最後更新: 2015-11-18
目錄
- 查看系統狀態
- Access Map
- Aliases
- 設定
- 本地的 hostname
- smmsp
- RBL
- Queue 的位置
- Queue Life
- ~/.forward
- Flush Mail In Queue
- 如何快速清除 Sendmail Queue
- Login Log
- mailstats
- Multiple Domain Single User
- Running
- ratecontrol 與 conncontrol
- reverse DNS
- Virtusertable
- Message Size
- SMARTHOST
- delay_checks
- Log 分析
- 參考
查看系統狀態
/etc/init.d/sendmail status
# CentOS release 4.8
running:
sendmail (pid 1884 1875) is running...
stop:
sendmail is stopped
Access Map
/etc/mail/access
Connect:192.168.1.7 RELAY Connect:192.168.2 RELAY <-- access 裡面大概只能支援 A/B/C Class 的網域 Connect:224 REJECT from:[email protected] REJECT
makemap:
makemap hash /etc/mail/access.db < /etc/mail/access
可用的 action:
- REJECT
- OK
- RELAY
- DISCARD
- "XYZ sdfsdfsdf"
Connect:localhost RELAY GreetPause:localhost 0 ClientRate:localhost 0 ClientConn:localhost 0 Connect:127 RELAY GreetPause:127 0 ClientRate:127 0 ClientConn:127 0 Connect:[IPv6:::1] RELAY GreetPause:[IPv6:::1] 0 ClientRate:[IPv6:::1] 0 ClientConn:[IPv6:::1] 0 # # Whitelisted users # Spam:postmaster@ FRIEND Spam:abuse@ FRIEND Spam:spam@ FRIEND # # Blacklisted users # reject@ REJECT # # Block invalid IPs # Connect:0 REJECT Connect:169.254 REJECT Connect:192.0.2 REJECT Connect:224 REJECT Connect:255 REJECT
查看 makemap 支援的 format:
makemap -l
hash
btree
Makefile <-- 它的 premission 要係 770
Toubleshoot:
Domain of sender address XXXXXX does not exist
sendmail disable sender domain check
FEATURE(accept_unresolvable_domains) FEATURE(accept_unqualified_senders)
FEATURE(access_db)
- REJECT
- OK
- RELAY
- DISCARD
- "XYZ sdfsdfsdf" XYZ is an RFC 821 compliant error code and "some other text" is an error message.
i.e.
[email protected] OK
i.e.
spammer@ "501 Get a real address."
Aliases
/etc/aliases
postmaster: root, admin
更新
newaliases
/etc/mail/aliases: 14 aliases, longest 10 bytes, 155 bytes total
Remark:
當 /etc/mail/aliases.db 比 aliases 舊時, Sendmail 是會出 warning 的
alias database /etc/mail/aliases.db out of date
設定
更新設定檔
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
註解:
*.mc 的註解符: #, dnl
.conf 的註解符: dnl
sendmail.mc:
divert(-1)dnl <--- will cause all output to cease. divert(0)dnl <--- restores regular output. OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl dnl # 這裡設定 sendmail listen 兩個 port DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=0.0.0.0')dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, Addr=127.0.0.1')dnl dnl # Stop connections that overflow our concurrent and time connection rates FEATURE(`delay_checks')dnl FEATURE(`delay_checks', `friend', `n')dnl FEATURE(`conncontrol', `nodelay', `terminate')dnl FEATURE(`ratecontrol', `nodelay', `terminate')dnl FEATURE(`greet_pause', `1000')dnl 1 seconds FEATURE(`access_db', , `skip')dnl dnl # If we get too many bad recipients, slow things down... define(`confBAD_RCPT_THROTTLE',`3')dnl define(`ALIAS_FILE', `/etc/aliases') LOCAL_DOMAIN(`mydomain.com')dnl dnl # Masquerading options MASQUERADE_AS(`mydomain.com')dnl FEATURE(`always_add_domain')dnl FEATURE(`allmasquerade')dnl FEATURE(`masquerade_envelope')dnl MAILER(local) MAILER(smtp)
Masquerading options
dnl # Masquerading options
MASQUERADE_AS(`x.x.x')dnl FEATURE(`always_add_domain')dnl
dnl # this feature will cause recipient addresses to also masquerade as being from the masquerade host.
FEATURE(`allmasquerade')dnl
dnl # this feature will cause envelope addresses to also masquerade as being from the masquerade host.
dnl # Normally only the header addresses are masqueraded.
