rhel5之sendmail、dovecot配置

一、dns的配置:

我的配置如下所示：

[root@server2 named]# cat rhel5.com.cn.zone
$TTL    86400
@               IN SOA ns1.rhel5.com.cn.       root (
                                        2009032909      ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                IN NS           ns1.rhel5.com.cn.
               IN   MX 10     mail.rhel5.com.cn.
ns1             IN A            192.168.1.12
www             IN A            192.168.1.12
mail            IN A            192.168.1.12
ftp             IN A            192.168.1.12
proxy           IN A            192.168.1.12

[root@server2 named]# cat 192.168.1.zone

$TTL    86400
@       IN      SOA     ns1.rhel5.com. root (
                                      2009032907 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
        IN      NS      ns1.rhel5.com.
11      IN      PTR     ns1.rhel5.com.
        IN      PTR     [url]www.rhel5.com.[/url]
        IN      PTR     mail.rhel5.com.
        IN      PTR     ftp.rhel5.com.
        IN      PTR     server1.rhel5.com.
        IN      PTR     proxy.rhel5.com.
12      IN      PTR     ns1.rhel5.com.cn.
        IN      PTR     server2.rhel5.com.
        IN      PTR     [url]www.rhel5.com.cn.[/url]
        IN      PTR     mail.rhel5.com.cn.
        IN      PTR     ftp.rhel5.com.cn.
        IN      PTR     proxy.rhel5.com.cn.
13      IN      PTR     server3.rhel5.com.

二、sendmail相關軟件包安裝：

sendmail-8.13.8-2.el5.i386.rpm

sendmail-devel-8.13.8-2.el5.i386.rpm

sendmail-cf-8.13.8-2.el5.i386.rpm

sendmail-doc-8.13.8-2.el5.i386.rpm

m4-1.4.5-3.el5.1.i386.rpm

dovecot-1.0.7-7.el5.i386.rpm

建議用yum安裝，可以自動解決依賴問題。

sendmail的配置文件主要存在與/etc/mail目錄下:

[root@server2 mail]# ls
access       domaintable.db    mailertable     sendmail.cf   submit.cf      trusted-users
access.db    helpfile          mailertable.db sendmail.mc   submit.cf.bak virtusertable
domaintable local-host-names Makefile        spamassassin submit.mc      virtusertable.db

三個名詞解釋：

MUA：郵件用戶代理（Mail User Agent）

MTA：郵件傳輸代理（Mail Transfer Agent）

MDA：郵件遞送代理（Mail Delivery Agent）

三、配置sendmail:

主要步驟：

（1）配置sendmail.mc文件

[root@server2 mail]# vi sendmail.mc

設置SMTP的用戶認證,找到以下兩行，取消前面的註釋，如下所示：

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

找到下行，將smtp偵聽範圍127.0.0.1改爲0.0.0.0

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl

修改域,找到LOCAL_DOMAIN(`localhost.localdomain')dnl此行,將其改爲LOCAL_DOMAIN(`rhel5.com.cn')dnl

（2）使用m4工具將sendmail.mc文件導入sendmail.cf文件

[root@server2 mail]# m4 sendmail.mc >sendmail.cf

（3）配置local-host-names文件

[root@server2 mail]# vi local-host-names

# local-host-names - include all aliases for your machine here.
rhel5.com.cn
mail.rhel5.com.cn

（4）建立用戶帳號

[root@server2 mail]# for user in student1 student2;do useradd -g 500 -G student -d /home/$user -s /bin/bash $user;echo redhat|passwd --stdin $user;done;
useradd: user student1 exists
Changing password for user student1.
passwd: all authentication tokens updated successfully.
useradd: user student2 exists
Changing password for user student2.
passwd: all authentication tokens updated successfully.
[root@server2 mail]# ls /home/
student student1 student2

羣發郵件設置：

編輯/etc/alias文件,aliases文件語法格式：

別名：真實名1，真實名2

student1: user1,user2
student2: user3,user4

使用newaliases命令生成aliases.db數據庫文件:

[root@server2 mail]# newaliases
/etc/aliases: 78 aliases, longest 11 bytes, 803 bytes total

(5) 配置訪問控制的access文件:

[root@server2 mail]# vi access

# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
Connect:localhost.localdomain            RELAY
Connect:localhost                             RELAY
Connect:127.0.0.1                           RELAY
Connect:192.168.1                          RELAY

生成access數據庫文件:

[root@server2 mail]# makemap hash access.db <access

(6),配置dovecot:

