环境:RedHat Linux 9.0 完全安装或者确保以下安装包已经安装完毕:
imap-2001a-18.i286.rpm
sendmail-8.12.8-4.i386.rpm
m4-1.4.1-13.i386.rpm
cyrus-sasl-2.1.10-4.i386.rpm
cyrus-sasl-md5-2.1.10-4.i386.rpm
cyrus-sasl-plain-2.1.10-4.i386.rpm
cyrus-sasl-gssapi-2.1.10-4.i386.rpm
目的:实现带认证功能的邮件服务器的配置安装
一. Sendmail服务配置
1. 安装RedHat Linux 9.0后,修改/etc/mail/sendmail.mc,修改后文件如下:
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTRUSTED_USER', `smmsp')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
[color=red]define(QUEUE_DIR, `/var/spool/mqueue/q*')[/color]
[color=red]TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl[/color]
[color=red]define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl[/color]
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF>; -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
[color=red]dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl[/color]
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
[color=red]DAEMON_OPTIONS(`Port=25, Name=MSA')dnl[/color]
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
文件中,红色字体的行为需要修改的地方,共有五行需要修改。
第一行是手动添加的,与认证无关,作用是启动多个邮件队列,为了获得更好的传输性能。
第二行和第三行是去掉行首的注释。”TRUST_AUTH_MECH”的作用是使sendmail不管access文件中如何设置,都能 relay 那些通过EXTERNAL, LOGIN, PLAIN, CRAM-MD5或DIGEST-MD5等方式验证的邮件,”confAUTH_MECHANISMS" 的作用是确定系统的认证方式。Outlook Express支持的认证方式是LOGIN。
第四行是加上注释,以便让sendmail可以侦听所有网络设备,为整个网络提供服务,而不仅仅只对本机提供服务。
第五行是修改的,原来内容是:
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
去掉行首的注释符,并且将内容修改成Port=25:
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
在smtp的默认端口(25)上进行认证,而不是587端口。这样就强制所有使用该邮件服务器进行邮件转发的用户在认证后才能发邮件了。
2. 运行:
# m4 /etc/mail/sendmail.mc >; /etc/sendmail.cf
用m4重新生成sendmail.cf文件
3. 既然我们打开了多个队列,现在我们在/var/spool/mqueue/下创建任意多个队列目录,运行:
# cd /var/spool/mqueue
# mkdir q1 q2 q3 q4 q5 q6
4. 修改/etc/mail/local-host-names,将希望该邮件服务器使用的邮箱名加进去,比如邮箱为:xxx@abc.com.cn则将abc.com.cn加入到该文件中。
5. 重新启动sendmail服务,运行:
# killall –HUP sendmail
6. 可以通过telnet 本机IP 25来验证sendmail服务是否已经正常启动,若登陆成功,则说明sendmail服务已经成功启动。
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'
220 localhost.localdomain ESMTP Sendmail 8.12.8/8.12.8; Wed, 12 May 2004 15:57:01 +0800
ehlo localhost
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI LOGIN PLAIN
250-DELIVERBY
250-HELP
quit
#
在AUTH后面有LOGIN就基本上可以在OutlookExpress上认证了。
二. Pop3服务配置:
1. 运行:
# ntsysv
在系统服务列表中选中ipop3,选’OK’保存推出
2. 重启xinetd服务,运行:
# service xinetd restart
3. 运行netstat命令看smtp和pop3服务是否都已经启动
# netstat -l
以前曾经参考过心余和peng两位大侠的关于在RedHat8.0下配置带认证功能的sendmail邮件服务器的帖子,但是照做后发现有问题。不妥的地方在于配置文件
/etc/mail/sendmail.mc中的两句:
DAEMON_OPTIONS(`Port=25, Name=MTA')dnl
DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')dnl
根据这样的配置,sendmail只有在587端口才对用户强制进行身份认证,而在smtp服务默认用的端口25(OutlookExpress上默认用的就是25)上则用户认不
认证都无所谓,我在OutlookExpress上选择“我的服务器要求身份认证”sendmail就进行认证,若不选该选项,sendmail服务器不加任何认证就会转发任
何邮件。这种策略显然是不合理的,安全的策略是只在默认的25端口强制进行身份认证,否则不予转发邮件,在其他端口根本不打开。因而这两句应合成一
句:
[color=red]DAEMON_OPTIONS(`Port=25, Name=MSA')dnl[/color]
在这种配置下,邮件服务器仅在收发双方都是本地用户的时候才不强制进行身份认证,其他情况的时候都要进行认证。这篇贴子没有经过严格测试就发出来了,实在是对不住大家,现在我已经改正了相应的配置,就是上面的一句话。在此道歉! :oops:
jamian 回复于:2004-05-12 18:18:09
Thanks!
