centos sendmail配置

安装

yum install -y sendmail
yum install -y sendmail-cf
[root@vmlin5282 mail]# rpm -qa | grep sendmail
sendmail-cf-8.14.4-9.el6_8.1.noarch
sendmail-8.14.4-9.el6_8.1.x86_64

配置

1)
备份配置文件

1
2
3

cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.bak
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.bak

1	vim /etc/mail/sendmail.mc

默认监听本机，这里需要注释掉，添加dnl

1	dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Sendmail服务的网络访问权限，如果仅仅是本机使用，就不用配置，如果是允许外部机器访问，可以进行限制

将127.0.0.1改为0.0.0.0或者注释掉，意思是任何主机都可以访问Sendmail服务。如果仅让某一个网段能够访问到Sendmail服务，将127.0.0.1改为形如192.168.1.0/24的一个特定网段地址

3)
信息伪装(可选配置，可在PHPMailer中代码中自定义)

//此句去掉注释，修改为：MASQUERADE_AS('yourdomain.com')dnl
dnl MASQUERADE_AS('mydomain.com')dnl //是否对信息作伪装
//去掉注释
dnl FEATURE(masquerade_envelope)dnl //是否对整个域（包括子域）做伪装
//去掉注释
dnl FEATURE(masquerade_entire_domain)dnl
//去掉注释
dnl MASQUERADE_DOMAIN(localhost)dnl //对localhost域做伪装
//去掉注释
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl //将locahost.com域伪装成yourdomain.com

4)
开启SMTPAuth认证

1
2
3

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

将其改为如下

1
2
3

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

TRUST_AUTH_MECH的作用是使sendmail不管access文件中如何设置，都能relay那些通过EXTERNAL, LOGIN, PLAIN, CRAM-MD5或DIGEST-MD5等方式验证的邮件，注意这里是对需要relay的邮件进行验证，只有这样通过验证的邮件才会被relay以防止sendmail服务器被滥用。

confAUTH_MECHANISMS的作用是确定系统的认证方式

5)
安全认证

[root@vmlin5282 mail]# rpm -qa | grep sasl
cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-md5-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-devel-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-gssapi-2.1.23-15.el6_6.2.x86_64
# yum install
		cyrus-sasl-gssapi\
        cyrus-sasl-md5\
        cyrus-sasl\
        cyrus-sasl-plain\
        cyrus-sasl-devel

6)
m4重新生成sendmail.cf

1	m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

7)
重启sendmail、saslauthd服务

[root@vmlin5282 mail]# service saslauthd restart
Stopping saslauthd:                                        [  OK  ]
Starting saslauthd:                                        [  OK  ]
[root@vmlin5282 mail]# service sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]

8)
iptables设置

1 2	# vi /etc/sysconfig/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

9)
Testing SMTP AUTH

[root@vmlin5101 ops]# telnet 10.100.133.248 25
Trying 10.100.133.248...
Connected to 10.100.133.248.
Escape character is '^]'.
220 mail.xxx.com ESMTP Sendmail 8.14.4/8.14.4; Wed, 15 Nov 2017 10:07:11 +0800
ehlo laptop
250-mail.xxx.com Hello [10.100.133.98], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
`50-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN`
250-DELIVERBY
250 HELP

相关配置文件说明

/etc/mail/accessAllow/Deny other systems to use Sendmail for outbound emails
/etc/mail/domaintableAllUsed for domain name mapping for Sendmail
/etc/mail/local-host-namesUsed to define aliases for the host
/etc/mail/mailertableDefined the instructions that override routing for particular domains
/etc/mail/virtusertableSpecifies a domain-specific form of aliasing, allowing multiple virtual domains to be hosted on one machine

vim /etc/mail/access
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the
# cyrus-sasl-plain package installed.
#
# By default we allow relaying from localhost...
Connect:localhost.localdomain		RELAY
Connect:localhost			RELAY
Connect:127.0.0.1			RELAY
Connect:10.100.133.248			RELAY
Connect:10.100				RELAY
Connect:10.96				RELAY
Connect:*				RELAY

在实际代码测试过程中未配置hostname aliases

vim /etc/mail/local-host-names
# local-host-names - include all aliases for your machine here.
#mail.xxx.com
#xxx.com
#yyyy.com