默認情況下，/etc/dovecot.conf文件是不用修改的就可以使用。

（6）重新啓動服務使配置生效

[root@server2 mail]# service saslauthd start
Starting saslauthd: [ OK ]
[root@server2 mail]# service dovecot start
Starting Dovecot Imap: [ OK ]

[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]

檢查是否成功啓動：

[root@server2 mail]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:2208              0.0.0.0:*                   LISTEN      3046/hpiod
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2736/portmap
tcp        0      0 192.168.1.12:53             0.0.0.0:*                   LISTEN      2706/named
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      3087/cupsd
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      3770/sendmail: acce
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      2706/named
tcp        0      0 127.0.0.1:2207              0.0.0.0:*                   LISTEN      3051/python
tcp        0      0 :::993                      :::*                        LISTEN      3708/dovecot
tcp        0      0 :::995                      :::*                        LISTEN      3708/dovecot
tcp        0      0 :::110                      :::*                        LISTEN      3708/dovecot
tcp        0      0 :::143                      :::*                        LISTEN      3708/dovecot
tcp        0      0 :::22                       :::*                        LISTEN      3071/sshd
tcp        0      0 ::1:953                     :::*                        LISTEN      2706/named
udp        0      0 0.0.0.0:37392               0.0.0.0:*                               2706/named
udp        0      0 0.0.0.0:34478               0.0.0.0:*                               3260/avahi-daemon:
udp        0      0 192.168.1.12:53             0.0.0.0:*                               2706/named
udp        0      0 0.0.0.0:69                  0.0.0.0:*                               3104/xinetd
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               3260/avahi-daemon:
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2736/portmap
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               3087/cupsd
udp        0      0 :::44886                    :::*                                    2706/named
udp        0      0 :::5353                     :::*                                    3260/avahi-daemon:
udp        0      0 :::40315                    :::*                                    3260/avahi-daemon:

防火牆配置：

[root@server2 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m multiport --dport 25,110,143,993,995 -j ACCEPT

993對應的是imaps,995對應的是pop3s。這個在後面說。

windows上測試：

C:\>telnet mail.rhel5.com.cn 25

220 server2.rhel5.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 31 Mar 2009 22:12:16 +0
800
ehlo hello
250-server2.rhel5.com Hello xzxj [192.168.1.156], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP

C:\>telnet mail.rhel5.com.cn 110

+OK Dovecot ready.

C:\>telnet mail.rhel5.com.cn 143

* OK Dovecot ready.

全部都測試成功。

(7) 配置基於ssl的sendmail.

首先配置dovecot的ssl加密：

進到/etc/pki/dovecot目錄，修改下dovecot-openssl.cnf此文件，我修改後的文件如下：

[root@server2 dovecot]# vi dovecot-openssl.cnf

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)
#C=CN

# State or Province Name (full name)
#ST=zhejiang

# Locality Name (eg. city)
#L=Hangzhou

# Organization (eg. company)
#O=xzxj

# Organizational Unit Name (eg. section)
OU=mail.rhel5.com.cn

# Common Name (*.example.com is also possible)
CN=rhel5

# E-mail contact
[email protected]

[ cert_type ]
nsCertType = server

在執行之前，將/etc/pki/dovecot目錄下的所有dovecot.pem文件刪除，然後進到/usr/share/doc/dovecot-1.0.7/examples目錄裏執行mkcert.sh腳本：

[root@server2 examples]# ./mkcert.sh
Generating a 1024 bit RSA private key
..................++++++
....++++++
writing new private key to '/etc/pki/dovecot/private/dovecot.pem'
-----

subject= /OU=mail.rhel5.com.cn/CN=rhel5/[email protected]
SHA1 Fingerprint=FB:42:D3:3A:D3:97:54:55:CB:4F:25:43:D3:02:AD:B5:D4:32:22:7D

完了後會在/etc/pki/dovecot目錄下產生新的dovecot.pem文件。

接着修改/etc/dovecot.conf文件：

[root@server2 ~]# vi /etc/dovecot.conf

找到此行，將前面的註釋符去掉：

protocols = imap imaps pop3 pop3s，接着加入下面內容，設置監聽的地址以及端口號：

protocol imap {
       listen = 192.168.1.12:143
       ssl_listen = 192.168.1.12:993
    }
    protocol pop3 {
       listen = 192.168.1.12:110
       ssl_listen = 192.168.1.12:995
    }

