Sendmail邮件服务器的配置

E. Sendmail实现ssl加密传输的设置

进入/etc/pki/dovecot/certs/目录，执行： $ make sendmail.pem

输入相应的信息生成sendmail.pem认证文件。

修改/etc/mail/sendmail.mc文件，找到以下四行，将其前面的注释符号去掉，打开Sendmail的ssl认证：

define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl

define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl 注释掉其他没有ssl认证的端口（这个默认端口为465）：

注意一个问题：OutLook Expre3ss只能从端口25进行STARTTLS, Mozilla只能使用STARTTLS，ForMail支持指定端口465进行传输，所以如果要提供对于OutLook或者Mozilla的支持，需要打开25端口或者 587端口

dnl DAEMON_OPTIONS(`Port=smtp,。。。。 )dnl #25 dnl DAEMON_OPTIONS(`Port=submission,。。。。 )dnl #587 dnl DAEMON_OPTIONS(`Port=25,。。。。 )dnl dnl DAEMON_OPTIONS(`Port=587,。。。。 )dnl 打开默认的ssl认证端口:

DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

运行命令，使配置生效: $ m4 sendmail.mc >sendmail.cf 重启sendmail服务

三、 Dovect服务器的搭建，提供pop3s和imaps服务

SendMail只能实现SMTP协议的功能，而目前在使用邮件系统时很多用户还是习惯使用类似foxmail的一些邮件客户端软件，这些软件通常都支持pop3、IMAP4等协议。如果希望在RHEL中实现pop3、IMAP4需要使用dovecot。

默认的pop3和imap提供的是明文传输，安装完成后，只要直接启动dovecot服务即可，如果需要打开pop3s和imaps服务，需要如下配置:

修改在/etc/dovecot.conf文件，在 protocls = imap imaps pop3 pop3s

行中删除不需要协议，为了安全，我们使用如下配置： protocls = imaps pop3s

在/etc/pki/tls/certs目录下输入以下命令生成密钥： $make dovect.pem

根据提示输入相应信息生成认证文件，并修改相应配置

重启dovect服务即可 使用命令查看端口： $netstat –lnupt

tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 4150/sendmail: ace tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 4111/dovecot tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 4111/dovecot

附录：

1

添加本地路由

在linux下添加本地路由修改/etc/hosts即可；

在windows下，修改%windir%/system32/drivers/etc/hosts即可。 2

Access数据的参数说明

The sendmail access database file can be created to accept or reject mail from selected domains.

Since \is a database, after creating the text file, use makemap to create the database map.

# makemap hash /etc/mail/access.db < /etc/mail/access

Below is what my access file currently looks like and can be used as a starting point. All internal addresses have been changed except for spammers!!

# by default we allow relaying from localhost... localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY

# Allow Connect from local server IPs Connect:207.44.206.144 OK

# Accept Mail

# accept mail from PayPal paypal.com OK

# Reject Mail

posterclub@e.allposters.com REJECT posterclub@email.allposters.com REJECT plastmarket.com REJECT jr@jrtr.org REJECT 7b2.606@fe01.atl2.webusenet.com REJECT mysoldpad.com REJECT

# Discard Mail

1and1-private-registration.com DISCARD # forum admin mails:

fictionaluser@gmail.com DISCARD

# Reject full mailbox

fictionaluser@linuxweblog.com ERROR:4.2.2:450 mailbox full fictionaluser@linuxweblog.net REJECT

# Blacklist recipients

linuxweblog.net ERROR:550 That host does not accept mail

# Spam friend domains: exempt domains from dnsbl list checking Spam:linuxweblog.org FRIEND

# Spam friend users: exempt email users from dnsbl list checking # example:

# Spam:user@domain.tld FRIEND # clients

Spam:fictionalclient@hotmail.com FRIEND

# Auto REJECT via hourly cron added below

Below are more examples and explanations for reference which comes from the sendmail-cf distribution docs.

The table itself uses e-mail addresses, domain names, and network numbers as keys.

Note that IPv6 addresses must be prefaced with \For example:

spammer@aol.com REJECT cyberspammer.com REJECT TLD REJECT 192.168.212 REJECT IPv6:2002:c0a8:02c7 RELAY IPv6:2002:c0a8:51d2::23f4 REJECT

would refuse mail from spammer@aol.com, any user from cyberspammer.com (or any host within the cyberspammer.com domain), any host in the entire top level domain TLD, 192.168.212.* network, and the IPv6 address 2002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 2002:c0a8:02c7::/48.

The value part of the map can contain: