rhel5之sendmail、dovecot配置
2009-03-31 23:09
288 查看
一、dns的配置:
我的配置如下所示:
[root@server2 named]# cat rhel5.com.cn.zone
$TTL 86400
@ IN SOA ns1.rhel5.com.cn. root (
2009032909 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.rhel5.com.cn.
IN MX 10 mail.rhel5.com.cn.
ns1 IN A 192.168.1.12
www IN A 192.168.1.12
mail IN A 192.168.1.12
ftp IN A 192.168.1.12
proxy IN A 192.168.1.12
[root@server2 named]# cat 192.168.1.zone
$TTL 86400
@ IN SOA ns1.rhel5.com. root (
2009032907 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.rhel5.com.
11 IN PTR ns1.rhel5.com.
IN PTR www.rhel5.com.
IN PTR mail.rhel5.com.
IN PTR ftp.rhel5.com.
IN PTR server1.rhel5.com.
IN PTR proxy.rhel5.com.
12 IN PTR ns1.rhel5.com.cn.
IN PTR server2.rhel5.com.
IN PTR www.rhel5.com.cn.
IN PTR mail.rhel5.com.cn.
IN PTR ftp.rhel5.com.cn.
IN PTR proxy.rhel5.com.cn.
13 IN PTR server3.rhel5.com.
二、sendmail相关软件包安装:
sendmail-8.13.8-2.el5.i386.rpm
sendmail-devel-8.13.8-2.el5.i386.rpm
sendmail-cf-8.13.8-2.el5.i386.rpm
sendmail-doc-8.13.8-2.el5.i386.rpm
m4-1.4.5-3.el5.1.i386.rpm
dovecot-1.0.7-7.el5.i386.rpm
建议用yum安装,可以自动解决依赖问题。
sendmail的配置文件主要存在与/etc/mail目录下:
[root@server2 mail]# ls
access domaintable.db mailertable sendmail.cf submit.cf trusted-users
access.db helpfile mailertable.db sendmail.mc submit.cf.bak virtusertable
domaintable local-host-names Makefile spamassassin submit.mc virtusertable.db
三个名词解释:
MUA:邮件用户代理(Mail User Agent)
MTA:邮件传输代理(Mail Transfer Agent)
MDA:邮件递送代理(Mail Delivery Agent)
三、配置sendmail:
主要步骤:
(1)配置sendmail.mc文件
[root@server2 mail]# vi sendmail.mc
设置SMTP的用户认证,找到以下两行,取消前面的注释,如下所示:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
找到下行,将smtp侦听范围127.0.0.1改为0.0.0.0
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
修改域,找到LOCAL_DOMAIN(`localhost.localdomain')dnl此行,将其改为LOCAL_DOMAIN(`rhel5.com.cn')dnl
(2)使用m4工具将sendmail.mc文件导入sendmail.cf文件
[root@server2 mail]# m4 sendmail.mc >sendmail.cf
(3)配置local-host-names文件
[root@server2 mail]# vi local-host-names
# local-host-names - include all aliases for your machine here.
rhel5.com.cn
mail.rhel5.com.cn
(4)建立用户帐号
[root@server2 mail]# for user in student1 student2;do useradd -g 500 -G student -d /home/$user -s /bin/bash $user;echo redhat|passwd --stdin $user;done;
useradd: user student1 exists
Changing password for user student1.
passwd: all authentication tokens updated successfully.
useradd: user student2 exists
Changing password for user student2.
passwd: all authentication tokens updated successfully.