I want this long time... :em10:
odyness 回复于:2004-05-13 10:43:07
我将587改为25后,一发邮件,sendmail进程就退出啊。请楼主赐教。
hk007 回复于:2004-05-13 14:36:55
不好意思,没有遇到过这种现象,是不是系统装的有问题?不应该的呀,没有道理一个请求使得后台服务进程退出的。可以察看一下日志文件,看看有没有什么错误信息,日志文件位置在:
/var/log/maillog
最新的内容在最后面,查查看先?
odyness 回复于:2004-05-14 11:29:34
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: server SMTP socket wedged: exiting
怎么解决啊?
odyness 回复于:2004-05-14 11:31:50
OQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use daemon MSA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: server SMTP socket wedged: exiting
怎么解决啊?
hbt0755 回复于:2004-05-14 13:31:54
请将DAEMON_OPTIONS(`Port=25, Name=MSA, M=Ea')dnl中的M=Ea改为M=E即可
odyness 回复于:2004-05-14 14:55:38
谢谢。不过,foxmail居然不用认证也能发邮件,郁闷。outlook倒是不经认证就不能发送。
ilovecr 回复于:2004-05-14 15:22:56
[color=blue]根据这样的配置,sendmail只有在587端口才对用户强制进行身份认证,而在smtp服务默认用的端口25(OutlookExpress上默认用的就是25)上则用户认不
认证都无所谓,我在OutlookExpress上选择“我的服务器要求身份认证”sendmail就进行认证,若不选该选项,sendmail服务器不加任何认证就会转发任
何邮件。这种策略显然是不合理的,安全的策略是只在默认的25端口强制进行身份认证,否则不予转发邮件,在其他端口根本不打开。因而这两句应合成一 [/color]
這個不對吧。印象中 sendmail.mc中的註釋不是這樣講的。
ilovecr 回复于:2004-05-14 15:27:39
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
odyness 回复于:2004-05-14 15:35:42
那改成25后,foxmail为啥不用认证也能发送啊?foxmail也是通过25端口发送邮件的。
ilovecr 回复于:2004-05-14 16:57:22
请问:
是不是您也设置了 access ?
而恰好包含您的ip?
ぁ天上人间ぁ 回复于:2004-05-15 09:52:50
垃圾
d18zj 回复于:2004-05-24 09:40:18
引用:..根据这样的配置,sendmail只有在587端口才对用户强制进行身份认证,而在smtp服务默认用的端口25(OutlookExpress上默认用的就是25)上则用户认不
认证都无所谓,我在OutlookExpress上选择“我的服务器要求身份认证”sendmail就进行认证,若不选该选项,sendmail服务器不加任何认证就会转发任
何邮件。这种策略显然是不合理的,安全的策略是只在默认的25端口强制进行身份认证,否则不予转发邮件,在其他端口根本不打开。因而这两句应合成一
句: ...
其实可以在access文件里拒绝为任何人Relay,这样的话就必须通过验证后才能转发邮件啊
不过我验证的出了问题啊,望大侠指教:
Trying 192.168.70.11...
Connected to 192.168.70.11.
Escape character is '^]'.
220 mail.d18.com ESMTP Sendmail 8.12.10/8.12.10; Mon, 24 May 2004 09:33:21 +0800ehlo d18.com
250-mail.d18.com Hello [192.168.70.11], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
如果这样的话验证应该是没问题的吧,可是我在Outlook express里面总是验证通不过,直接在Telnet里面输入:auth login;base64编码后的username和密码,提示验证失败,这是什么问题啊?该做的,我都做了啊,我都快急疯了!!
查看/var/log/maillog,发现有下列信息:
May 24 09:09:50 DGIT01 sendmail[1537]: i4O19maX001537: [192.168.70.11] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
hk007 回复于:2004-05-24 16:36:17
在access文件中不要设置拒绝转发任何邮件,我是将access文件清空在重新生成access.db,让sendmail完全按照sendmail.cf中的配置去做。
d18zj 回复于:2004-05-24 19:46:45
引用:原帖由 "hk007"]在access文件中不要设置拒绝转发任何邮件,我是将access文件清空在重新生成access.db,让sendmail完全按照sendmail.cf中的配置去做。
发表:
对,sendmail默认就是拒绝转发任何邮件。
我的smtp验证问题终于自己搞定了,我得出了一个结验,“没事多看看日志!”
chenyajun5 回复于:2004-05-30 20:32:10
楼上 的兄弟,我总是搞不定阿,,
谈谈你的做法,
chenyajun5 回复于:2004-05-30 21:09:37
请问 d18zj:
你是如何搞定的,
birdielu 回复于:2004-05-31 09:26:18
为什么我的完全按照上面的改动却不行能, 下面是返回的消息:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 birdie.com ESMTP Sendmail 8.12.11/8.12.8; Mon, 31 May 2004 09:23:15 +0800
ehlo localhost
250-birdie.com Hello ljf [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-DELIVERBY
250 HELP
quit
我在.mc文件是完全按照楼主作的, 怎么办呢?
wujack 回复于:2004-05-31 20:52:15
我也是只能在outlook里才能认证,foxmail里不认证就可以发信,问题出在哪里啊??????
