标签 ‘Sendmail’ 归档文章

为 Postfix 配置接收多域名邮件

参考: http://davidsj.co.uk/blog/setup-virtual-domains-in-postfix-without-a-database/

  1. 创建用户,并修改为指定的 uid, gid
    # useradd -m vmail
    # usermod -u 5000 vmail

    # groupmod -g 5000 vmail

  2. 修改 /etc/postfix/main.cf

添加如下行:

virtual_mailbox_domains = /etc/postfix/vhosts.txt
# virtual_mailbox_domains = example1.com, example2.com, example3.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmaps.txt
virtual_uid_maps = static:5000 
virtual_gid_maps = static:5000 
virtual_alias_maps = hash:/etc/postfix/valias.txt
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:115
virtual_gid_maps = static:115
virtual_alias_maps = hash:/etc/postfix/virtual
vhosts.txt 文件内容为域名列表,每行一个邮件域名
vmaps.txt 文件内容为映射列表,例如:
joe@domain1.internal domain1.internal/joe/
pete@domain2.internal domain2.internal/pete/

可以设置一个全局抓取的地址,使所有那个域名下的邮件都被接收到指定的邮件夹下。
@domain1.internal domain1.internal/catchall/
valias.txt 和 vmaps.txt 类似, 但是可以设置转发到多个目的地,例如:
tom@domain1.internal joe@domain1.internal, pete@domain2.internal
修改完以上文件后,都要对对应的文件做 postmap,以生成对应的 Berkeley DB 文件。 
postmap /etc/postfix/vmaps.txt
postmap /etc/postfix/valias.txt

重启 postfix 后,即可生效。 

配置 Postfix 能从公网接收邮件

修改侦听端口,使能从互联网上接收邮件:

修改 /etc/postfix/main.cf

inet_interfaces = all

然后重启 postfix.

 

 

Configuring TLS for Sendmail (STARTTLS)

Very Good Articled: From:

http://www.netguy.org/wordpress/?p=299

Getting this to work took quite some time – mostly because the articles I have found on the subject are wrong or contain errors making them useless. Is that deliberate? It almost felt that way!

The basic structure isn’t difficult, but it is critical to get the right files in the right places. These instructions have been ripped from a number of different web sites, but have been fixed so they actually work!

The system in question is RedHat 5.6 with Sendmail 8.13.8. I also did this on CentOS 6.2 x64 with Sendmail 8.14.4 in testing. I am assuming a functioning Sendmail system.

1. Install openssl-perl:
yum -y install openssl-perl

2. You need to edit the CA.pl file. This was a common area of errors since the instructions for the edit were WRONG. Rather than screwing around with diff files, you just need to make the following changes (copying the existing /etc/pki/tls/misc/CA.pl to /etc/pki/tls/misc/CA1.pl)

Now edit CA1.pl and find:
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
and make it
system ("$REQ -new -x509 -nodes -keyout newkey.pem -out newcert.pem $DAYS");

then find
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
and make it
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");

I also changed the $CADAYS variable to ’3650′ (10 years). YMMV

3. Create the Certificate Authority (CA)
./CA1.pl -newca
DO NOT ENTER A FILE NAME! Answer the questions as appropriate, but don’t use any ‘extra’ information.

4. Now create your request
./CA1.pl -newreq
Answer the questions as appropriate, and again, don’t give any ‘extra’ info.

5. Now ‘sign’ the Certificate Request with the CA you created earlier
./CA1.pl -sign

For some reason, no matter what I enter for the $DAYS variable, the cert is only ever good for one year. I have tried many variations and commands, but have not been able to get by this. The CA is still good fro 10 years.

6. Create a certificates directory
mkdir /etc/mail/certs

7. Copy the relevant files to the certs directory (This is another place I have found errors in other documentation)
cp /etc/pki/CA/cacert.pem /etc/mail/certs/CAcert.pem
cp /etc/pki/tls/misc/newkey.pem /etc/mail/certs/MYkey.pem
cp /etc/pki/tls/misc/newcert.pem /etc/mail/certs/MYcert.pem

8. Sendmail is very picky about permissions, so set them on the certs folder and files
chmod -R 600 /etc/mail/certs

9. Edit your sendmail.mc file to include the following:
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/CAcert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/MYcert.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/MYkey.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/MYcert.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/MYkey.pem')dnl

Then recompile your sendmail.cf

10. If you are using the packages this shouldn’t be a problem, but you may also check to make sure STARTTLS is compiled into Sendmail. Run this:
sendmail -bt -d0.8 < /dev/null

And look for this:

Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT

11. Send a HUP to Sendmail:
kill -HUP `head -1 /var/run/sendmail.pid`

If everything is correct, you may not see anything in the logs. But if you:
telnet localhost 25

and issue a proper ‘EHLO’, you should see this:

250-STARTTLS

The purpose of this document is to fix syntax errors is other documents I have found. The resulting errors are just to vague to get any real help. Hopefully this will help others avoid the hours of searching I had to go through!

sendmail 的 clientmqueue 和 mqueue 目录

这篇文章很清楚的描述了这两个目录的区别,实际上 MSP 是由 submit.cf 文件来控制的,当邮件送到外部邮箱 user@yahoo.com 的时候,我们可以不启动本地的 sendmail 服务,系统会直接和收件人的 MX 服务器的 25 端口协商。但是如果我们发送邮件到本地帐号例如 root 或者 userabc 的时候,如果本地的 sendmail 没有启动的话,邮件就堆积在 clientmqueue 里,一旦启动 sendmail 则会把它们发送到 mqueue 里,然后发送到 local account 的邮件会写入 /var/mail/userabc 的邮件文件里,当 userabc 登录系统的时候,会看到 “You have new mail”? 的提示。

用户可以自己 touch $HOME/.forward 文件把本地文件转发到自己外部的邮箱,系统管理员也可以通过修改 aliases 文件,来重定向本地用户的邮件。

(更多…)

Enhanced Mail System Status Codes

Email Hack
Image by Ross Mayfield via Flickr

用低成本的办法建设一个稳健的,高效的邮件系统应该是每个系统管理员的梦想。现实中太多企业的 IT 人员喜欢采用商业的解决方案了。 在调试反垃圾系统的过程中,再次温习 dsn(delivery status notifications) 的含义。

(更多…)

对邮件 Anti Spamming 系统的加强

SpamAssassin
Image via Wikipedia

最近收到的垃圾邮件还是比较多,检查了一下系统设置,做了这些修改。

(更多…)

Google+