Сервер Red Hat Linux 7.1, Red Hat Linux 9.0
Общие аспекты
Первым делом редактируется конфигурационный файл /etc/mail/sendmail.mc. Строчки, начинающиеся с dnl являются закоментированными, также, данное сочетание можно обнаружить и в конце строки. После манипуляций мы должны получить файл /etc/sendmail.cf. По сути sendmail настроен на приём и отправку почты в пределах локальной машины (localhost). Закоментировав одну строчку, мы открываем 25-ый порт машинам, оказанным в файле /etc/mai/access. После этого перегружается демон sendmail.
Настройки sendmail на сервере shrek.technet (Red Hat 9)
sendmail v.8.12.8-5.90
Здесь указаны файлы, которые надо менять.
Конфигурационный файл /etc/mail/sendmail.mc
[root@shrek /root]# less /etc/mail/sendmail.mc divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for Red Hat Linux')dnl OSTYPE(`linux')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # ##dnl define(`SMART_HOST',`smtp.your.provider') dnl # DOMAIN(generic)dnl define(`confDEF_USER_ID',``8:12'')dnl define(`confTRUSTED_USER', `smmsp')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # make -C /usr/share/ssl/certs usage dnl # dnl define(`confCACERT_PATH',`/usr/share/ssl/certs') dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires dnl # a kernel patch dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl [root@shrek /root]#
Собрать файл sendmail.cf следуюущей командой:
[root@shrek /root]# make -C /etc/mail [root@shrek /root]#
Конфигурационный файл /etc/mail/access
[root@shrek /root]# less /etc/mail/access # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY 172.18.1.3 OK 172.18.1.4 OK 172.18.1.10 OK 172.18.1.11 OK 172.18.1.12 OK 172.18.1.13 OK 172.18.1.14 OK 172.18.1.15 OK 172.18.1.16 OK 172.18.1.17 OK 172.18.1.18 OK 172.18.1.19 OK 172.18.1.20 OK 172.18.1.21 OK 172.18.1.22 OK 172.18.1.23 OK 172.18.1.24 OK 172.18.1.25 OK 172.18.1.26 OK 172.18.1.27 OK 172.18.1.28 OK 172.18.1.29 OK 172.18.1.30 OK 172.18.1.31 OK 172.18.1.32 OK 172.18.1.33 OK 172.18.1.34 OK 172.18.1.35 OK 172.18.1.36 OK 172.18.1.37 OK 172.18.1.38 OK 172.18.1.39 OK 172.18.1.40 OK 172.18.1.41 OK 172.18.1.42 OK 172.18.1.43 OK 172.18.1.44 OK 172.18.1.45 OK 172.18.1.201 OK [root@shrek /root]#
Конфигурационный файл /etc/mail/local-host-names
[root@shrek /root]# less /etc/mail/local-host-names # local-host-names - include all aliases for your machine here. shrek shrek.technet [root@shrek /root]#
Пользователи в файле /etc/passwd
[root@shrek /root]# less /etc/passwd ... luda:x:506:501::/home/luda:/sbin/nologin mattis:x:507:501::/home/mattis:/sbin/nologin nataly:x:508:501::/home/nataly:/sbin/nologin irina:x:509:501::/home/irina:/sbin/nologin ws10:x:510:501::/home/ws10:/sbin/nologin ws11:x:511:501::/home/ws11:/sbin/nologin ... ws44:x:514:501::/home/ws44:/sbin/nologin ws45:x:515:501::/home/ws45:/sbin/nologin [root@shrek /root]#
Настройки sendmail на сервере sos.it.ru (Red Hat 7)
sendmail v.8.11.2
Здесь указаны файлы, которые надо менять.
Конфигурационный файл /etc/mail/sendmail.mc
[root@sos /root]# less /etc/mail/sendmail.mc divert(-1) dnl This is the sendmail macro config file. If you make changes to this file, dnl you need the sendmail-cf rpm installed and then have to generate a dnl new /etc/sendmail.cf by running the following command: dnl dnl m4 /etc/mail/sendmail.mc > /etc/sendmail.cf dnl include(`/usr/share/sendmail-cf/m4/cf.m4') VERSIONID(`linux setup for Red Hat Linux')dnl OSTYPE(`linux') define(`confDEF_USER_ID',``8:12'')dnl undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl dnl define(`STATUS_FILE', `/var/log/sendmail.st')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(local_procmail)dnl FEATURE(`access_db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl This changes sendmail to only listen on the loopback device 127.0.0.1 dnl and not on any other network devices. Comment this out if you want dnl to accept email over the network. dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') dnl TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth/auth-info')dnl dnl FEATURE(`no_default_msa')dnl turn off default entry for MSA dnl DAEMON_OPTIONS(`Port=25, Name=MSA, M=E')dnl dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not have 24x7 DNS do need this. FEATURE(`accept_unresolvable_domains')dnl dnl FEATURE(`relay_based_on_MX')dnl dnl LOCAL_DOMAIN(`localhost.localdomain')dnl MAILER(smtp)dnl MAILER(procmail)dnl [root@sos /root]#
Собрать файл sendmail.cf следуюущей командой:
[root@sos /root]# m4 /etc/mail/sendmail.mc > /etc/sendmail.cf [root@sos /root]#
Доступ к почтовому ящику по POP3
Чтобы почтовый ящик был доступен с клиентских машин, например, по протоколу pop3, требуется установить пакет imap (и imap-devel). Новые протоколы появятся в каталоге /etc/xinetd.d/. Для доступа по протоколу pop3 (порт 110), необходимо в файле /etc/xinetd.d/ipop3 напротив строчки disable поменять yes на no (disable = no) и перезапустить демон xinetd.