hk007 回复于:2004-06-01 17:58:06
不好意思,原来我的配置还没有经过严格的测试,现在已经改了,其中的一句DAEMON_OPTIONS(`Port=25, Name=MSA, M=Ea')dnl
应该为:
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
把M=Ea去掉,这样应用的是默认规则,即只有在发件人或收件人中至少有一方是服务器本地用户是才予以转发(Relay),否则拒绝转发。
这样的话,只有本地用户给本地用户发送邮件时服务起不加身份认证也照样发送,但只要有一方不是本地用户,服务器就强行进行身份认证。这次应该没有问题了,这种配置已经在我们公司的服务器上稳定工作了一段时间。对外手法邮件都没有问题。
抱歉! :oops:
d18zj 回复于:2004-06-02 09:28:35
引用:原帖由 "chenyajun5" 发表:
楼上 的兄弟,我总是搞不定阿,,
谈谈你的做法,
大部分都像楼主所说的那样,只不过我的telnet localhost 25后虽然出现:
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
但是认证后总是提示“535 5.7.0 authentication failed”。后来查看日志文件发现提示“May 24 16:11:42 DGIT01 saslauthd[1546]: do_auth : auth failure: [user=zj ] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]”
于是我在/etc/pam.d/目录下参照其它文件建立一个“smtp”文件(postfix的是smtp.postfix),内容如下:
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
上面几行是什么意思,可以参考PAM 方面的文档,从此认证成功。
关于有些人说在outlook Express或Foxmail 中不管是否选择Smtp 认证Sendmail都reply 邮件。我的做法是在Access文件中设置不转发任何邮件,所以里面只有如下内容:
localhost RELAY
127.0.0.1 RELAY
这样除非在服务器端,不通过认证是不会Reply 邮件的。
跟楼主不同的地方是,我的Sendmail.mc文件中只有设置:
DAEMON_OPTIONS(`Port=25,Addr=0.0.0.0,Name=MTA')我没有添加
“[color=red]DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')[/color]”这一句,我加了dnl注释掉了。
经过我测试,不论是否有DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')这一句对Smtp 认证都没影响,加了以后再将端口改成587或25也没影响。关于这一句配置文件中有如下解释:
The following causes sendmail to additionally listen to port 587 for
mail from MUAs that authenticate. Roaming users who can't reach their
preferred sendmail daemon due to port 25 being blocked or redirected find
this useful.
不过我的是Fedora 1.
wujack 回复于:2004-06-02 09:50:14
hk007大侠啊,还是不行,foxmail不用认证一样可以发,??????
birdielu 回复于:2004-06-02 10:26:10
我的认证按照上面的做法,还是没有呀!为什么?
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 test.com ESMTP Sendmail 8.12.8/8.12.8; Wed, 2 Jun 2004 10:25:24 +0800
ehlo test
250-test.com Hello ljf [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
quit
221 2.0.0 test.com closing connection
快点帮帮忙吧?
birdielu 回复于:2004-06-02 10:26:10
我的认证按照上面的做法,还是没有呀!为什么?
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 test.com ESMTP Sendmail 8.12.8/8.12.8; Wed, 2 Jun 2004 10:25:24 +0800
ehlo test
250-test.com Hello ljf [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
quit
221 2.0.0 test.com closing connection
快点帮帮忙吧?
wujack 回复于:2004-06-02 16:05:27
大哥大,大哥大大?请问你们在foxmail里也必须通过认证才能发么?我杂个只能在outlook中起效啊?????帮帮我啊,疯了!
hk007 回复于:2004-06-02 17:31:33
我的那个配置同事在Foxmail上已经试过了,没有问题啊。
wujack 回复于:2004-06-03 08:59:21
你在foxmail里没有保存密码吧?如果保存了,就绝对不用验证了~~~~~
shj0308 回复于:2004-06-09 12:18:25
第一行是手动添加的,与认证无关,作用是启动多个邮件队列,为了获得更好的传输性能。 我就是按照你们说的做的,但是我的邮件为什么不能到我所设的q1 q2 q3 q4 q5 q6.......里边去呢,请哥哥姐姐们多多指教,小弟感激不尽,要不我就疯了。谢谢各位大侠,我的邮件地址是suhaijun@egoldtime.com谢谢了:em16:
xingzm 回复于:2004-07-22 18:02:48
好 真详细
join-2008 回复于:2004-07-23 19:22:02
可我还是没有弄好呀!
saman 回复于:2004-07-26 18:19:23
按楼主说的配置后pop3服务已经启动了
tcp 0 0 *:pop3 *:* LISTEN
但是无法telnet到25端口
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
估计什么原因?
[color=red]这个问题已经解决了,忘了更改DAEMON_OPTIONS(`Port=25, Name=MSA,M=E')dnl。:)[/color]
saman 回复于:2004-07-26 21:10:37
的确存在在foxmail里不需要验证的情况。但是在mailog里却看到已经验证了Jul 26 21:07:42 test sendmail[5012]: AUTH=server, relay=[192.168.20.74], authid=saman, mech=LOGIN, bits=0。我遇到的问题是telnet 127.0.0.1 25看不到楼主说的哪些内容,但是在outlook里一样需要验证。如果不验证就提示Relaying denied. IP name lookup failed[192.168.20.74]。
saman 回复于:2004-07-26 21:19:09
引用:原帖由 "wujack"]你在foxmail里没有保存密码吧?如果保存了,就绝对不用验证了~~~~~
发表:
不是保存密码的问题。没有保存密码的情况下,无论是否需要验证都提示输入esmtp验证密码
nnhlx 回复于:2004-07-27 14:19:10
我完全是按照所说的来配置的,但是不行的,telnet 25端口时总是出现
Connection refused,看看/var/log/maillog,有这么一句话:
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
还有每次启动sendmail时总会出现这么一段话:
Starting sendmail:make: ***Warning: File 'sendmail.cf' has modification time in the future (2004-07-27 07:53:56 >; 2004-07-27
03:09:39.029378)
make:warning: Clock skew detected. Your build may be incomplete.