FEATURE(`masquerade_envelope')dnl
Sendmail listen multiple ports
DAEMON_OPTIONS(`Port=125,Addr=0.0.0.0, Name=MTA')dnl DAEMON_OPTIONS(`Port=25,Addr=0.0.0.0, Name=MTA')dnl
本地的 hostname
/etc/mail/local-host-names
smmsp
在 Sendmail 8.12.x, 8.13.x, or 8.14.x 上, Sendmail 的系統 User 是 smmsp
一般而言, 他如下
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
RBL
設定
FEATURE(rbl,`rbl.host.net')
Version 8.11 之後 Sendmail 再沒有用 rbl 功能, 改為用了 dnsbl
FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
log
Mar 15 11:08:36 myit-school sendmail[10132]: ruleset=check_relay, arg1=[154.73.45.58], arg2=127.0.0.2, relay=[154.73.45.58],
reject=553 5.3.0 Spam blocked see: http://spamcop.net/bl.shtml?154.73.45.58
Remark
此 setting 要放先過 "MAILER(smtp)dnl"
Queue 的位置
/var/spool/mqueue
Queue Life
Dafault: 5 days
Example:
sendmail.mc:
- define(`confTO_QUEUERETURN', `3d')dnl
- define(`confTO_QUEUERETURN', `1h')dnl
/etc/sysconfig/sendmail
/usr/sbin/sendmail -bd -q30m
daemon 會每 30 嘗試 re-send mail 一次
QUEUE=時間
/etc/sysconfig/sendmail
DAEMON=yes QUEUE=1h
~/.forward
\user1 <-- 自己 ( To avoid mail loop, "\" tells it not to expand that entry ) /home/user1/mail/in.backup <-- 會有一份 append 入去 user2 <-- 別人 [email protected] <-- 街外
在 Server 上會見到類似的 log:
Dec 3 17:48:46 cntunnelmail sendmail[10910]: qB39mhAi010905: to=\\user1, delay=00:00:02, xdelay=00:00:00,
mailer=local, pri=122609, dsn=2.0.0, stat=Sent
Dec 3 17:48:46 cntunnelmail sendmail[10910]: qB39mhAi010905: to=user1, delay=00:00:02, xdelay=00:00:00,
mailer=local, pri=122609, dsn=2.0.0, stat=Sent
Flush mail in queue
# it will flush all pending mails.
sendmail -v -q in root prompt.
- -v Go into verbose mode
- -q process the queue once
perticular domain or user or recepitience mail to delete use this command
sendmail -qS -v test.com
sendmail -qR -v hotmail.com
如何快速清除 Sendmail Queue
1) By rm cli
rm -f /var/spool/mqueue/df*
rm -f /var/spool/mqueue/qf*
2) By find cli
cd /var/spool/mqueue
# 使用 find 的原因是當有很多 mail 時, rm -f * 是行唔到的 !!
find -type f ./ | xargs rm
每 e-mail 有兩個 file
qf??????? <-- header
df??????? <-- body
在另一地方行 sendmail 的 queue
sendmail -oQ/var/spool/mqueue.bak -q -v
will process the mail queue (-q) located in /var/spool/mqueue-fixme (-oQ/var/spool/mqueue-fixme) verbosely one message at a time (-v).
Login Log
<日期> mail sendmail[3658]: AUTH=server, relay=<domain> [IP] (may be forged), authid=test, mech=LOGIN, bits=0
mailstats(StatusFile)
mailstats - display mail statistics <--- sendmail 工具
M The mailer number.
msgsfr Number of messages from the mailer.
msgsto Number of messages to the mailer.
T totaling the values for all of the mailers is displayed
C number of TCP connections
Mailer
* esmtp
* local
StatusFile
grep StatusFile /etc/mail/sendmail.cf
/var/log/mail/statistics <--- 可以用 -f 指定
mailstats -p
-p Output information in program-readable mode and clear statistics.
Multiple Domain Single User
方法1:
在 sendmail.mc 加入 FEATURE(`use_cw_file')dnl
之後在 /etc/mail/local-host-names 加入要收 mail 的本地 Domain
雖然不用 compile 它, 不過要 restart sendmail 才有效.
方法2:
# 一個 Domain 加一句
LOCAL_DOMAIN(`alias.host.name')
Running
/usr/sbin/sendmail -bd -q10m
-bd argument tells sendmail to run as a daemon.
-q10m argument tells sendmail to check its queue every ten minutes.
ratecontrol 與 conncontrol
ratecontrol: Enable simple ruleset to do connection rate control checking.