[root@server2 mail]# ls /home/
student student1 student2
群发邮件设置:
编辑/etc/alias文件,aliases文件语法格式:
别名:真实名1,真实名2
student1: user1,user2
student2: user3,user4
使用newaliases命令生成aliases.db数据库文件:
[root@server2 mail]# newaliases
/etc/aliases: 78 aliases, longest 11 bytes, 803 bytes total
(5) 配置访问控制的access文件:
[root@server2 mail]# vi access
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.1 RELAY
生成access数据库文件:
[root@server2 mail]# makemap hash access.db <access
(6),配置dovecot:
默认情况下,/etc/dovecot.conf文件是不用修改的就可以使用。
(6)重新启动服务使配置生效
[root@server2 mail]# service saslauthd start
Starting saslauthd: [ OK ]
[root@server2 mail]# service dovecot start
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
检查是否成功启动:
[root@server2 mail]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3770/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::993 :::* LISTEN 3708/dovecot
tcp 0 0 :::995 :::* LISTEN 3708/dovecot
tcp 0 0 :::110 :::* LISTEN 3708/dovecot
tcp 0 0 :::143 :::* LISTEN 3708/dovecot
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
防火墙配置:
[root@server2 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m multiport --dport 25,110,143,993,995 -j ACCEPT
993对应的是imaps,995对应的是pop3s。这个在后面说。
windows上测试:
C:\>telnet mail.rhel5.com.cn 25
220 server2.rhel5.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 31 Mar 2009 22:12:16 +0
800
ehlo hello
250-server2.rhel5.com Hello xzxj [192.168.1.156], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
C:\>telnet mail.rhel5.com.cn 110
+OK Dovecot ready.
C:\>telnet mail.rhel5.com.cn 143
* OK Dovecot ready.
全部都测试成功。
(7) 配置基于ssl的sendmail.
首先配置dovecot的ssl加密:
进到/etc/pki/dovecot目录,修改下dovecot-openssl.cnf此文件,我修改后的文件如下:
[root@server2 dovecot]# vi dovecot-openssl.cnf
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
# country (2 letter code)
#C=CN
# State or Province Name (full name)
#ST=zhejiang
# Locality Name (eg. city)
#L=Hangzhou
# Organization (eg. company)
#O=xzxj
# Organizational Unit Name (eg. section)
OU=mail.rhel5.com.cn
# Common Name (*.example.com is also possible)
CN=rhel5
# E-mail contact
emailAddress=postmaster@mail.rhel5.com.cn
[ cert_type ]
nsCertType = server
在执行之前,将/etc/pki/dovecot目录下的所有dovecot.pem文件删除,然后进到/usr/share/doc/dovecot-1.0.7/examples目录里执行mkcert.sh脚本:
[root@server2 examples]# ./mkcert.sh
Generating a 1024 bit RSA private key
..................++++++
....++++++
writing new private key to '/etc/pki/dovecot/private/dovecot.pem'
-----
subject= /OU=mail.rhel5.com.cn/CN=rhel5/emailAddress=postmaster@mail.rhel5.com.cn
SHA1 Fingerprint=FB:42:D3:3A:D3:97:54:55:CB:4F:25:43:D3:02:AD:B5:D4:32:22:7D
完了后会在/etc/pki/dovecot目录下产生新的dovecot.pem文件。
接着修改/etc/dovecot.conf文件:
[root@server2 ~]# vi /etc/dovecot.conf
找到此行,将前面的注释符去掉:
protocols = imap imaps pop3 pop3s,接着加入下面内容,设置监听的地址以及端口号:
protocol imap {
listen = 192.168.1.12:143
ssl_listen = 192.168.1.12:993
}
protocol pop3 {
listen = 192.168.1.12:110
ssl_listen = 192.168.1.12:995
}
去掉ssl_disable = no前面的注释符,最后修改以下两行:
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
将前面的注释符去掉,dovecot.pem此文件之先创建过,这里不用修改了。
接着配置sendmail的ssl加密:
[root@server2 certs]# cd /etc/pki/tls/certs
[root@server2 certs]# make sendmail.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > sendmail.pem ; \
echo "" >> sendmail.pem ; \
cat $PEM2 >> sendmail.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
............................................++++++
....++++++
writing new private key to '/tmp/openssl.Ow4054'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:zhejiang
Locality Name (eg, city) [Newbury]:HZ
Organization Name (eg, company) [My Company Ltd]:xzxj
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:mail.rhel5.com.cn
Email Address []:admin@rhel5.com.cn
[root@server2 certs]# ls
ca-bundle.crt localhost.crt make-dummy-cert Makefile sendmail.pem
修改/etc/mail/sendmail.mc文件,找到以下四行,将其前面的注释符号去掉:
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
接着注释下行:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
去掉下行前面的dnl后为
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
[root@server2 mail]# m4 sendmail.mc >sendmail.cf
重启dovecot和sendmail,使配置生效!