看看/var/log/maillog,有这么几句话:
sendmail[8231]:alias database /etc/aliases rebuilt by root
sendmail[8231]:/etc/aliases:63 aliases,longest 10 bytes,625 bytes total
sendmail[8242]:starting daemon (8.12.8):SMTP+queueing@01:00:
00
sm-msp-queue[8252]:starting daemon (8.12.8):queueing@01:00:
00
各位帮帮我,老板都过问了几次了,郁闷... :cry:
saman 回复于:2004-07-27 22:12:10
[color=red]每次启动sendmail时总会出现这么一段话:
Starting sendmail:make: ***Warning: File 'sendmail.cf' has modification time in the future (2004-07-27 07:53:56 >; 2004-07-27
03:09:39.029378)
make:warning: Clock skew detected. Your build may be incomplete[/color]出现这个错误的原因是sendmail.cf的创建时间比当前系统时间较快,由于要生成新的sendmail.cf,所以会出现错误提示。更改一下sendmail.cf的时间就应该没问题了。
nnhlx 回复于:2004-07-28 14:12:23
sendmail.cf 的时间怎么修改
saman 回复于:2004-07-28 14:57:00
cd /etc/mail
touch *
skynet 回复于:2004-07-29 18:23:20
支持!!!加个WEBMAIL就更好些。
lling 回复于:2004-08-02 14:18:38
首先谢谢楼主,我照你说的配的.telnet localhost 25 已经成功 pop3也成功.
但是windows端的outlook
192.168.10.91
192.168.10.91
root@linux
password //登录密码
为什么它让我频繁确认密码
lling 回复于:2004-08-02 14:39:17
我重新建了一个用户
成功了
为什么呀
saman 回复于:2004-08-02 21:43:23
不允许使用root帐号登陆
zhutan73625 回复于:2004-08-03 18:24:19
我按楼主所说在RH9下用sendmail做了一个mail服务器,系统启动了SMTP、POP3等服务,在报务器上可以telnet 25 ,110 服务,但在局域网其它机器上只能telnet 25而110则不行。反应在OUTLOOK中设置后只能发邮件,不能收邮件。
someday 回复于:2004-11-17 13:12:21
这样做会不会收到好多垃圾MAIL啊??
yxg0512 回复于:2004-12-25 21:50:01
小弟是在AS3U3的系统里,跟楼主007配置环境一样,出现的问题如下:
首先,认证通不过。telnet服务器的25,110均成功,但在Outlook中设置服务器要求身份验证的话,发邮件时,一直弹出来让输入用户名密码,都已输过且记住了;若不选服务器要求身份验证,提示服务器拒绝发件人地址。请问是何原因呢?
非常感谢大侠的指点!
arbor 回复于:2005-01-19 15:45:43
引用:原帖由 "yxg0512" 发表:
小弟是在AS3U3的系统里,跟楼主007配置环境一样,出现的问题如下:
首先,认证通不过。telnet服务器的25,110均成功,但在Outlook中设置服务器要求身份验证的话,发邮件时,一直弹出来让输入用户名密码,都已输过且..........
我弄了一个做测试的,也有这个问题,估计出在认证方面,晚上再看看。不加认证发信可以的,加了认证反而发不出去,反复提示输入用户名和密码。
yxg0512 回复于:2005-01-26 16:40:35
引用:原帖由 "arbor" 发表:
我弄了一个做测试的,也有这个问题,估计出在认证方面,晚上再看看。不加认证发信可以的,加了认证反而发不出去,反复提示输入用户名和密码。
兄弟 你的问题解决了没有? 我的还是不行哪
gqin 回复于:2005-01-28 18:51:23
((define(QUEUE_DIR, `/var/spool/mqueue/q*')
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
在这种配置下,邮件服务器仅在收发双方都是本地用户的时候才不强制进行身份认证,其他情况的时候都要进行认证.))
这些话是楼主说的,我按您的方法试过了。我的邮件服务器收发邮件,都没有问题,不过还是有些不尽人意的地方,请楼主赐教!!!
(1)我用公司的一个本地用户向163.com(我自已在163.com中的私人邮箱)发了一封信,<<这样,收信人就不是本地用户了>>可是邮件服务器根本就没有进行认证,邮件就发出去了。
不知为何,请楼主赐教!!!
(2)我把outlook加上(我的邮件服件器需要认证)这样信却发不出去了
总是停在那儿,我的密码是正确的,也发不了信,就停在那儿让我输入密码
我把outlook取消(我的邮件服件器需要认证)就好了。信就发出去了。
不知这个问题如何解决,请楼主赐教!!!
(3)按照smtp认证的说法,就是说有了smtp认证功能以后 /etc/mail/access中是的数据就可以清空了
(只留127.0.0.1 RELAY 这一行)
然后运行
makemap hash /etc/mail/access.db</etc/mail/access
这样就可以在用户通过验证的情况下,发邮件到任何地方了。
可是我将/etc/mail/access中是的数据清空了
(只留127.0.0.1 RELAY 这一行)
然后运行
makemap hash /etc/mail/access.db</etc/mail/access
我再发邮件到外网,邮件服务器就拒绝了,说是收信人地址被拒绝,邮箱无效。
不知这个问题怎么解决,就楼主赐教!!!
(4)我用telnet xxxx 25
ehlo xxx
mail from : xx@xxx.com
rcpt to : yy@xxx.com
data
SUBJECT:test
xxxx
.
这样还是可以伪造一封邮件,而且根本不需要认证。
不知这个问题如何解决,请楼主赐教!!!