This requires entries in access_db of the form
ClientRate:IP.ADD.RE.SS LIMIT
The RHS specifies the maximum number of connections
(an integer number) over the time interval defined
by ConnectionRateWindowSize, where 0 means unlimited.
Take the following example:
ClientRate:10.1.2.3 4 ClientRate:127.0.0.1 0 ClientRate: 10
10.1.2.3 can only make up to 4 connections, the
general limit it 10, and 127.0.0.1 can make an unlimited
number of connections per ConnectionRateWindowSize.
ConnectionRateWindowSize
ConnectionRateWindowSize 60s <--- Default 60s, 在 Debain 上是 10m
conncontrol Enable a simple check of the number of incoming SMTP
connections. This requires entries in access_db of the
form
ClientConn:IP.ADD.RE.SS LIMIT
The RHS specifies the maximum number of open connections (an integer number).
Take the following example:
ClientConn:10.1.2.3 4 ClientConn:127.0.0.1 0 <--- does not have any explicit limit ClientConn: 10 <--- general limit
reverse DNS
FEATURE(require_rdns)
Virtusertable
Sendmail Virtusertable
設定: sendmail.mc
FEATURE(access_db, `hash -o /etc/mail/access')dnl FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')dnl
virtusertable:
# 一定要用 <TAB> 分開
virtusertable.db
[email protected] ohn <--- local [email protected] [email protected] <--- remote @freebsdhelp.org big <--- catch all
更新:
makemap hash virtusertable.db < virtusertable
此外, 還要設定幫那麼 domain 做 relay
makemap hash /etc/mail/access.db < /etc/mail/access
freebsd.org RELAY freebsdhelp.org RELAY anyotherdomain.com RELAY
Message_Size
# Add this to your sendmail.mc
# Unit: bytes, 10Mbyte
define(`confMAX_MESSAGE_SIZE', `10485760')dnl
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
Remark
grep MaxMessageSize /etc/mail/sendmail.cf
O MaxMessageSize=10000000
SMARTHOST
/etc/mail/sendmail.mc
define(`SMART_HOST',`smtp.example.com')
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart
log
Mar 15 11:07:49 myit-school sendmail[10112]: u2F37jMp010110: to=<tim@receiver>, ctladdr=<sysadmin@sender> (503/503),
delay=00:00:04, xdelay=00:00:04, mailer=relay, pri=121238, relay=mail.on-nets.com. [202.134.61.184],
dsn=2.0.0, stat=Sent (Ok: queued as C31E940783)
delay_checks
By using FEATURE(`delay_checks') the rulesets "check_mail" and "check_relay" will not be called when a client connects or issues a "MAIL command", respectively.
Instead, those rulesets will be called by the "check_rcpt" ruleset; they will be skipped if a sender has been authenticated using a "trusted" mechanism
LOG:
Feb 15 11:34:16 mail sendmail[17379]: u1F3YGRW017379: ruleset=check_rcpt, arg1=<tim@mydomain>, relay=xxxx.ctinets.com [x.x.x.x], reject=550 5.7.1 <tim@mydomain>... Relaying denied
If check_mail returns an error then the RCPT TO command will be rejected with that error. If it returns some other result starting with $# then check_relay will be skipped. If the sender address (or a part of it) is listed in the access map and it has a RHS of OK or RELAY, then check_relay will be skipped.
Log 分析
Nov 26 15:34:28 CentOS-Server sendmail[17390]: My unqualified host name (CentOS-Server) unknown; sleeping for retry
Nov 26 04:25:42 CentOS-Server sendmail[24445]: qAOEaxbC003200: to=<???@???>, ctladdr=<apache@LOCAL-SERVER> (48/48), delay=1+05:48:43, xdelay=00:00:03, mailer=esmtp, pri=2831701, relay=???. [0.0.0.0], dsn=4.0.0, stat=Deferred: 421 Refused. The domain of your sender address has no mail exchanger (MX).
log 的格式:
<date> <host> sendmail[pid]: <qid>: <what>=<value>,
Delay(delay=days+HH:MM::SS)
The total message delay
Xdelay
actual final delivery
Ctladdr
The "controlling" user", that is, the name of the user whose credentials we use for delivery.
Specify outgoing HELO with sendmail
define(confHELO_NAME,`something.not.the.same.as.the.domain.name')
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart
sendmail DNS service
/etc/mail/service.switch
# use /etc/hosts ONLY hosts files aliases files