sendmail+squirrelmail设置邮件服务器

配置环境 redhat AS3
kernel linux 2.4.21-4.EL
sendmail-8.12.10-1
sendmail-cf-8.12.10-1
httpd-devel-2.0.46-25.ent
httpd-2.0.46-25.ent
squirrelmail-1.4.10a

sendmail+squirrelmail设置邮件服务器步骤：

1设置DNS

采用希网http://www.3322.org/提供的域名绑定功能（支持固定IP静态绑定，稳定不需要客户端软件），设置域名为myname.3322.org 邮件服务器(mx)也为myname.3322.org

2配置sendmail

2.1编辑/etc/mail/sendmail.mc
divert(-1)dnl               //为m4定义一个缓冲动作，当n=-1时缓冲被删除，n=0时开始一个新缓冲
include(`/usr/share/sendmail-cf/m4/cf.m4'')dnl
VERSIONID(`setup for Red Hat Linux'')dnl
OSTYPE(`linux'')dnl      //定义宏所使用的操作系统，该宏允许m4程序增加同相关操作系统相关的文件
define(`SMART_HOST'',`myname.3322.org'')    //设置邮件服务器域名(有时不是必须的）
dnl #
define(`confDEF_USER_ID'',``8:12'''')dnl
dnl define(`confAUTO_REBUILD'')dnl
define(`confTO_CONNECT'', `1m'')dnl
define(`confTRY_NULL_MX_LIST'',true)dnl
define(`confDONT_PROBE_INTERFACES'',true)dnl
define(`PROCMAIL_MAILER_PATH'',`/usr/bin/procmail'')dnl
define(`ALIAS_FILE'', `/etc/aliases'')dnl
dnl define(`STATUS_FILE'', `/etc/mail/statistics'')dnl
define(`UUCP_MAILER_MAX'', `2000000'')dnl
define(`confUSERDB_SPEC'', `/etc/mail/userdb.db'')dnl
define(`confPRIVACY_FLAGS'', `authwarnings,novrfy,noexpn,restrictqrun'')dnl
define(`confAUTH_OPTIONS'', `A'')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS'', `A p'')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'')dnl 
//设定smtp认证，它的意思是如果access.db访问控制
//没有设置，则启用此验证方式进行smtp验证
define(`confAUTH_MECHANISMS'', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'')dnl   
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH'',`/usr/share/ssl/certs'')
dnl define(`confCACERT'',`/usr/share/ssl/certs/ca-bundle.crt'')
dnl define(`confSERVER_CERT'',`/usr/share/ssl/certs/sendmail.pem'')
dnl define(`confSERVER_KEY'',`/usr/share/ssl/certs/sendmail.pem'')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP''s
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL'',`groupreadablekeyfile'')dnl
dnl #
dnl define(`confTO_QUEUEWARN'', `4h'')dnl
dnl define(`confTO_QUEUERETURN'', `5d'')dnl
dnl define(`confQUEUE_LA'', `12'')dnl
dnl define(`confREFUSE_LA'', `18'')dnl
define(`confTO_IDENT'', `0'')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa'',`dnl'')dnl        
FEATURE(`smrsh'',`/usr/sbin/smrsh'')dnl
FEATURE(`mailertable'',`hash -o /etc/mail/mailertable.db'')dnl
FEATURE(`virtusertable'',`hash -o /etc/mail/virtusertable.db'')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`'',`procmail -t -Y -a $h -d $u'')dnl
FEATURE(`access_db'',`hash -T<TMPF> -o /etc/mail/access.db'')dnl
FEATURE(`blacklist_recipients'')dnl
EXPOSED_USER(`root'')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA'')dnl   //设置成0.0.0.0方可接收外部邮件，局                                                            //域网邮件服务器可以设成127.0.0.1
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can''t reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea'')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can''t
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn''t support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s'')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl #       a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6'')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains'')dnl
dnl #
dnl FEATURE(`relay_based_on_MX'')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain'')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com'')dnl   //定义sendmail来应答邮件的其它主机名
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl            //定义sendmail使用的邮件传输方法smtp
MAILER(procmail)dnl

完成sendmail.mc文档的编写后就可以用m4程序生成正式的sendmail.cf配置文档。语法如
下：
# m4 sendmail.mc > sendmail.cf
检测SMTP认证
# telnet myname.3322.org 25
Trying 159.226.XX.XX...
Connected to mail.myname.3322.org (159.226.XX.XX).
Escape character is ''^]''.
220 mail.myname.3322.org ESMTP Sendmail 8.12.10/8.12.10; Wed, 16 May 2007 17:24:38 +0800
ehlo myname.3322.org (输入此命令)
250-mail.myname.3322.org Hello mail.myname.3322.org [159.226.XX.XX], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN (出现此行代表设定正确)
250-DELIVERBY
250 HELP
^] ---ctrl+]中断
telnet> q ---q退出
Connection closed.

2.2设定收发限制
修改/etc/mail/access:
localhost       RELAY
159.226         RELAY
localhost.localdomain   RELAY
127.0.0.1                       RELAY
然后
# makemap -v hash /etc/mail/access < /etc/mail/access

2.3将主机域名加到/etc/mail/local-host-names文件中内容如下：
myname.3322.org                     //好像也是非必须

3设定POP与IMAP服务器.

1) 首先确定/etc/servicese有以下内容
pop2 109/tcp pop-2 postoffice # POP version 2
pop2 109/udp pop-2
pop3 110/tcp pop-3 # POP version 3
pop3 110/udp pop-3
.......
imap 143/tcp imap2 # Interim Mail Access Proto v2
imap 143/udp imap2
利用xinetd启动POP,IMAP,
# vi /etc/xinetd.d/imap
service imap
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/imapd
log_on_success += HOST DURATION
log_on_failure += HOST
}
[root@mis010 /]# vi /etc/xinetd.d/ipop3
service pop3
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/ipop3d
log_on_success += HOST DURATION
log_on_failure += HOST
}
[root@mis010 /]# vi /etc/xinetd.d/ipop2
service pop2
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/ipop2d
log_on_success += HOST DURATION
log_on_failure += HOST
}
让xinetd重新读取设定值.
# /etc/rc.d/init.d/xinetd reload
测试POP3
telnet myname.3322.org 110
测试imap
telnet myname.3322.org 53

4安装squirrelmail

(这是一个比较流行的webmail程序，使用php4开发，可以使用它来基于web收发邮件)

4.1下载squirrelmail-1.4.10a.tar.gz
4.2安装:
解压后复制到/var/www/html/squirrelmail
4.3配置squirrelmail
# /var/www/html/squirrelmail/configure
1)配置基本信息,需要配置的是组织名称,登录logo,logo大小,标题,这些都可以后来配置,首先要配置的是:第5项和第6项,配置的值分别是空格(5项)和ISO-2022-CN(6项目)
2)配置服务器参数，domain: 配置为的邮件服务器的域(这里为myname.3322.org),Sendmail or SMTP:配置为sendmail输入R返回
4)进入常规配置
配置1. Data Directory: /var/www/html/squirrelmail/data/
配置2. Attachment Directory: /var/www/html/squirrelmail/attachments/    （可能需要自己创建）
返回;
8)进入插件管理,添加所由插件(输入数字可以选择),返回;选择S,保存数据,选择Q退出）

5测试

5.1创建测试帐号：
#useradd  -s /bin/false  test  #passwd  test
5.2启动apache,使用如下命令：
#service  httpd  start
5.3测试
在浏览起中输入http://myname.3322.org/squirrelmail/,使用test登录，即可进行邮件的收发了。

6小结

目前163,sina,mails.tsinghua.edu.cn,mails.gucas.ac.cn,home.ipe.ac.cn,gmail均可向该邮箱发信，其中sina,mails.tsinghua无法接受该邮箱发信，怀疑是由于该邮箱采用3322.org后缀，直接被过滤
另外由于3322.org绑定域名不支持反向域名解析，可能会有部分公网邮箱收不到该邮箱发信（目前没有遇到）
同时还需要进一步加强安全性防范