愿楼主您和您的家人,幸福快乐!!!
lovegqin 回复于:2005-01-28 18:57:34
((define(QUEUE_DIR, `/var/spool/mqueue/q*')
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
在这种配置下,邮件服务器仅在收发双方都是本地用户的时候才不强制进行身份认证,其他情况的时候都要进行认证.))
这些话是楼主说的,我按您的方法试过了。我的邮件服务器收发邮件,都没有问题,不过还是有些不尽人意的地方,请楼主赐教!!!
(1)我用公司的一个本地用户向163.com(我自已在163.com中的私人邮箱)发了一封信,<<这样,收信人就不是本地用户了>>可是邮件服务器根本就没有进行认证,邮件就发出去了。
不知为何,请楼主赐教!!!
(2)我把outlook加上(我的邮件服件器需要认证)这样信却发不出去了
总是停在那儿,我的密码是正确的,也发不了信,就停在那儿让我输入密码
我把outlook取消(我的邮件服件器需要认证)就好了。信就发出去了。
不知这个问题如何解决,请楼主赐教!!!
(3)按照smtp认证的说法,就是说有了smtp认证功能以后 /etc/mail/access中是的数据就可以清空了
(只留127.0.0.1 RELAY 这一行)
然后运行
makemap hash /etc/mail/access.db</etc/mail/access
这样就可以在用户通过验证的情况下,发邮件到任何地方了。
可是我将/etc/mail/access中是的数据清空了
(只留127.0.0.1 RELAY 这一行)
然后运行
makemap hash /etc/mail/access.db</etc/mail/access
我再发邮件到外网,邮件服务器就拒绝了,说是收信人地址被拒绝,邮箱无效。
不知这个问题怎么解决,就楼主赐教!!!
(4)我用telnet xxxx 25
ehlo xxx
mail from : xx@xxx.com
rcpt to : yy@xxx.com
data
SUBJECT:test
xxxx
.
这样还是可以伪造一封邮件,而且根本不需要认证。
不知这个问题如何解决,请楼主赐教!!!
愿楼主您和您的家人,幸福快乐!!!
gqin 回复于:2005-01-28 18:59:20
qq
硬纸卡片 回复于:2005-03-14 17:34:00
收信人就不是本地用户,
=============
认证和收信人无关吧,只和发信人有点点关系.
我用telnet xxxx 25
ehlo xxx
mail from : xx@xxx.com
rcpt to : yy@xxx.com
data
SUBJECT:test
xxxx
.
============
你是在内网伪造的吧?到外网伪造试试.
估计出在认证方面,晚上再看看。不加认证发信可以的,加了认证反而发不出去,反复提示输入用户名和密码。
=============
估计是outlook这个软件的问题,换台pc或者重装系统未必有这问题.
網中人 回复于:2005-03-14 20:41:06
to whom has problem with auth-smtp:
the following comments is tending to simpify the steps:
A: if you are using rh9.0, just do these:
1) mofify /etc/mail/sendmail.mc and just for thoes three lines:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
2) regenerate sendmail.cf by runing:
m4 /etc/mail/sendmail.mc >; /etc/mail/sendmail.cf
service sendmail restart
then you shoud be able to enjoy the auth-smtp now.
B. if you are using Fedora Core 1, make following steps extra:
3) service sendmail stop
4) service saslauthd start
chkconfig saslauthd on
5) cp /etc/pam.d/smtp.postfix /etc/pam.d/smtp
6) service sendmail start
good luck everybody!
lihn 回复于:2005-03-16 16:10:50
怎么能让sendmail使用非系统帐号呢?如使用mysql数据库
abel 回复于:2005-03-17 00:07:34
http://bbs.chinaunix.net/forum/viewtopic.php?show_type=old&t=411834&highlight=abel
我們單位就是這樣做的,重點不在 sendmail
而是在 pam/nss
zhuanghui952 回复于:2005-03-17 15:37:01
我按照上面的方法,没一步都比较顺利,可到
"6. 可以通过telnet 本机IP 25来验证sendmail服务是否已经正常启动,若登陆成功,则说明sendmail服务已经成功启动。
# telnet localhost 25 "时却显示不成功,请高手指点.
硬纸卡片 回复于:2005-03-18 10:34:30
按楼主的手法,应该是用rh9自带的吧。据说这个版本老丢信。
scud 回复于:2005-10-15 16:14:59
别忘了启动saslauthd,缺省这个服务是没起的,可以用setup - >; service 设置
xy-coordinate 回复于:2006-03-01 16:05:06
[root@mail RPMS]# rpm -aq|grep cyrus-sasl
cyrus-sasl-gssapi-2.1.10-4
cyrus-sasl-md5-2.1.10-4
cyrus-sasl-2.1.10-4
cyrus-sasl-plain-2.1.10-4
cyrus-sasl-devel-2.1.10-4
[root@mail RPMS]# [color=Red]service saslauthd restart[/color]
停止 saslauthd: [ 确定 ]
启动 saslauthd: [ 确定 ]
[root@mail RPMS]# service sendmail restart
关闭 sendmail: [ 确定 ]
关闭 sm-client: [失败]
[color=Red]启动 sendmail:554 5.0.0 /etc/mail/sendmail.cf: line 39: unknown configuration line " "
Warning: Option: AuthMechanisms requires SASL support (-DSASL)
Warning: Option: AuthOptions requires SASL support (-DSASL)
[失败][/color]
启动 sm-client: [ 确定 ]
修改/etc/mail/sendmail.mc文件中的
[color=Red]dnl[/color] TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
[color=Red]dnl[/color] define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
删除行前的dnl!