[root@server2 mail]# service dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@server2 certs]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 4150/sendmail: acce
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
防火墙的配置:
基于ssl的sendmail使用的端口是465;
[root@server2 certs]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 465 -j ACCEPT
,到此基于ssl的邮件服务就完毕了。
(8) 测试
使用windows的outlook测试发信和收信。
日志信息如下所示:
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:12 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:13 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:58:32 server2 sendmail[4232]: STARTTLS=server, relay=xzxj [192.168.1.156], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Mar 31 22:58:32 server2 sendmail[4232]: AUTH=server, relay=xzxj [192.168.1.156], authid=student1, mech=LOGIN, bits=0
Mar 31 22:58:32 server2 sendmail[4232]: n2VEwWq3004232: from=<[email]student1@rhel5.com.cn[/email]>, size=1278, class=0, nrcpts=1, msgid=<88D5650C92C5466F87510EE8FB998C82@xzxj>, proto=ESMTP, daemon=TLSMTA, relay=xzxj [192.168.1.156]
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user4, ctladdr=<[email]student2@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user3, ctladdr=<[email]student2@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user2, ctladdr=<[email]student1@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user1, ctladdr=<[email]student1@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: n2VEwWq3004235: postmaster notify: User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004235: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32560, dsn=2.0.0, stat=Sent
发送成功了。
ok,也正常接收成功!
我的配置如下所示:
[root@server2 named]# cat rhel5.com.cn.zone
$TTL 86400
@ IN SOA ns1.rhel5.com.cn. root (
2009032909 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.rhel5.com.cn.
IN MX 10 mail.rhel5.com.cn.
ns1 IN A 192.168.1.12
www IN A 192.168.1.12
mail IN A 192.168.1.12
ftp IN A 192.168.1.12
proxy IN A 192.168.1.12
[root@server2 named]# cat 192.168.1.zone
$TTL 86400
@ IN SOA ns1.rhel5.com. root (
2009032907 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.rhel5.com.
11 IN PTR ns1.rhel5.com.
IN PTR www.rhel5.com.
IN PTR mail.rhel5.com.
IN PTR ftp.rhel5.com.
IN PTR server1.rhel5.com.
IN PTR proxy.rhel5.com.
12 IN PTR ns1.rhel5.com.cn.
IN PTR server2.rhel5.com.
IN PTR www.rhel5.com.cn.
IN PTR mail.rhel5.com.cn.
IN PTR ftp.rhel5.com.cn.
IN PTR proxy.rhel5.com.cn.
13 IN PTR server3.rhel5.com.
二、sendmail相关软件包安装:
sendmail-8.13.8-2.el5.i386.rpm
sendmail-devel-8.13.8-2.el5.i386.rpm
sendmail-cf-8.13.8-2.el5.i386.rpm
sendmail-doc-8.13.8-2.el5.i386.rpm
m4-1.4.5-3.el5.1.i386.rpm
dovecot-1.0.7-7.el5.i386.rpm
建议用yum安装,可以自动解决依赖问题。
sendmail的配置文件主要存在与/etc/mail目录下:
[root@server2 mail]# ls
access domaintable.db mailertable sendmail.cf submit.cf trusted-users
access.db helpfile mailertable.db sendmail.mc submit.cf.bak virtusertable
domaintable local-host-names Makefile spamassassin submit.mc virtusertable.db
三个名词解释:
MUA:邮件用户代理(Mail User Agent)
MTA:邮件传输代理(Mail Transfer Agent)
MDA:邮件递送代理(Mail Delivery Agent)
三、配置sendmail:
主要步骤:
(1)配置sendmail.mc文件
[root@server2 mail]# vi sendmail.mc
设置SMTP的用户认证,找到以下两行,取消前面的注释,如下所示:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
找到下行,将smtp侦听范围127.0.0.1改为0.0.0.0
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
修改域,找到LOCAL_DOMAIN(`localhost.localdomain')dnl此行,将其改为LOCAL_DOMAIN(`rhel5.com.cn')dnl
(2)使用m4工具将sendmail.mc文件导入sendmail.cf文件
[root@server2 mail]# m4 sendmail.mc >sendmail.cf
(3)配置local-host-names文件
[root@server2 mail]# vi local-host-names
# local-host-names - include all aliases for your machine here.
rhel5.com.cn
mail.rhel5.com.cn
(4)建立用户帐号
[root@server2 mail]# for user in student1 student2;do useradd -g 500 -G student -d /home/$user -s /bin/bash $user;echo redhat|passwd --stdin $user;done;
useradd: user student1 exists
Changing password for user student1.
