Configure and manage sendmail server

1. The composition of the e-mail system

The email system in the Linux system includes 3 components: MUA (Mail user Agent, mail user agent), MTA (Mail Transfer Agent, mail transfer agent), MDA (Mail Delivery Agent, mail delivery agent)

1、FIRST

MUA是电子邮件系统的客户端程序，它是用户与电子邮件系统的接口, which is mainly responsible for the sending and receiving of emails, as well as the writing and reading of emails. At present, the mainstream user agent platforms include OutLook, foxmail and Mail in Linux.

2、MTA

MTA是电子邮件系统的服务器程序、它主要负责邮件的存储和转发. The most commonly used MTA software consists of Exchange based on the Windows platform, and Sendmail and postfix based on the Linux platform.

3、MDA

MDA is also called LDA (Local Delivery Agent, local delivery agent) MTA delivers the mail to the mail server where the mail recipient is located ** MDA则负责把邮件按照接收者的用户名投递到邮箱中**

4. Collaborative work of MUA, MTA, MDA

In general, when using a MUA program to write a letter, the application will send the letter to an MTA program such as sendmail or postfix. If the letter is addressed to a LAN or a local host, the MTA program should be able to determine this information from the address.

2. Protocols related to e-mail

Commonly used email protocols are SMTP, POP3, IMAP4

SMTP (Simple Mail Transfer Protocol) is the Simple Mail Transfer Protocol, which works on port 25 of TCP by default. SMTP belongs to the client/server type. It is a set of rules used to send mail from the source address to the destination address. It controls the new transit mode. SMTP belongs to the TCP/IP protocol cluster, which helps each computer to resend. Be that or find the next destination when the secondary is new.

POP3 (Post Office Protocol3) is the third version of the Post Office Protocol. The protocol works on port 110 of TCP by default. POP3 also belongs to the client/server model. It is a protocol that specifies how to connect a personal computer to an Internet mail server and download e-mail. It is the first offline protocol standard for Internet e-mail. POP3 allows mail to be stored on the local host computer from the server, and at the same time deletes the mail stored on the mail server.

---

3. Mail Relay

A relay is a request to your server to deliver mail to another server. There are only two types of mail processed by a server, one is outgoing mail, and the other is received mail. The former is the mail that users in this domain want to forward to the outside through the server, and the latter is sent to users in this domain.

A user should not handle passing mail, which is neither forwarded by your user nor sent to your user, but sent by an external user to another external user. This behavior is called third-party relaying. If you can relay mail to outside the organization without verification, it is called Open RELAY (open relay), "third-party relay" and "open relay" are prohibited, but the relay cannot be closed . There are a few concepts to understand here.

(1) Relay : the user passes the mail to the outside of the organization through the server

(2) OPEN RELAY : Unrestricted relay outside the organization, that is, unauthenticated users can also submit relay requests.

(3) Third-party relay : The OPEN RELAY submitted by the server is not submitted directly from the client. For example, the domain of the network segment is A, and I transfer emails to domain C through server B. At this time, server B sees that the connection request comes from the server in domain A, and the email is neither submitted by the user in the domain where server B is located nor sent to. B domain, this is a third-party relay. This is the root of spam. If a user sends an email via a direct connection to your server, this cannot be prevented, such as mass mailing software. If OPEN RELAY is turned off, he can only send mail to users in your organization, and cannot relay mail out of the organization.

**sendmail相关配置文档**

**sendmail.cf**：sendmail核心配置文件，位于/etc/mail/sendmail.cf

sendmail.mc：sendmail提供sendmail文件模板，通过编辑此文件后再使用m4工具将结果导入sendmail.cf完成配置Sendmail核心配置文件，降低配置复杂性，位于/etc/mail/sendmail.mc

local-host-name：定义收发邮件服务器的域名和主机别名，位于/etc/mail/local-host-names

accesss.db：用来设置Sendmail服务器为哪些主机进行转发邮件，位于/etc/mail/access.db

aliases.db：用来定义邮件别名，位于/etc/mail/aliases.db

virtusertaable.db:用来设置虚拟账户，位于/etc/mail/virtusertable.db

***

4. Sendmail general server configuration

1. Sendmail server configuration steps

If you want to successfully assume the Sendmail server, in addition to understanding its working principle, you also need to be clear about the entire setting process and the role of each step in the entire process. A suggestion The Sendmail server setup process mainly includes the following steps.