没有修改以前我的sendmail收发正常!!!
为什么修改之后报错了!!!
是由于启动service saslauthd restart不对吗???
[ 本帖最后由 xy-coordinate 于 2006-3-2 09:14 编辑 ]
xy-coordinate 回复于:2006-03-02 09:07:49
不好意思!
是由于将senmail.mc中的那两行的dnl删除后,没有继续把dnl后的空格删除!
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
我看到参考资料:
当配置好了的带SMTP认证的sendmail服务器,可以只使用SMTP认证的限制,即可以将access文件清空并重新生成access.db。
我按照上述介绍,重新生成access.db,并且service sendmail restart
但是,使用foxmail软件时不使用认证还是可以收发邮件!
DG、DJ,help me!!!
[ 本帖最后由 xy-coordinate 于 2006-3-2 09:16 编辑 ]
網中人 回复于:2006-03-02 15:48:41
那, 你要不要在 access 情況的情況下,
再修改 sendmail.mc, 加回 "dnl ", 再產生 sendmail.cf 并 restart sendmail ?
若這樣還是 okay, 那基本與 smtp-auth 無啥關係了.
xy-coordinate 回复于:2006-03-02 17:06:47
引用:原帖由 網中人 于 2006-3-2 15:48 发表
那, 你要不要在 access 情況的情況下,
再修改 sendmail.mc, 加回 "dnl ", 再產生 sendmail.cf 并 restart sendmail ?
若這樣還是 okay, 那基本與 smtp-auth 無啥關係了.
SMTP没有添加认证的配置文件/etc/mail/sendmail.mc:
引用: 1divert(-1)dnl
2 dnl #
3 dnl # This is the sendmail macro config file for m4. If you make changes to
4 dnl # /etc/mail/sendmail.mc, you will need to regenerate the
5 dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
6 dnl # installed and then performing a
7 dnl #
8 dnl # make -C /etc/mail
9 dnl #
10 include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
11 VERSIONID(`setup for Red Hat Linux')dnl
12 OSTYPE(`linux')dnl
13 dnl #
14 dnl # Uncomment and edit the following line if your outgoing mail needs to
15 dnl # be sent out through an external mail server:
16 dnl #
17 dnl define(`SMART_HOST',`smtp.your.provider')
18 dnl #
19 define(`confDEF_USER_ID',``8:12'')dnl
20 define(`confTRUSTED_USER', `smmsp')dnl
21 dnl define(`confAUTO_REBUILD')dnl
22 define(`confTO_CONNECT', `1m')dnl
23 define(`confTRY_NULL_MX_LIST',true)dnl
24 define(`confDONT_PROBE_INTERFACES',true)dnl
25 define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
26 define(`ALIAS_FILE', `/etc/aliases')dnl
27 dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
28 define(`UUCP_MAILER_MAX', `2000000')dnl
29 define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
30 define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
31 define(`confAUTH_OPTIONS', `A')dnl
32 dnl #
33 dnl # The following allows relaying if the user authenticates, and disallows
34 dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
35 dnl #
36 dnl define(`confAUTH_OPTIONS', `A p')dnl
37 dnl #
38 dnl # PLAIN is the preferred plaintext authentication method and used by
39 dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
40 dnl # use LOGIN. Other mechanisms should be used if the connection is not
41 dnl # guaranteed secure.
42 dnl #
[color=Red] 43 dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
44 dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl[/color]
45 dnl #
46 dnl # Rudimentary information on creating certificates for sendmail TLS:
47 dnl # make -C /usr/share/ssl/certs usage
48 dnl #
49 dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
50 dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
51 dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
52 dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
53 dnl #
54 dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
55 dnl # slapd, which requires the file to be readble by group ldap
56 dnl #
57 dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
58 dnl #
59 dnl define(`confTO_QUEUEWARN', `4h')dnl
60 dnl define(`confTO_QUEUERETURN', `5d')dnl
61 dnl define(`confQUEUE_LA', `12')dnl
62 dnl define(`confREFUSE_LA', `18')dnl
63 define(`confTO_IDENT', `0')dnl
64 dnl FEATURE(delay_checks)dnl
65 FEATURE(`no_default_msa',`dnl')dnl
66 FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
67 FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
68 FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
69 FEATURE(redirect)dnl
70 FEATURE(always_add_domain)dnl
71 FEATURE(use_cw_file)dnl
72 FEATURE(use_ct_file)dnl
73 dnl #
74 dnl # The -t option will retry delivery if e.g. the user runs over his quota.
75 dnl #
76 FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
77 FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
78 FEATURE(`blacklist_recipients')dnl
79 EXPOSED_USER(`root')dnl
80 dnl #
81 dnl # The following causes sendmail to only listen on the IPv4 loopback address
82 dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
83 dnl # address restriction to accept email from the internet or intranet.
84 dnl #
85 DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl 注释掉了行首的[color=Red]dnl[/color]
86 dnl #
87 dnl # The following causes sendmail to additionally listen to port 587 for
88 dnl # mail from MUAs that authenticate. Roaming users who can't reach their
89 dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
90 dnl # this useful.
91 dnl #
92 dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
93 DAEMON_OPTIONS(`Port=25,Name=MTA')dnl 添加的行
94 DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl 添加的行
95 dnl #
96 dnl # The following causes sendmail to additionally listen to port 465, but
97 dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
98 dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
99 dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
100 dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
101 dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
102 dnl #
103 dnl # For this to work your OpenSSL certificates must be configured.