去掉ssl_disable = no前面的註釋符，最後修改以下兩行：

ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem

將前面的註釋符去掉，dovecot.pem此文件之先創建過，這裏不用修改了。

接着配置sendmail的ssl加密：
[root@server2 certs]# cd /etc/pki/tls/certs

[root@server2 certs]# make sendmail.pem
umask 77 ; \
        PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
        PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
        /usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
        cat $PEM1 > sendmail.pem ; \
        echo ""    >> sendmail.pem ; \
        cat $PEM2 >> sendmail.pem ; \
        rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
............................................++++++
....++++++
writing new private key to '/tmp/openssl.Ow4054'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:zhejiang
Locality Name (eg, city) [Newbury]:HZ
Organization Name (eg, company) [My Company Ltd]:xzxj
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:mail.rhel5.com.cn
Email Address []:[email protected]

[root@server2 certs]# ls
ca-bundle.crt localhost.crt make-dummy-cert Makefile sendmail.pem

修改/etc/mail/sendmail.mc文件，找到以下四行，將其前面的註釋符號去掉：

define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl

接着註釋下行：

dnl DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl

去掉下行前面的dnl後爲

DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

[root@server2 mail]# m4 sendmail.mc >sendmail.cf

重啓dovecot和sendmail，使配置生效！

[root@server2 mail]# service dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]

[root@server2 certs]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:2208              0.0.0.0:*                   LISTEN      3046/hpiod
tcp        0      0 192.168.1.12:993            0.0.0.0:*                   LISTEN      4111/dovecot
tcp        0      0 192.168.1.12:995            0.0.0.0:*                   LISTEN      4111/dovecot
tcp        0      0 192.168.1.12:110            0.0.0.0:*                   LISTEN      4111/dovecot
tcp        0      0 192.168.1.12:143            0.0.0.0:*                   LISTEN      4111/dovecot
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2736/portmap
tcp        0      0 0.0.0.0:465                 0.0.0.0:*                   LISTEN      4150/sendmail: acce
tcp        0      0 192.168.1.12:53             0.0.0.0:*                   LISTEN      2706/named
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      3087/cupsd
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      2706/named
tcp        0      0 127.0.0.1:2207              0.0.0.0:*                   LISTEN      3051/python
tcp        0      0 :::22                       :::*                        LISTEN      3071/sshd
tcp        0      0 ::1:953                     :::*                        LISTEN      2706/named
udp        0      0 0.0.0.0:37392               0.0.0.0:*                               2706/named
udp        0      0 0.0.0.0:34478               0.0.0.0:*                               3260/avahi-daemon:
udp        0      0 192.168.1.12:53             0.0.0.0:*                               2706/named
udp        0      0 0.0.0.0:69                  0.0.0.0:*                               3104/xinetd
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               3260/avahi-daemon:
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2736/portmap
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               3087/cupsd
udp        0      0 :::44886                    :::*                                    2706/named
udp        0      0 :::5353                     :::*                                    3260/avahi-daemon:
udp        0      0 :::40315                    :::*                                    3260/avahi-daemon:

防火牆的配置：

基於ssl的sendmail使用的端口是465；

[root@server2 certs]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 465 -j ACCEPT

,到此基於ssl的郵件服務就完畢了。

(8) 測試

使用windows的outlook測試發信和收信。

日誌信息如下所示：

Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:12 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:13 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:58:32 server2 sendmail[4232]: STARTTLS=server, relay=xzxj [192.168.1.156], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Mar 31 22:58:32 server2 sendmail[4232]: AUTH=server, relay=xzxj [192.168.1.156], authid=student1, mech=LOGIN, bits=0
Mar 31 22:58:32 server2 sendmail[4232]: n2VEwWq3004232: from=<[email][email protected][/email]>, size=1278, class=0, nrcpts=1, msgid=<88D5650C92C5466F87510EE8FB998C82@xzxj>, proto=ESMTP, daemon=TLSMTA, relay=xzxj [192.168.1.156]
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user4, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user3, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user2, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user1, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: n2VEwWq3004235: postmaster notify: User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004235: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32560, dsn=2.0.0, stat=Sent

發送成功了。

ok，也正常接收成功！

rhel5之sendmail、dovecot配置

[轉帖]使用NMT和pmap解決JVM資源泄漏問題原創

Python實現大麥網搶票的四大關鍵技術點解析

Python 安裝庫指令大全

salesforce零基礎學習（一百三十八）零碎知識點小總結（十）

一款開源的.NET程序集反編譯、編輯和調試神器

關於接口協議，你必須要知道這些！

2020年上半年數據庫系統工程師考試

基於 Milvus + LlamaIndex 實現高級 RAG

【2024-05-21】以茶會友

GaussDB T 1.0.2分佈式集羣部署故障總結

GaussDB T分佈式集羣部署以及升級指南

GaussDB 100單機版升級指南

GaussDB 100單機版安裝初體驗

Oracle Solaris Cluster 4.4 Quorum故障處理

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結