（1）配置好DNS

（2）检查是否安装Sendmail

（3）修改/etc/mail/sendmail.mc

（4）使用m4工具编译产生sendmail.cf文件，启动Sendmail服务器

（5）修改/etc/mail/access文件

（6）编译生成access.db

（7）修改/etc/mail/local-host-names。

（8）启动Sendmail服务器

（9）创建用户

（10）测试

2. Sendmail.cf and sendmail.mc

sendmail.cf是Sendmail的核心配置文件, Most of the Sendmail parameter settings need to modify the file. Because of this, the file of sendmail is too complicated, which can be said to be a holy scripture. In order to reduce the complexity of setting, people use to modify the sendmail.mc file instead of directly modifying the Sendmail.cf file.

So you only need to modify sendmail.mc, and then use the m4 tool to import the results into the sendmail.cf file. This approach can greatly reduce configuration complexity. ,

The content of sendmail.mc is very large, but most of them are commented. The following information starting with "dnl" is invalid. When we usually configure the sendmail server, we only need to modify the following content

116				DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

The Addr field in brackets indicates that the SMTP protocol listening address is 127.0.0.1. In our usual configuration, 需要将其改为题目所要求的网段或者0.0.0.0以来加大侦听范围otherwise, mail will not be able to send mail normally

3. Use of m4 tools

The m4 tool is a powerful macro processing filter, and its complexity is no less than sendmail.cf. Before using the m4 tool, please confirm that the software package is installed on the server. By default, the m4 tool is installed.

During the configuration process, you need to use the m4 tool to redirect the contents of the edited sendmail.mc file to the sendmail.cf file. This avoids having to edit the complex sendmail.cf file directly ; as follows:

m4 sendmail.mc > sendmail.cf 

Notice:此时如果sendmail报错，那么就是因为sendmail.cf中有错误，在第39行多空了一个，我们只需要把那多的一行删掉，在重启即可。

4.local-host-names file

This file is used to define the host alias for sending and receiving emails. 默认情况下该文件位于/etc/mail下In order to make the sendmail service work normally, you must add the host name or host alias in this file, otherwise an error will be prompted.

Suppose the mail server has two host names, mail.skills.com and mail1.skills.com, and only wants to receive mail sent to mail.skills.com, and mail sent to mail1.skills.com is not affected. , then you need to add mail.skills.com to loxal-host-names ;

As follows:

# local-host-names - include all aliases for your machine here.
mail.skills.com
skills.com

If you want all host aliases to be able to send and receive emails, please refer to the above example and add all host aliases to the file.

5. Alias ​​and group sending settings:

User alias is a function that is often used. Alias ​​is to give the user another name. For example, if user A is given an alias name B, the emails sent to B will be received by user A in the future.

Why use this function?

• First of all, the root user cannot send and receive emails. If there is a letter sent to the root user, an alias must be created for the root user.

• Secondly, this function needs to be used in the group sending setting. When using the mail service within the enterprise, letters are often sent in groups according to the department. The mail sent to the finance department can only be received by everyone in the finance department, and others cannot receive it.

Use the following format:

aliases:   user[,user,user,...]

Among them , alias is the user name in the email address , and recioient is the user who actually receives the email . Here are a few examples to illustrate how to set user aliases:

Example 1:

Set the alias for the user1 account as toto, and set the alias for the user2 account as popo

[root@localhost named]# vim /etc/mail/aliases     //创建aliases文件并对其修改
toto:   user1
popo:   user2

Example 2:

Assuming that the network group has an email account in this server , now we want to send an email with the same content to all members of the network group . This can be achieved using the organic amine list function in the alias mechanism:

group: net1,ne2,net3,....

6. Use Access files to set up mail relay

Access files are used to control mail relay (RELAY) and mail entry and exit management. Access files can be used to limit which clients can use this mail server to forward mail. For example, restrict the clients of a certain domain from refusing to forward emails, or restrict the clients of a certain network segment from forwarding emails. Its format is as follows:

对象				处理方式

The representation of objects and processing methods is not single, and each row contains objects and processing methods for them. The following is a brief introduction to the types of common objects and processing methods.

Each line in the Access file has an object and a processing method, and we need to combine the two according to the needs of the environment.