104 dnl #
105 dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
106 dnl #
107 dnl # The following causes sendmail to additionally listen on the IPv6 loopback
108 dnl # device. Remove the loopback address restriction listen to the network.
109 dnl #
110 dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
111 dnl # a kernel patch
112 dnl #
113 dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
114 dnl #
115 dnl # We strongly recommend not accepting unresolvable domains if you want to
116 dnl # protect yourself from spam. However, the laptop and users on computers
117 dnl # that do not have 24x7 DNS do need this.
118 dnl #
119 FEATURE(`accept_unresolvable_domains')dnl
120 dnl #
121 dnl FEATURE(`relay_based_on_MX')dnl
122 dnl #
123 dnl # Also accept email sent to "localhost.localdomain" as local email.
124 dnl #
125 LOCAL_DOMAIN(`localhost.localdomain')dnl
126 dnl #
127 dnl # The following example makes mail from this host and any additional
128 dnl # specified domains appear to be sent from mydomain.com
129 dnl #
130 dnl MASQUERADE_AS(`mydomain.com')dnl
131 dnl #
132 dnl # masquerade not just the headers, but the envelope as well
133 dnl #
134 dnl FEATURE(masquerade_envelope)dnl
135 dnl #
136 dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
137 dnl #
138 dnl FEATURE(masquerade_entire_domain)dnl
139 dnl #
140 dnl MASQUERADE_DOMAIN(localhost)dnl
141 dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
142 dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
143 dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
144 MAILER(smtp)dnl
145 MAILER(procmail)dnl
局域网:
DNS:cdfun.net——192.168.0.67(OS:rh9)
sendmail:mail.cdfun.net——192.168.0.68(vmware虚拟,母机:winxp,OS:rh9)
winxp:192.168.0.167(OS:winxp)
在winxp上使用foxmail、outlook express软件收发邮件(sendmail上的2个用户之间)正常,见图foxmail.JPG
如果再修改/etc/mail/access文件,如添加行
cdfun.net
192.168.0
然后
# makemap hash access.db <access
从sendmail的用户x,可以发送邮件到我的126邮箱([email]xy_coordinate@126.com[/email])
[color=Red][size=3]现在我打算增加SMTP的认证,方法如下:[/size][/color]
1。去掉/etc/mail/sendmail.mc2行行首的dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
2。重新生成sendmail.cf
# cd /etc/mail
# m4 sendmail.mc >sendmail.cf
3。/etc/mail/access没有添加行
在winxp上的foxmail,outlook express上,如果帐户添加“SMTP认证”,连sendmail上的2个用户都不能收发邮件,更不能往126邮箱发了!报错(如图smtp-auth-1.JPG)
去掉帐户的“SMTP认证”,sendmail上的2个用户就能能收发邮件!?
[ 本帖最后由 xy-coordinate 于 2006-3-2 17:10 编辑 ]
網中人 回复于:2006-03-03 02:25:29
saslauthd 有工作正常?
PAM 也 okay?
xy-coordinate 回复于:2006-03-05 09:27:01
根据hk007 楼主所讲,将sendmail.mc中
DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
改为
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
一。foxmail软件:
1。没有选择“SMTP认证”,[color=Red]可以发邮件[/color]
引用:Mar 5 09:06:07 mail sendmail[1896]: k25166AE001896: ruleset=check_rcpt, arg1=<[email]xy_coordinate@126.com[/email]>, relay=winxp.cdfun.net [192.168.0.167], reject=550 5.7.1 <[email]xy_coordinate@126.com[/email]>... [color=Red]Relaying denied. Proper authentication required.[/color]
Mar 5 09:06:07 mail sendmail[1896]: k25166AE001896: lost input channel from winxp.cdfun.net [192.168.0.167] to MSA after rcpt
Mar 5 09:06:07 mail sendmail[1896]: k25166AE001896: from=<[email]xjy@mail.cdfun.net[/email]>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]
Mar 5 09:06:08 mail sendmail[1897]: AUTH=server, relay=winxp.cdfun.net [192.168.0.167], authid=xjy, mech=LOGIN, bits=0
Mar 5 09:06:10 mail sendmail[1897]: k25168AE001897: from=<[email]xjy@mail.cdfun.net[/email]>, size=419, class=0, nrcpts=1, msgid=<[email]200603050106.k25168AE001897@mail.cdfun.net[/email]>, proto=ESMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]
Mar 5 09:06:11 mail sendmail[1899]: k25168AE001897: to=<[email]xy_coordinate@126.com[/email]>, ctladdr=<[email]xjy@mail.cdfun.net[/email]> (500/500), delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=30255, relay=mx.mail.126.com. [220.181.15.131], dsn=2.0.0, stat=Sent (Mail OK queued as mx1,wKgCUA6APkJUOQpEjoU1Bg==.32976S2)
