|
|
配置环境 redhat AS3
kernel linux 2.4.21-4.EL
sendmail-8.12.10-1
sendmail-cf-8.12.10-1
httpd-devel-2.0.46-25.ent
httpd-2.0.46-25.ent
squirrelmail-1.4.10a
1设置DNS
采用希网http://www.3322.org/提供的域名绑定功能(支持固定IP静态绑定,稳定不需要客户端软件),设置域名为myname.3322.org 邮件服务器(mx)也为myname.3322.org
2配置sendmail
2.1编辑/etc/mail/sendmail.mc
divert(-1)dnl //为m4定义一个缓冲动作,当n=-1时缓冲被删除,n=0时开始一个新缓冲
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl //定义宏所使用的操作系统,该宏允许m4程序增加同相关操作系统相关的文件
define(`SMART_HOST',`myname.3322.org') //设置邮件服务器域名(有时不是必须的)
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
//设定smtp认证,它的意思是如果access.db访问控制
//没有设置,则启用此验证方式进行smtp验证
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl //设置成0.0.0.0方可接收外部邮件,局 //域网邮件服务器可以设成127.0.0.1
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl //定义sendmail来应答邮件的其它主机名
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl //定义sendmail使用的邮件传输方法smtp
MAILER(procmail)dnl
完成sendmail.mc文档的编写后就可以用m4程序生成正式的sendmail.cf配置文档。语法如
下:
# m4 sendmail.mc > sendmail.cf
检测SMTP认证
# telnet myname.3322.org 25
Trying 159.226.XX.XX...
Connected to mail.myname.3322.org (159.226.XX.XX).
Escape character is '^]'.
220 mail.myname.3322.org ESMTP Sendmail 8.12.10/8.12.10; Wed, 16 May 2007 17:24:38 +0800
ehlo myname.3322.org (输入此命令)
250-mail.myname.3322.org Hello mail.myname.3322.org [159.226.XX.XX], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN (出现此行代表设定正确)
250-DELIVERBY
250 HELP
^] ---ctrl+]中断
telnet> q ---q退出
Connection closed.
2.2设定收发限制
修改/etc/mail/access:
localhost RELAY
159.226 RELAY
localhost.localdomain RELAY
127.0.0.1 RELAY
然后
# makemap -v hash /etc/mail/access < /etc/mail/access
2.3将主机域名加到/etc/mail/local-host-names文件中内容如下:
myname.3322.org //好像也是非必须
3设定POP与IMAP服务器.
1) 首先确定/etc/servicese有以下内容
pop2 109/tcp pop-2 postoffice # POP version 2
pop2 109/udp pop-2
pop3 110/tcp pop-3 # POP version 3
pop3 110/udp pop-3
.......
imap 143/tcp imap2 # Interim Mail Access Proto v2
imap 143/udp imap2
利用xinetd启动POP,IMAP,
# vi /etc/xinetd.d/imap
service imap
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/imapd
log_on_success += HOST DURATION
log_on_failure += HOST
}
[root@mis010 /]# vi /etc/xinetd.d/ipop3
service pop3
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/ipop3d
log_on_success += HOST DURATION
log_on_failure += HOST
}
[root@mis010 /]# vi /etc/xinetd.d/ipop2
service pop2
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/ipop2d
log_on_success += HOST DURATION
log_on_failure += HOST
}
让xinetd重新读取设定值.
# /etc/rc.d/init.d/xinetd reload
测试POP3
telnet myname.3322.org 110
测试imap
telnet myname.3322.org 53
4安装squirrelmail
(这是一个比较流行的webmail程序,使用php4开发,可以使用它来基于web收发邮件)
4.1下载squirrelmail-1.4.10a.tar.gz
4.2安装:
解压后复制到/var/www/html/squirrelmail
4.3配置squirrelmail
# /var/www/html/squirrelmail/configure
1)配置基本信息,需要配置的是组织名称,登录logo,logo大小,标题,这些都可以后来配置,首先要配置的是:第5项和第6项,配置的值分别是空格(5项)和ISO-2022-CN(6项目)
2)配置服务器参数,domain: 配置为的邮件服务器的域(这里为myname.3322.org),Sendmail or SMTP:配置为sendmail输入R返回
4)进入常规配置
配置1. Data Directory: /var/www/html/squirrelmail/data/
配置2. Attachment Directory: /var/www/html/squirrelmail/attachments/ (可能需要自己创建)
返回;
8)进入插件管理,添加所由插件(输入数字可以选择),返回;选择S,保存数据,选择Q退出)
5测试
5.1创建测试帐号:
#useradd -s /bin/false test #passwd test
5.2启动apache,使用如下命令:
#service httpd start
5.3测试
在浏览起中输入http://myname.3322.org/squirrelmail/,使用test登录,即可进行邮件的收发了。
6小结
目前163,sina,mails.tsinghua.edu.cn,mails.gucas.ac.cn,home.ipe.ac.cn,gmail均可向该邮箱发信,其中sina,mails.tsinghua无法接受该邮箱发信,怀疑是由于该邮箱采用3322.org后缀,直接被过滤
另外由于3322.org绑定域名不支持反向域名解析,可能会有部分公网邮箱收不到该邮箱发信(目前没有遇到)
同时还需要进一步加强安全性防范 |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2010-9-20 08:37:25
置顶卡
喧嚣卡
变色卡
千斤顶