passwd: all authentication tokens updated successfully.
useradd: user student2 exists
Changing password for user student2.
passwd: all authentication tokens updated successfully.
[root@server2 mail]# ls /home/
student student1 student2
群发邮件设置:
编辑/etc/alias文件,aliases文件语法格式:
别名:真实名1,真实名2
student1: user1,user2
student2: user3,user4
使用newaliases命令生成aliases.db数据库文件:
[root@server2 mail]# newaliases
/etc/aliases: 78 aliases, longest 11 bytes, 803 bytes total
(5) 配置访问控制的access文件:
[root@server2 mail]# vi access
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.1 RELAY
生成access数据库文件:
[root@server2 mail]# makemap hash access.db <access
(6),配置dovecot:
默认情况下,/etc/dovecot.conf文件是不用修改的就可以使用。
(6)重新启动服务使配置生效
[root@server2 mail]# service saslauthd start
Starting saslauthd: [ OK ]
[root@server2 mail]# service dovecot start
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
检查是否成功启动:
[root@server2 mail]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3770/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::993 :::* LISTEN 3708/dovecot
tcp 0 0 :::995 :::* LISTEN 3708/dovecot
tcp 0 0 :::110 :::* LISTEN 3708/dovecot
tcp 0 0 :::143 :::* LISTEN 3708/dovecot
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
防火墙配置:
[root@server2 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m multiport --dport 25,110,143,993,995 -j ACCEPT
993对应的是imaps,995对应的是pop3s。这个在后面说。
windows上测试:
C:\>telnet mail.rhel5.com.cn 25
220 server2.rhel5.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 31 Mar 2009 22:12:16 +0
800
ehlo hello
250-server2.rhel5.com Hello xzxj [192.168.1.156], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
C:\>telnet mail.rhel5.com.cn 110
+OK Dovecot ready.
C:\>telnet mail.rhel5.com.cn 143
* OK Dovecot ready.
全部都测试成功。
(7) 配置基于ssl的sendmail.
首先配置dovecot的ssl加密:
进到/etc/pki/dovecot目录,修改下dovecot-openssl.cnf此文件,我修改后的文件如下:
[root@server2 dovecot]# vi dovecot-openssl.cnf
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
# country (2 letter code)
#C=CN
# State or Province Name (full name)
#ST=zhejiang
# Locality Name (eg. city)
#L=Hangzhou
# Organization (eg. company)
#O=xzxj
# Organizational Unit Name (eg. section)
OU=mail.rhel5.com.cn
# Common Name (*.example.com is also possible)
CN=rhel5
# E-mail contact
emailAddress=postmaster@mail.rhel5.com.cn
[ cert_type ]
nsCertType = server
在执行之前,将/etc/pki/dovecot目录下的所有dovecot.pem文件删除,然后进到/usr/share/doc/dovecot-1.0.7/examples目录里执行mkcert.sh脚本:
[root@server2 examples]# ./mkcert.sh
Generating a 1024 bit RSA private key
..................++++++
....++++++
writing new private key to '/etc/pki/dovecot/private/dovecot.pem'
-----
subject= /OU=mail.rhel5.com.cn/CN=rhel5/emailAddress=postmaster@mail.rhel5.com.cn
SHA1 Fingerprint=FB:42:D3:3A:D3:97:54:55:CB:4F:25:43:D3:02:AD:B5:D4:32:22:7D
完了后会在/etc/pki/dovecot目录下产生新的dovecot.pem文件。
接着修改/etc/dovecot.conf文件:
[root@server2 ~]# vi /etc/dovecot.conf
找到此行,将前面的注释符去掉:
protocols = imap imaps pop3 pop3s,接着加入下面内容,设置监听的地址以及端口号:
protocol imap {
listen = 192.168.1.12:143
ssl_listen = 192.168.1.12:993
}
protocol pop3 {
listen = 192.168.1.12:110
ssl_listen = 192.168.1.12:995
}
去掉ssl_disable = no前面的注释符,最后修改以下两行:
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
将前面的注释符去掉,dovecot.pem此文件之先创建过,这里不用修改了。
接着配置sendmail的ssl加密:
[root@server2 certs]# cd /etc/pki/tls/certs
[root@server2 certs]# make sendmail.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > sendmail.pem ; \
echo "" >> sendmail.pem ; \
cat $PEM2 >> sendmail.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
............................................++++++
....++++++
writing new private key to '/tmp/openssl.Ow4054'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:zhejiang
Locality Name (eg, city) [Newbury]:HZ
Organization Name (eg, company) [My Company Ltd]:xzxj
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:mail.rhel5.com.cn
Email Address []:admin@rhel5.com.cn
[root@server2 certs]# ls
ca-bundle.crt localhost.crt make-dummy-cert Makefile sendmail.pem
修改/etc/mail/sendmail.mc文件,找到以下四行,将其前面的注释符号去掉:
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
接着注释下行:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
去掉下行前面的dnl后为
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
[root@server2 mail]# m4 sendmail.mc >sendmail.cf
重启dovecot和sendmail,使配置生效!
[root@server2 mail]# service dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@server2 certs]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 4150/sendmail: acce
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
防火墙的配置:
基于ssl的sendmail使用的端口是465;
[root@server2 certs]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 465 -j ACCEPT
,到此基于ssl的邮件服务就完毕了。
(8) 测试
使用windows的outlook测试发信和收信。
日志信息如下所示:
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:12 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:13 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:58:32 server2 sendmail[4232]: STARTTLS=server, relay=xzxj [192.168.1.156], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Mar 31 22:58:32 server2 sendmail[4232]: AUTH=server, relay=xzxj [192.168.1.156], authid=student1, mech=LOGIN, bits=0
Mar 31 22:58:32 server2 sendmail[4232]: n2VEwWq3004232: from=<[email]student1@rhel5.com.cn[/email]>, size=1278, class=0, nrcpts=1, msgid=<88D5650C92C5466F87510EE8FB998C82@xzxj>, proto=ESMTP, daemon=TLSMTA, relay=xzxj [192.168.1.156]
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user4, ctladdr=<[email]student2@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user3, ctladdr=<[email]student2@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user2, ctladdr=<[email]student1@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user1, ctladdr=<[email]student1@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: n2VEwWq3004235: postmaster notify: User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004235: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32560, dsn=2.0.0, stat=Sent
发送成功了。
ok,也正常接收成功!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- LAB_RHEL5下sendmail+dovecot+openwebmail邮件系统配置
- zz LAB_RHEL5下sendmail+dovecot+openwebmail邮件系统配置(图片链接已失效 2010/11/08)
- centos 6.6 系统中配置sendmail和dovecot
- RHEL5中sendmail的基本配置与应用
- Linux配置邮件服务器sendmail +dovecot
- rhel5 sendmail邮件服务器简单安装配置
- RHEL5下配置SMTP认证加密的sendmail
- RHEL6 postfix+dovecot 邮件服务配置
- rhel5 sendmail服务器详细配置文档
- RHEL6 Postfix+Dovecot邮件系统配置指南
- RHEL6 postfix+dovecot+mysql 邮件服务配置
- 配置 Squirrelmail/Roundcude Webmail Server 与 DNS, Postfix, Dovecot and MySQL on RHEL 6 /CentOS 6
- 邮件服务/Sendmail/Dovecot/Postfix的配置与应用
- SendMail+dovecot配置
- postfix+dovecot 及sendmail配置实例
- RHEL5 配置sendmail
- Ubuntu10.10下sendmail-dovecot配置(虚拟机)
- RHEL4.0下mail(sendmail+dovecot+webmail)
- RHEL6.0配置postfix+dovecot服务器收发邮件
- RHEL5下sendmail服务和dovecot服务的安装