Connect:localhost.localdomain           RELAY
Connect:localhost                       			 RELAY
Connect:127.0.0.1  									 RELAY

---

Example: Allow the 192.168.0.0 network segment to send mail freely, but deny the client ftp.skills.com and all hosts in the 192.168.123.0 network segment except 192.168.123.101

Connect:localhost.localdomain          RELAY
Connect:localhost                       			RELAY
Connect:127.0.0.1                       				RELAY
Connect:192.168.0                     			    RELAY
Connect:192.168.123                    		    REJECT
Connect:ftp.skills.com                           REJECT
Connect:192.168.123.101                       OK

Finally, use the makemap command to generate a new access.db database

[root@localhost named]# cd /etc/mail
[root@localhost mail]# makemap hash access.db<access

7. Set up SMTP authentication

When the access.db file is used to implement the mail relay agent, it is not realistic for users who use dial-up Internet access. At this time, the SMTP authentication mechanism can be used to relay mail to the specified users.

Edit the /etc/mail/sendmail.mc file and modify the configuration lines related to authentication.

 52  TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
 53  define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
 78 FEATURE(`no_default_msa', `dnl')dnl
 125 DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

Delete the dnl at the beginning of each of these lines

（1）TRUST_AUTH_MECH的作用是使Sendmail不管Access文件中如何设置，都能relay那些通过LOGIN、PLAIN、或DIGEST-MD5方式验证的邮件

（2）confAUTH_MECHANISMS的作用是确定系统的认证方式

(3) `Port=submission, Name=MSA, M=Ea的作用是开启认证, and run MSA as a child process to verify email accounts and passwords.

7.2 Use the m4 command to regenerate the /etc/mail/sendmail.cf file

[root@localhost mail]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

7.3 Restart sendmail service and saslauthd service

systemctl restart sendmail  saslauthd

8. Set mailbox capacity

Set the user mail size setting , the original limit is 2MB, it is recommended to set it to 20MB, pay attention to ** 单位为字节**. 2000000=2M, 20000000=20M

 36 define(`UUCP_MAILER_MAX', `20000000')dnl

Set the domain name of the local mailbox

157 LOCAL_DOMAIN(`skills.com')dnl

After setting, use the m4 tool to generate a new sendmail.cf file

m4 /etc/mail/sednmail.mc > /etc/mail/sendmail.cf

---

5. Set up virtual domain users

Use virtual domains. Mail sent to virtual domains can be delivered to user mailboxes of real domains . The function of mailing list can also be realized by using virtual domain. The virtual domain here can be a domain that does not exist, and the real domain can be either a local domain or a domain in the remote domain name Inter.

The virtual domain is an alias of the real domain. Through the virtual domain user table /etc/mail/virtusertable.db, the redirection of the mail address of the virtual domain to the mail address of the real domain is realized.

The virtual domain user table /etc/mail/virtuserable.db file 是通过/etc/mail/virtuserable文件生成****. As follows

虚拟域地址				真实域地址

The virtual domain address and the real domain address are separated by a tab. The virtual domain address and the real domain address in this file can be written completely or only the domain name or user name. The following formats are available

@sales.com		@smile.com
[email protected]		user2
[email protected]		user1,user2,user3

If you want to implement the mailing list function, separate the real domain addresses with commas.

---

example:

The domain of the Sendmail mail server is smile.com, and the virtual domain skills.com is set for the mail server. And specify the virtual domain name alias [email protected] for [email protected].

Specific steps are as follows:

(1) Configure the DNS server and set the MX resource records of the virtual domain

1 Modify the DNS zone resolution file and add the skills.com domain

zone "skills.com" IN {
        type master;
        file "1";
        allow-update { none; };
};
zone "123.168.192.in-addr.arpa" IN {
        type master;
        file "2";
        allow-update { none; };
};

2 Create and edit the forward resolution file /var/named/1 for the skills.com zone

      cd /var/named/
      cp -a named.localhost 1
      cp -a named.loopback 2

$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
        AAAA    ::1
@       IN      MX      10      mail.skills.com
mail    IN      A       192.168.123.101

(2) Add the virtual domain skills.com to the /etc/mail/local-host-named file

echo "skills.com" >> /etc/mail/local-host-names 

---

(3) Configure mail relay

Edit /etc/mail/access file with vim editor

[root@localhost named]# vim /etc/mail/access
skills.com				RELAY

Use the makemap command to generate the /etc/mail/access.db file

[root@localhost named]# makemap hash /etc/mail/access.db < /etc/mail/access

Set the virtual domain list /etc/mail/virtuserable, and generate /etc/mail/virtuserable.db

Edit /etc/mail.access file with vim editor

vim /etc/mail/virtusertable
user1@skils.com			user1@smile.com

Generate a new /etc/mail/virtusertable.db file

makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable

Restart the sendmail service Note: If the restart fails here, you can use systemctl status sendmail(named) -l to check the service status. Generally speaking, the two files named.conf and sendmail.cf are checked

---

6. Debug Sendmail server

1. Use Telnet to log in to the server and send mail

After the Sendmail server is set up, use the telnet tool to quickly log in to port 25 of the server and send out emails.

2. Download telnet tools and mail tools

(The mail tool can quickly help us check the mailboxes of each mail user)

yum install -y telnet mailx

After the download is complete, we turn off the firewall

systemctl stop firewalld
setenforce 0

3. Log in to the sendmail server

[root@localhost mail]#  
[root@localhost mail]# telnet localhost 25      //利用telnet命令登录邮件服务器25端口
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.7/8.14.7; Mon, 15 May 2023 00:26:24 +0800
mail from:user1@smile.com    //设置发信人地址
250 2.1.0 user1@smile.com... Sender ok
rcpt to:user2@skills.com     //设置收件人地址
250 2.1.5 user2@skills.com... Recipient ok
data					//data表示要开始写信内容了
354 Enter mail, end with "." on a line by itself
this is a happy mail   
wish you happy everyday!    				//这两行都是信件的内容
.								//“.”表示结束信件内容 千万不要漏掉了
250 2.0.0 34EGQO8V001584 Message accepted for delivery
quit					//退出telnet服务器的命令
221 2.0.0 localhost.localdomain closing connection

In telnet, whenever we input a command, the server will reply with a digital code. Familiarity with these codes will help us better grasp sendmail and determine the cause of server errors.

4. Common response codes and their meanings

response code	illustrate
220	Indicates that the SMTP server starts to provide services
250	Indicates that the command is specified and the response is correct
354	Start typing the content of the letter and end it with a "."
500	Indicates that the SMTP syntax is wrong and the command cannot be executed
501	Indicates a syntax error for a directive parameter or quote
502	Indicates that the command is not supported

---

5. Use the Mailx command to receive emails

After installing and restarting mailx, we can enter the following command to query mail

[root@localhost mail]# mail -u user2     使用命令查看user2的邮箱
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/mail/user2": 1 message 1 new 
>N  1 user1@smile.com       Mon May 15 00:27  13/520    //邮件编号
& 1    //查看邮件编号1
Message  1:
From user1@smile.com  Mon May 15 00:27:49 2023   //信件来源与发信时间
Return-Path: <user1@smile.com>     //返回路径
Date: Mon, 15 May 2023 00:26:24 +0800  //接收时间
From: user1@smile.com 
X-Authentication-Warning: localhost.localdomain: localhost [127.0.0.1] didn't use HELO protocol
Status: R

this is a happy mail
wish you happy everyday!    //邮件内容

& quit   //使用命令退出
Held 1 message in /var/mail/user2

6. User mail directory /var/spool/mail

We can check the user's mail on the mail server, which can ensure that the mail server's mail is working normally again Sendmail再/var/spool/mail目录中为每个用户分别建立单独的文件用于存放每个用户的邮件. These names are the same as the username

[root@localhost mail]# ls /var/spool/mail
user1  user2

---

7. Mail queue

After the mail server is successfully configured, it can provide users with E-mail sending services, but if there is a problem with the server receiving these mails, or the mail cannot reach the destination safely due to other reasons. This email may just go missing. So sendmail uses a mail queue to save these unsuccessfully sent letters.

We can query through mailq

[root@localhost mail]# mailq
                /var/spool/mqueue (1 request)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
34EGNRUH001537       40 Mon May 15 00:24 "this is a happy mail"<user1@skills.com
                 (host map: lookup (smile.com): deferred)
                                         user2@smile.com
                Total requests: 1

The description of the relevant parameters:

Q-ID: Indicates the number of the mail queue

size: Indicates the size of the mail

Q-Time: The time when the mail enters the /var/spool/mqueue directory, and explains why it cannot be sent immediately

Sender/Recipient: the email address of the sender and recipient

---

Seven, mail server configuration often remember a few things

The first thing: Be sure to configure the DNS server. Ensure that the communication between the DNS server, the sendmail server, and the client is normal

The second thing: close the firewall or open the port of the server

The third thing: you can use setenfroce 0 to close selinux

The fourth thing: Pay attention to the connection method of the network card in the virtual machine