09. februar 2005 - 19:31Der er
31 kommentarer og 1 løsning
Sendmail minimum configuration
Hejsa er der en der kan fortælle mig hvad jeg kan nøjes med at sette op i sendmail for at få det til at køre Har www.limenet.dk og har fået port 25 åbnet
i /etc/mail/sendmail.m4 - udkommentere "only local delivery" - generer en ny sendmail.cf (m4 < sendmail.m4 > sendmail.cf) og genstart sendmail (service sendmail restart)
Hvis du har en forbindelse, hvor du skal bruge en smtp relay server skal dette også slås til i sendmail.m4
dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl dnl #
divert(-1) # # Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # #
# # This is the prototype file for a set-group-ID sm-msp sendmail that # acts as a initial mail submission program. #
divert(0)dnl include(`/usr/share/sendmail-cf/m4/cf.m4') VERSIONID(`linux setup for Red Hat Linux')dnl define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet define(`confTIME_ZONE', `USE_TZ')dnl define(`confDONT_INIT_GROUPS', `True')dnl define(`confPID_FILE', `/var/run/sm-client.pid')dnl dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C') FEATURE(`use_ct_file')dnl dnl dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] FEATURE(`msp', `[127.0.0.1]')dnl
# # Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # #
###################################################################### ###################################################################### ##### ##### SENDMAIL CONFIGURATION FILE ##### ##### built by bhcompile@porky.build.redhat.com on Wed Sep 1 06:16:22 EDT 2004 ##### in /usr/src/build/446503-i386/BUILD/sendmail-8.13.1/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### ##### ##### DO NOT EDIT THIS FILE! Only edit the source .mc file. ##### ###################################################################### ######################################################################
##### $Id: proto.m4,v 8.710 2004/07/27 17:32:48 ca Exp $ #####
# level 10 config file format V10/Berkeley
# override file safeties - setting this option compromises system security, # addressing the actual file configuration problem is preferred # need to set this before any file actions are encountered in the cf file #O DontBlameSendmail=safe
# default LDAP map specification # need to set this now before any LDAP maps are defined #O LDAPDefaultSpec=-h localhost
################## # local info # ##################
# my LDAP cluster # need to set this before any LDAP lookups are done (including classes) #D{sendmailMTACluster}$m
Cwlocalhost
# my official domain name # ... define this only if sendmail cannot automatically determine your domain #Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical CP.
# "Smart" relay host (may be null) DS
# operators that cannot be in local usernames (i.e., network indicators) CO @ % !
# a class with just dot (for identifying canonical names) C..
# a class with just a left bracket (for identifying domain literals) C[[
# Resolve map (to check if a host exists in check_mail) Kresolve host -a<OKR> -T<TEMP> C{ResOk}OKR
# Hosts for which relaying is permitted ($=R) FR-o /etc/mail/relay-domains
# arithmetic map Karith arith
# dequoting map Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade # class L: names that should be delivered locally, even if we have a relay # class M: domains that should be converted to $M # class N: domains that should not be converted to $M #CL root
# my name for error messages DnMAILER-DAEMON
D{MTAHost}[127.0.0.1]
# Configuration version number DZ8.13.1/Submit
############### # Options # ###############
# strip message body to 7 bits on input? O SevenBitInput=False
# 8-bit data handling #O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes) O AliasWait=10
# location of alias file #O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem O MinFreeBlocks=100
# maximum message size #O MaxMessageSize=0
# substitution for space (blank) characters O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission? O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries #O CheckpointInterval=10
# time for DeliverBy; extension disabled if less than 0 #O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses? #O DontPruneRoutes=False
# queue up everything before forking? O SuperSafe=True
# status file O StatusFile=/var/spool/clientmqueue/sm-client.st
# time zone handling: # if undefined, use system default # if defined but null, use TZ envariable passed in # if defined and non-null, use that info O TimeZoneSpec=
# default UID (can be username or userid:groupid) #O DefaultUser=mailnull
# list of locations of user database file (null means no lookup) #O UserDatabaseSpec=/etc/mail/userdb
# if we have % signs, take the rightmost one R$* % $* $1 @ $2 First make them all @s. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name R$* $@ $>Canonify2 $1
R$* $: $>Parse0 $1 initial parsing R<@> $#local $: <@> special case error msgs R$* $: $>ParseLocal $1 handle local hacks R$* $: $>Parse1 $1 final parsing
# # Parse0 -- do initial syntax checking and eliminate local addresses. # This should either return with the (possibly modified) input # or return with a #error mailer. It should not return with a # #mailer other than the #error mailer. #
# handle locally delivered names R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names
########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ###########################################################################
################################################################### ### Ruleset 98 -- local part of ruleset zero (can be null) ### ###################################################################
SParseLocal=98
###################################################################### ### CanonAddr -- Convert an address into a standard form for ### relay checking. Route address syntax is ### crudely converted into a %-hack address. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed address, not in source route form ######################################################################
SCanonAddr R$* $: $>Parse0 $>canonify $1 make domain canonical
###################################################################### ### ParseRecipient -- Strip off hosts in $=R as well as possibly ### $* $=m or the access database. ### Check user portion for host separators. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed, non-local-relaying address ######################################################################
