无意中覆盖了named.conf Linux通过辅助接口路由所有互联网stream量 Exchange 2003自动邮箱大小报告

如何设置sendmail实际发送邮件(!)

我正在configuration一个邮件服务器,但sendmail不允许我发送来自远程设备或/和软件的邮件。 我的configuration:CentOS 6.4,Sendmail 8.14.4。

以下是我在尝试从服务器外部发送电子邮件时收到的消息 

sendmail[25390]: rA4Fp855025390: [213.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA sendmail[25391]: rA4Fp86s025391: ruleset=check_rcpt, arg1=<[email protected]>, relay=[213.xxx], reject=550 5.7.1 <[email protected]>... Relaying denied. IP name lookup failed [213.xxx] sendmail[25391]: rA4Fp86s025391: from=<[email protected]>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[213.xxx]

我知道中继主机有什么东西,但是如果你不知道中继主机怎么办? 我的意思是…无论如何,这是sendmail.mc文件 

 divert(-1)dnl include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for linux')dnl OSTYPE(`linux')dnl dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl dnl define(`confLOG_LEVEL', `9')dnl dnl define(`SMART_HOST', `smtp.your.provider')dnl define(`confDEF_USER_ID', ``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST', `True')dnl define(`confDONT_PROBE_INTERFACES', `True')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl MASQUERADE_AS(mydomain.com)dnl MASQUERADE_DOMAIN(mydomain.com)dnl dnl define(`confAUTH_OPTIONS', `A p')dnl dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confCACERT_PATH', `/etc/mail/certs')dnl dnl define(`confCACERT', `/etc/mail/certs/CAcert.pem')dnl dnl define(`confSERVER_CERT', `/etc/mail/certs/MYcert.pem')dnl dnl define(`confSERVER_KEY', `/etc/mail/certs/MYkey.pem')dnl dnl define(`confCLIENT_CERT', `/etc/mail/certs/MYcert.pem')dnl dnl define(`confCLIENT_KEY', `/etc/mail/certs/MYkey.pem')dnl dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa', `dnl')dnl FEATURE(`smrsh', `/usr/sbin/smrsh')dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl FEATURE(`relay_hosts_only')dnl FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl define(`confLOCAL_MAILER', `cyrusv2')dnl dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') FEATURE(`accept_unresolvable_domains')dnl FEATURE(masquerade_envelope)dnl FEATURE(masquerade_entire_domain)dnl dnl FEATURE(`relay_based_on_MX')dnl LOCAL_DOMAIN(`mydomain.com')dnl dnl MASQUERADE_AS(`mydomain.com')dnl dnl FEATURE(masquerade_envelope)dnl dnl FEATURE(masquerade_entire_domain)dnl dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl dnl MAILER(cyrusv2)dnl

我该怎么办 ? 我如何知道SMTP-AUTH是否工作? TLS?

非常感谢您的帮助 -。-

对于新手来说,sendmail具有相当陡峭的学习曲线,推荐的MTA是postfix。

确定sendmail当前支持的是什么; telnet到smtp端口并发出帮助命令,sendmail将显示它的function:

] $ telnet localhost 25 

  220 example.com ESMTP Sendmail 8; Mon, 4 Nov 2013 17:27:20 +0100

帮帮我 

 214-2.0.0 This is sendmail 214-2.0.0 Topics: 214-2.0.0 HELO EHLO MAIL RCPT DATA 214-2.0.0 RSET NOOP QUIT HELP VRFY 214-2.0.0 EXPN VERB ETRN DSN AUTH 214-2.0.0 STARTTLS

AUTH意味着这个sendmail服务器支持SMTPauthentication。

STARTTLS表示支持SSL / startTLS。

要同时启用,你需要修改你的sendmailconfiguration。 sendmail的configuration文件就是这么清晰的。 更简单的方法是编辑sendmail.mcmacros文件,该文件可用于生成function性的sendmail.cfconfiguration。 以#开头的行是以dnl开头的行。

下面三行代码将启用smtpauthentication: 

  # /etc/mail/sendmail.mc <snip> define(`confAUTH_OPTIONS', `A p')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl <snip>

要启用TLS / SSL取消注释以下行,并确保您的证书(自签名或公开)存在。 

 define(`confCACERT_PATH', `/etc/mail/certs')dnl define(`confCACERT', `/etc/mail/certs/CAcert.pem')dnl define(`confSERVER_CERT', `/etc/mail/certs/MYcert.pem')dnl define(`confSERVER_KEY', `/etc/mail/certs/MYkey.pem')dnl

大多数客户端将通过smtp端口25使用starttls,但通过取消注释,您可以在端口465上使用仅侦听smtp sendmail的smtp sendmail: 

 DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

确保安装了sendmail-cf和cyrus-sasl rpm包: 

  ]# yum -y install cyrus-sasl sendmail-cf

从修改后的sendmail.mc生成新的sendmail.cf并重新启动sendmail 

  ]# cd /etc/mail ; ./make ]# service sendmail restart

为邮件用户configuration首选身份validation方法的sasl身份validation服务器,并确保它将运行。 (默认设置为/ etc / sysconfig / saslauthd中的pam) 

  ]# chkconfig saslauthd on ]# service saslauthd start

现在要testingSMTPAUTH,我们将使用PLAIN方法,我们将检查早期的telnettesting现在是否显示对AUTH方法的支持。

如果是这样,我们将尝试简单的authentication。 这需要一个base64编码的string,其中包含NULL分隔的用户名和密码: 

  ]$ perl -MMIME::Base64 -e 'print encode_base64("\000USERNAME\000PASSWORD");' AFVTRVJOQU1FAFBBU1NXT1JE

现在,我们可以一箭双雕,检查SSL设置和PLAIN身份validation(PLAIN和LOGIN只允许通过SSLencryption连接): 

  ]$ openssl s_client -starttls smtp -connect example.com:25 . <snip more SSL stuff> . --- . SSL handshake has read 17078 bytes and written 357 bytes . --- . New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA . EHLO example2.com . . 250-mail.example.com Hello example2.com [1x.2x.3x.4x], pleased to meet you . 250-ENHANCEDSTATUSCODES . 250-PIPELINING . 250-8BITMIME . 250-SIZE . 250-DSN . 250-ETRN . 250-AUTH LOGIN PLAIN . 250-DELIVERBY . 250 HELP . AUTH PLAIN AFVTRVJOQU1FAFBBU1NXT1JE

现在使用有效的SMTP身份validation的客户端可以使用您的sendmail服务器发送电子邮件。