3.third-party mail relay
附另外一篇文章(文章荟萃)----sendmail 8.9.3 mail relay规则简介
公司防火墙上sendmail配置举例
divert(-1)
include(`/usr/lib/sendmail-cf/m4/cf.m4')
dnl let's define our OS type. This one is mandatory.
OSTYPE(`Linux')dnl
define(`confDEF_USER_ID',``8:12'')
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noeXPn,novrfy')dnl
define(`confTO_QUEUERETURN', `4d')dnl
define(`confTO_QUEUEWARN', `4h')dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
undefine(`UUCP_RELAY')dnl
undefine(`B99vNET_RELAY') dnl
FEATURE(`redirect')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`local_procmail')dnl
FEATURE(`nouucp')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
FEATURE(`domaintable',`hash -o /etc/mail/domaintable')
FEATURE(`Access_db', `hash -o /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
MAILER(procmail)dnl
MAILER(smtp)dnl
use_cw_file
默认为/etc/sendmail.cw文件,指明了属于本地域处理的域名,发到这个域下的邮件为本地邮件。不要在
防火墙上设置company.com到sendmai.cw中,在内部网段上的邮件服务器上设置它。更新该文件不需要重
启sendmail
* How do I make all my addresses appear to be from a single host?
Using the V8 configuration macros, use:
MASQUERADE_AS(my.dom.ain)
This will cause all addresses to be sent out as being from the indicated domain.
If you're using version 8.7 sendmail, and you want to hide this information in the envelope
as well as the headers, use:
FEATURE(masquerade_envelope)
If you also want to masquerade the recipients, use
FEATURE(allmasquerade)
Mailertable
用这个特性可跨越DNS和DNS MX记录而relay mail。也可跨越Smart_host(DSxxxx)项.
如 company.com relay:[192.168.11.1]
从防火墙上接收的发往company.com的邮件relay到192.168.11.1
Include a "mailer table" which can be used to override
[1] [2] [3] 下一页
routing for particular domains. The argument of the
FEATURE may be the key definition. If none is specified,
the definition used is:
hash -o /etc/mailertable
Keys in this database are fully qualified domain names
or partial domains preceded by a dot -- for example,
"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".
Values must be of the form:
mailer:domain
where "mailer" is the internal mailer name, and "domain"
is where to send the message. These maps are not
reflected into the message header. As a special case,
the forms:
local:user
will forward to the indicated user using the local mailer,
local:
will forward to the original user in the e-mail address
using the local mailer, and
error:code message
will give an error message with the indicated code and
message.
Domaintable
域替换操作。
如果容易打错,发往company.com的邮件误写为compayn.com则加入一行
compayn.com company.com
Access.db
数据库记录包含两部分:the key and the action:
the key能是用户名,域名,或IP地址。
The action能是ok, relay,reject discard, or and RFC821 message
如:
cyberspammer.com 550 we don't accept mail form spammers
okay.cyberspammer.com OK
sendmail.org OK
128.32 relay
Foobar.com reject
[email protected] discard
Virtusertable
Virtusertable用在这样的场合中:
发往本地系统的用户的邮件被重定向到另一个用户.注意一定要是本地用户的邮件,否则不检查virtusertable
数据库文件.如:
在该防火墙上设定company.com到/etc/sendmail.cw中,然后在/etc/mail/virtusertable 加一行
[email protected] [email protected]
virtusertable is a domain-specific form of aliasing, allowing multiple virtual domains to be
hosted on one machine. For example,
if the virtuser table contained:
[email protected] foo-info
[email protected] bar-info
@baz.org
[email protected]
then mail addressed to
[email protected] will be sent to the
address foo-info, mail addressed to
[email protected] will be
delivered to bar-info, and mail addressed to anyone at
baz.org will be sent to
[email protected]. The username
from the original address is passed as %1 allowing:
@foo.org %
[email protected]
meaning
[email protected] will be sent to
[email protected].
All the host names on the left hand side (foo.com, bar.com,
and baz.org) must be in $=w. The default map definition is:
hash -o /etc/virtusertable
FEATURE(genericstable,`hash -o /etc/mail/genericstable'):
Use a hashed table with masquerading information. The unhashed file looks like this:
上一页 [1] [2] [3] 下一页
bg
[email protected]
root
[email protected]
nobody
[email protected]
This file will tell sendmail to rewrite the FROM addresses of your mail, so you will be able
to relay all you mail over your ISPs mail server. The first row contains the local address,
the second one the address which should be used instead. In order for sendmail to read this
file you have to hash it with this command:
makemap -r hash genericstable.db < genericstable
GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain'):
You have to add you local domain name to this file, so sendmail knows what mail is local and
has to be masqueraded. To get you local domain, run "hostname".
