我正在配置邮件服务器,但 sendmail 不允许我从远程设备或/和软件发送邮件。我的配置:CentOS 6.4,Sendmail 8.14.4。
这是我尝试从服务器外部发送电子邮件时收到的消息
sendmail[25390]: rA4Fp855025390: [213.x.x.x] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
sendmail[25391]: rA4Fp86s025391: ruleset=check_rcpt, arg1=<[email protected]>, relay=[213.x.x.x], reject=550 5.7.1 <[email protected]>... Relaying denied. IP name lookup failed [213.x.x.x]
sendmail[25391]: rA4Fp86s025391: from=<[email protected]>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[213.x.x.x]
我知道中继主机有问题,但如果你不知道中继主机怎么办?我的意思是……无论如何,这是 sendmail.mc 文件
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl define(`confLOG_LEVEL', `9')dnl
dnl define(`SMART_HOST', `smtp.your.provider')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
MASQUERADE_AS(mydomain.com)dnl
MASQUERADE_DOMAIN(mydomain.com)dnl
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confCACERT_PATH', `/etc/mail/certs')dnl
dnl define(`confCACERT', `/etc/mail/certs/CAcert.pem')dnl
dnl define(`confSERVER_CERT', `/etc/mail/certs/MYcert.pem')dnl
dnl define(`confSERVER_KEY', `/etc/mail/certs/MYkey.pem')dnl
dnl define(`confCLIENT_CERT', `/etc/mail/certs/MYcert.pem')dnl
dnl define(`confCLIENT_KEY', `/etc/mail/certs/MYkey.pem')dnl
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
FEATURE(`relay_hosts_only')dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
FEATURE(`accept_unresolvable_domains')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
dnl FEATURE(`relay_based_on_MX')dnl
LOCAL_DOMAIN(`mydomain.com')dnl
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl FEATURE(masquerade_envelope)dnl
dnl FEATURE(masquerade_entire_domain)dnl
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
我该怎么办?我怎么知道 SMTP-AUTH 是否有效?TLS ?
非常感谢您的帮助 -。-
答案1
对于新手来说sendmail的学习难度比较大,推荐的MTA是postfix。
要确定 sendmail 当前支持什么;telnet 到 smtp 端口并发出 help 命令,sendmail 将显示其功能:
]$ telnet 本地主机 25
220 example.com ESMTP Sendmail 8; Mon, 4 Nov 2013 17:27:20 +0100
帮助
214-2.0.0 This is sendmail
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
AUTH 表示该 sendmail 服务器支持 SMTP 认证。
STARTTLS 表示支持 SSL/startTLS。
要同时启用这两项功能,您需要修改 sendmail 配置。sendmail 配置文件可以说是一目了然。更简单的方法是编辑 sendmail.mc,这是一个宏文件,可用于生成功能齐全的 sendmail.cf 配置。以 开头的行#是注释,以 开头的行也是注释dnl。
取消注释以下三行将启用 smtp 身份验证:
# /etc/mail/sendmail.mc
<snip>
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
<snip>
要启用 TLS/SSL,请取消注释以下行并确保存在证书(自签名或公共)。
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/CAcert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/MYcert.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/MYkey.pem')dnl
大多数客户端将通过 smtp 端口 25 使用 starttls,但您可以通过取消注释来让仅使用 SSL 的 smtp sendmail 监听端口 465:
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
确保已安装 sendmail-cf 和 cyrus-sasl rpm 包:
]# yum -y install cyrus-sasl sendmail-cf
从修改后的 sendmail.mc 生成新的 sendmail.cf 并重新启动 sendmail
]# cd /etc/mail ; ./make
]# service sendmail restart
使用您喜欢的邮件用户身份验证方法配置 sasl 身份验证服务器,并确保它正在运行。(默认设置为 /etc/sysconfig/saslauthd 中的 pam)
]# chkconfig saslauthd on
]# service saslauthd start
现在,为了测试 SMTPAUTH,我们将使用 PLAIN 方法,我们将检查早期的 telnet 测试现在是否显示对 AUTH 方法的支持。
如果可以,我们将尝试普通身份验证。这需要一个包含 NULL 分隔的用户名和密码的 base64 编码字符串:
]$ perl -MMIME::Base64 -e 'print encode_base64("\000USERNAME\000PASSWORD");'
AFVTRVJOQU1FAFBBU1NXT1JE
现在我们可以一举两得,检查 SSL 设置和 PLAIN 身份验证(PLAIN 和 LOGIN 仅允许通过 SSL 加密连接):
]$ openssl s_client -starttls smtp -connect example.com:25
. <snip more SSL stuff>
. ---
. SSL handshake has read 17078 bytes and written 357 bytes
. ---
. New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
.
EHLO example2.com
.
. 250-mail.example.com Hello example2.com [1x.2x.3x.4x], pleased to meet you
. 250-ENHANCEDSTATUSCODES
. 250-PIPELINING
. 250-8BITMIME
. 250-SIZE
. 250-DSN
. 250-ETRN
. 250-AUTH LOGIN PLAIN
. 250-DELIVERBY
. 250 HELP
.
AUTH PLAIN AFVTRVJOQU1FAFBBU1NXT1JE
现在,使用有效 SMTP 身份验证的客户端可以使用您的 sendmail 服务器发送电子邮件。