# check for local user (i.e. unqualified address) R$* $: <?> $1 R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > # local user is ok R<?> $+ $@ RELAY R<$+> $* $: $2
###################################################################### ### Relay_ok: is the relay/sender ok? ###################################################################### SRelay_ok # anything originating locally is ok # check IP address R$* $: $&{client_addr} R$@ $@ RELAY originated locally R0 $@ RELAY originated locally R127.0.0.1 $@ RELAY originated locally RIPv6:::1 $@ RELAY originated locally R$=R $* $@ RELAY relayable IP address R$* $: [ $1 ] put brackets around it... R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve? R$* $: < $&{client_resolve} > R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} R$* $: <@> $&{client_name} # pass to name server to make hostname canonical R<@> $* $=P $:<?> $1 $2 R<@> $+ $:<?> $[ $1 $] R$* . $1 strip trailing dots R<?> $=w $@ RELAY R<?> $* $=R $@ RELAY
###################################################################### ### trust_auth: is user trusted to authenticate as someone else? ### ### Parameters: ### $1: AUTH= parameter from MAIL command ######################################################################
###################################################################### ### Relay_Auth: allow relaying based on authentication? ### ### Parameters: ### $1: ${auth_type} ###################################################################### SLocal_Relay_Auth
###################################################################### ### srv_features: which features to offer to a client? ### (done in server) ###################################################################### Ssrv_features
###################################################################### ### try_tls: try to use STARTTLS? ### (done in client) ###################################################################### Stry_tls
###################################################################### ### tls_rcpt: is connection with server "good" enough? ### (done in client, per recipient) ### ### Parameters: ### $1: recipient ###################################################################### Stls_rcpt
###################################################################### ### tls_client: is connection with client "good" enough? ### (done in server) ### ### Parameters: ### ${verify} $| (MAIL|STARTTLS) ###################################################################### Stls_client R$* $| $* $@ $>"TLS_connection" $1
###################################################################### ### tls_server: is connection with server "good" enough? ### (done in client) ### ### Parameter: ### ${verify} ###################################################################### Stls_server R$* $@ $>"TLS_connection" $1
###################################################################### ### TLS_connection: is TLS connection "good" enough? ### ### Parameters: ### ${verify} ### Requirement: RHS from access map, may be ? for none. ###################################################################### STLS_connection RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
###################################################################### ### RelayTLS: allow relaying based on TLS authentication ### ### Parameters: ### none ###################################################################### SRelayTLS # authenticated?
###################################################################### ### authinfo: lookup authinfo in the access map ### ### Parameters: ### $1: {server_name} ### $2: {server_addr} ###################################################################### Sauthinfo
# do UUCP heuristics; note that these are shared with UUCP mailers R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
### submit.mc ### # divert(-1) # # # # Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers. # # All rights reserved. # # # # By using this file, you agree to the terms and conditions set # # forth in the LICENSE file which can be found at the top level of # # the sendmail distribution. # # # # # # # # # This is the prototype file for a set-group-ID sm-msp sendmail that # # acts as a initial mail submission program. # # # # divert(0)dnl # include(`/usr/share/sendmail-cf/m4/cf.m4') # VERSIONID(`linux setup for Red Hat Linux')dnl # define(`confCF_VERSION', `Submit')dnl # define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining # define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet # define(`confTIME_ZONE', `USE_TZ')dnl # define(`confDONT_INIT_GROUPS', `True')dnl # define(`confPID_FILE', `/var/run/sm-client.pid')dnl # dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C') # FEATURE(`use_ct_file')dnl # dnl # dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] # FEATURE(`msp', `[127.0.0.1]')dnl
det var godt nok en lille udgave - her er min komplette:
divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for Red Hat Linux')dnl OSTYPE(`linux')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST',`smtp.your.provider') dnl # define(`confDEF_USER_ID',``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # make -C /usr/share/ssl/certs usage dnl # dnl define(`confCACERT_PATH',`/usr/share/ssl/certs') dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires dnl # a kernel patch dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl
ok, lad os lige klappe hesten. Al indhold i sendmail.cf genereres ud fra få linier i sendmail.mc - det vil sige, at det kun er interessant hvad der befinder sig i mc-filen.
Prøv at tage min fil og læg ind som sendmail.mc og generer en ny sendmail.cf
er du forresten sikker på, at du har alle pakker installeret - det er interessant med sendmail-cf pakken - check med "rpm -qa|grep sendmail" - se om sendmail-cf er på listen
kan jeg logge på via ssh? hvor stor er din sendmail.cf - ca 57000 bytes? din oprindelige sendmail.mc var alt for lille til sendmail-cf pakken hvad skrives der i /var/log/messages?
har konfigureret sendmail standard med MASQ for hele domænet. Herefter blev cyrus imap afinstalleret og downloaded imap-2001 til fc1 - installeret og startet (xinetd.d/imap).
Omkonfigureret firewall på linuxmaskine, således at forbindelse til 25,110,143 var muligt. Testet og checket i /var/log/maillog.
Kontrol med ofir.dk - udover forsinkelse virker det.
Diverse små problemer med /etc/hosts og /etc/mail/access - men det virker alle steder nu.
Virkelig inponerende stykke arbejde. Nu skriver du (lap) ikke noget om screen, så jeg syntes lige jeg vil fortælle, det er muligt at dele samme konsol/xterm med screen, så tcp kunde se alt hvad du lavede på konsolen/xtermen. tcp kunde muligvis lære en smugle, af at se hvordan du gjorde. Første person køre: screen -S Selv_valgt_screen_navn og anden person køre så: screen -xS Samme_Selv_valgt_screen_navn
Eneste ulempe er sådan set, at personen der kigger med, skal holde sig væk fra tasteturet. Bekke personer kan skrive på den samme konsol/xterm på samme tid og så bliver det noget rod :-)
Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.