FAQ: * I'm getting "Local configuration error" messages, such as:
553 MX list for domain.net points back to relay.domain.net
554 ... Local configuration error
How can I solve this problem?
You have asked mail to the domain (e.g., domain.net) to be forwarded to a specific
host (in this case, relay.domain.net) by using an MX record, but the relay machine
doesn't recognize itself as domain.net. Add domain.net to /etc/sendmail.cw (if you
are using FEATURE(use_cw_file)) or add "Cw domain.net" to your configuration file.
IMPORTANT: When making changes to your configuration file, be sure you kill and
restart the sendmail daemon (for ANY change in the configuration, not just this one):
kill `head -1 /etc/sendmail.pid`
sh -c "`tail -1 /etc/sendmail.pid`"
Mail for the Home Network ------the Stand Alone Config
FEATURE(always_add_domain)dnl
这是被建议的选项,这个特性强迫local or program mailer需要全称域名
FEATURE(allmasquerade)
我在防火墙上用这个特性强迫所有的邮件象是来自站点的正式域名,你需要联合 MASQUERADE_AS特性
FEATURE(masquerade_entire_domain)
这个特性强迫你的域内的任何主机象是来自同一个域
FEATURE(masquerade_envelope)
MASQUERADE_AS(company.com)
明显地,这是为上面的伪装特性定义的值
MASQUERADE_DOMAIN( company.com othername.com )
如果你有多个内部域名,想伪装为同一个公司域名
环境:
考虑这样的情况:一个公司运行一台Sendmail的Linux邮件服务器,这台机器连有LAN,但通过PPP连接,
Cable modem,or DSL连接上网通过ISP的邮件主机发送邮件. 且该机器上有两个用户jephe and hongyi
(用windows机器向company.com发送邮件),域名为company.com,ISP 域名为isp.net,邮件主机为
mail.isp.net且两人在isp.net上有相同帐号
[email protected] and
[email protected]
要求:
(出处:http://www.sheup.com)
上一页 [1] [2] [3]
kill `head -1 /etc/sendmail.pid`
sh -c "`tail -1 /etc/sendmail.pid`"
Mail for the Home Network ------the Stand Alone Config
FEATURE(always_add_domain)dnl
这是被建议的选项,这个特性强迫local or program mailer需要全称域名
FEATURE(allmasquerade)
我在防火墙上用这个特性强迫所有的邮件象是来自站点的正式域名,你需要联合 MASQUERADE_AS特性
FEATURE(masquerade_entire_domain)
这个特性强迫你的域内的任何主机象是来自同一个域
FEATURE(masquerade_envelope)
MASQUERADE_AS(company.com)
明显地,这是为上面的伪装特性定义的值
MASQUERADE_DOMAIN( company.com othername.com )
如果你有多个内部域名,想伪装为同一个公司域名
环境:
考虑这样的情况:一个公司运行一台Sendmail的Linux邮件服务器,这台机器连有LAN,但通过PPP连接,
Cable modem,or DSL连接上网通过ISP的邮件主机发送邮件. 且该机器上有两个用户jephe and hongyi
(用windows机器向company.com发送邮件),域名为company.com,ISP 域名为isp.net,邮件主机为
mail.isp.net且两人在isp.net上有相同帐号
[email protected] and
[email protected]
要求:
(出处:http://www.sheup.com)
上一页 [1] [2] [3] [4]
这个特性强迫你的域内的任何主机象是来自同一个域
FEATURE(masquerade_envelope)
MASQUERADE_AS(company.com)
明显地,这是为上面的伪装特性定义的值
MASQUERADE_DOMAIN( company.com othername.com )
如果你有多个内部域名,想伪装为同一个公司域名
环境:
考虑这样的情况:一个公司运行一台Sendmail的Linux邮件服务器,这台机器连有LAN,但通过PPP连接,
Cable modem,or DSL连接上网通过ISP的邮件主机发送邮件. 且该机器上有两个用户jephe and hongyi
(用windows机器向company.com发送邮件),域名为company.com,ISP 域名为isp.net,邮件主机为
mail.isp.net且两人在isp.net上有相同帐号
[email protected] and
[email protected]
要求:
(出处:http://www.sheup.com/)
上一页 [1] [2] [3] [4] [5]