2。选择“SMTP认证”,可以发邮件
引用:Mar 5 09:06:21 mail sendmail[1900]: AUTH=server, relay=winxp.cdfun.net [192.168.0.167], authid=yinyan, mech=LOGIN, bits=0
Mar 5 09:06:21 mail sendmail[1900]: k2516LAE001900: from=<[email]yinyan@mail.cdfun.net[/email]>, size=426, class=0, nrcpts=1, msgid=<[email]200603050106.k2516LAE001900@mail.cdfun.net[/email]>, proto=ESMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]
Mar 5 09:06:22 mail sendmail[1902]: k2516LAE001900: to=<[email]xy_coordinate@126.com[/email]>, ctladdr=<[email]yinyan@mail.cdfun.net[/email]> (501/501), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30258, relay=mx.mail.126.com. [220.181.15.133], dsn=2.0.0, stat=Sent (Mail OK queued as mx3,wKgCUh1AWUBjOQpE+H8KBg==.33974S2)
二。outlook express软件
1。没有选择“SMTP认证”,不可以发邮件
引用:Mar 5 09:15:51 mail sendmail[2051]: k251FpKI002051: ruleset=check_rcpt, arg1=<[email]xy_coordinate@126.com[/email]>, relay=winxp.cdfun.net [192.168.0.167], reject=550 5.7.1 <[email]xy_coordinate@126.com[/email]>... [color=Red]Relaying denied. Proper authentication required.[/color]
Mar 5 09:15:51 mail sendmail[2051]: k251FpKI002051: from=<[email]xjy@mail.cdfun.net[/email]>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]
2。选择“SMTP认证”,可以发邮件
引用:Mar 5 09:35:09 mail sendmail[2058]: AUTH=server, relay=winxp.cdfun.net [192.168.0.167], authid=xjy, mech=LOGIN, bits=0
Mar 5 09:35:09 mail sendmail[2058]: k251Z8KI002058: from=<[email]xjy@mail.cdfun.net[/email]>, size=1185, class=0, nrcpts=1, msgid=<004301c63ff4$edae21a0$a710a8c0@xjy>, proto=ESMTP, daemon=MSA, relay=winxp.cdfun.net [192.168.0.167]
Mar 5 09:35:10 mail sendmail[2060]: k251Z8KI002058: to=<[email]xy_coordinate@126.com[/email]>, ctladdr=<[email]xjy@mail.cdfun.net[/email]> (500/500), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30426, relay=mx.mail.126.com. [220.181.15.133], dsn=2.0.0, stat=Sent (Mail OK queued as mx3,wKgCUguAt0AjQApEATseBg==.7006S2)
[ 本帖最后由 xy-coordinate 于 2006-3-5 09:36 编辑 ]
tyj 回复于:2006-03-27 16:08:39
老大,为什么我的sendmail只能发(包括给别的邮箱都可以),但是就是不能收到别的邮箱发来的邮件,而只能收到自己邮箱发来的邮件!请老大指教!
freemanxp2005 回复于:2006-05-16 14:24:19
dns配置错误
wzls3146 回复于:2006-08-22 13:31:50
我想问一下,我的sendmail按照上边的都配好了,能收,也能发,
但发邮件还是有点问题,通过修改/etc/mail/access文件,
abc.com RELAY
192.168.0.180 RELAY
202.165.XX.133 RELAY
211.XXX.128.183 RELAY
219.224.56.XXX RELAY
貌似我只有
202.165.XX.133 RELAY
211.XXX.128.183 RELAY
219.224.56.XXX RELAY
这三个能发邮件,问各位大虾我要在哪都能发怎么配置呢,难不成在哪发就把那的IP段RELAY吗?
请各位大虾帮帮忙。谢谢:em10:
define(QUEUE_DIR, `/var/spool/mqueue/q*')
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
我已经添加了SMTP认证啊~~(为什么/etc/mail/access还起作用呢~~~~)
[ 本帖最后由 wzls3146 于 2006-8-24 10:39 编辑 ]
supecn 回复于:2006-10-22 13:52:39
Mark
jzcqx 回复于:2007-05-21 16:43:32
引用:原帖由 hk007 于 2004-6-1 17:58 发表
不好意思,原来我的配置还没有经过严格的测试,现在已经改了,其中的一句DAEMON_OPTIONS(`Port=25, Name=MSA, M=Ea')dnl
应该为:
DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
把M=Ea去掉,这样应用的是默认规则 ...
有什么办法,可以强制认证,不管理发送者与接收者是否有一方是本地用户
angelsss 回复于:2007-05-28 17:22:26
引用:原帖由 jzcqx 于 2007-5-21 16:43 发表
有什么办法,可以强制认证,不管理发送者与接收者是否有一方是本地用户
现在都用AS 4或FC4了,sendmail版本也升级倒了新版本,并且里面有放DDOS攻击部分功能
也有负载选项
好像前面人作者都不用access ,localhost ,sendmail.cf 的
偶也把测试过正常使用必须验证的配置发给你看下,也许有不对之处 共享sendmail.mc
1、TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
2.define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
3、DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
4、DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
5、dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
1。2打开验证功能用 3,4 告诉监听端口,根据mc注视应该是25端口拥塞或被防火墙关闭时用587继续发送
access--允许转发的控制文件:如果多个外域,都要加进去,否则FOXMAIL中邮件服务器地址mail.外域就不能发送了,
local-host-name --允许接受的控制文件; 同上,多域都要加进去,否则无法接受邮件
sendmail.cf --一些更细的控制,找到MAX。。。控制行选项,可以控制最大附件大小和同时转发人数==
注意重启,每个方法都不一样,有的restart,有的 make *.db <access, ==
注意,要开启saslauthd 验证,采用的是/etc/passwd密码,
配置小型用sendmail还是蛮好的,当然postfix更好,反垃圾过滤强,若是大型邮件服务器,个人觉得还是qmail好,插件多,功能强,
|
