Sendmail + SSL + SASL, QPopper - 윈디하나의 솔라나라
|
/etc/mail/sendmail.cf설정 뿐만 아니라 domain 설정(특히 MX필드)이 올바르게 되어있어야 한다. 즉 제대로 따라한것 같은데 주고 받는게 안된다면 도메인 설정도 의심해보는 것이 좋다./var/log/syslog, /var/adm/messages. 이 두개의 로그 파일이 SENDMAIL의 로그파일이다. 뭔가 문제가 있다면 이 두 로그 파일을 읽어보자.MTA는 받은 메일 내용을 서버의 메일 디렉토리 (/var/mail)에 파일로 저장한다. 저장된 파일을 MUA로 가져오기 위한 프로토콜이 POP3이다. MUA는 메일 서버에 떠 있는 POP3데몬과 통신하기 위해 POP3프로토콜을 사용한다.MUA → MTA → …… → MTA → MDA → MUA요즘엔 아래와 같이 전달된다.
MUA → MSA → MTA → …… → MTA → MDA → (MRA) → MUA
root@wl ~ # wget ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.26.tar.gz root@wl ~ # tar xvfz cyrus-sasl-2.1.26.tar.gz root@wl ~ # cd cyrus-sasl-2.1.26 root@wl ~/cyrus-sasl-2.1.26 # ./configure \ --enable-login \ --with-pwcheck \ --disable-digest \ --disable-srp \ --disable-krb4 \ --disable-gssapi \ --disable-anon \ CFLAGS="-m64" root@wl ~/cyrus-sasl-2.1.26 # vi ./lib/saslutil.c //extern int gethostname(char *, int); root@wl ~/cyrus-sasl-2.1.26 # make root@wl ~/cyrus-sasl-2.1.26 # make install root@wl ~/cyrus-sasl-2.1.26 # ln -s /usr/local/lib/sasl2 /usr/lib/sasl2 1) root@wl ~/cyrus-sasl-2.1.26 # mkdir -p /var/state/saslauthd 2) root@wl ~/cyrus-sasl-2.1.26 # vi /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: saslauthd root@wl ~/cyrus-sasl-2.1.26 # /usr/local/sbin/saslauthd -v 3) saslauthd 2.1.21 authentication mechanisms: getpwent pam rimap shadow root@wl ~/cyrus-sasl-2.1.26 # /usr/local/sbin/saslauthd -a pam 4) root@wl ~/cyrus-sasl-2.1.26 # vi /etc/init.d/saslauthd 5) #!/bin/sh case "$1" in start) /usr/local/sbin/saslauthd -a pam ;; stop) pkill saslauthd ;; *) echo "Usage: saslauthd {start|stop}" exit 1 esac exit 0 root@wl ~/cyrus-sasl-2.1.26 # chmod 744 /etc/init.d/saslauthd root@wl ~/cyrus-sasl-2.1.26 # ln -s /etc/init.d/saslauthd /etc/rc2.d/S87saslauthd root@wl ~/cyrus-sasl-2.1.26 # ln -s /etc/init.d/saslauthd /etc/rc0.d/K37saslauthd root@wl ~/cyrus-sasl-2.1.26 # ln -s /etc/init.d/saslauthd /etc/rc1.d/K37saslauthd root@wl ~/cyrus-sasl-2.1.26 # ln -s /etc/init.d/saslauthd /etc/rcS.d/K37saslauthd1) 간혹 sasl2라이브러리를 /usr/lib/sasl2에서 찾는 프로그램이 있다. 이를 위해 심볼릭 링크를 걸어주었다.
root@wl ~ # svcadm disable sendmail 1) root@wl ~ # pkgrm SUNWsndmu 1) root@wl ~ # pkgrm SUNWsndmr 1)계정 생성확인 2)
root@wl ~ # cat /etc/group | grep smmsp smmsp::25: root@wl ~ # cat /etc/passwd | grep smmsp smmsp:x:25:25:SendMail Message Submission Program:/:설치
root@wl ~/src # wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz root@wl ~/src # tar xvfz sendmail.8.15.2.tar.gz root@wl ~/src # cd sendmail-8.15.2 root@wl ~/src/sendmail-8.15.2 # cp ./devtools/Site/site.config.m4.sample ./devtools/Site/site.config.m4 root@wl ~/src/sendmail-8.15.2 # vi ./devtools/Site/site.config.m4 3) ... dnl ### C compiler settings APPENDDEF(`confENVDEF', `-m64') APPENDDEF(`confLIBS', `-m64') dnl APPENDDEF(`confMAPDEF', `-DNIS') dnl APPENDDEF(`confMAPDEF', `-DNISPLUS') dnl ### makemap APPENDDEF(`confMAPDEF', `-DNEWDB') APPENDDEF(`confLIBDIRS', `-L/usr/local/db/lib -R/usr/local/db/lib') APPENDDEF(`confINCDIRS', `-I/usr/local/db/include') dnl ### SASLv2 Support APPENDDEF(`confENVDEF', `-DSASL=2') APPENDDEF(`conf_sendmail_LIBS', `-lsasl2') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl2 -R/usr/local/lib/sasl2') APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl') dnl ### LDAP Support for Solaris APPENDDEF(`confMAPDEF', `-DLDAPMAP') APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE') APPENDDEF(`confLIBS', `-lldap') root@wl ~/sendmail-8.15.2 # wget https://bugzilla.redhat.com/attachment.cgi?id=1226889 root@wl ~/sendmail-8.15.2 # patch -p0 < sendmail-8.15.2-openssl11.patch ... File to patch: ./sendmail/tls.c ... root@wl ~/sendmail-8.15.2 # ./Build 4) root@wl ~/sendmail-8.15.2 # mkdir /usr/share/man/cat1; mkdir /usr/share/man/cat5; mkdir /usr/share/man/cat8 5) root@wl ~/sendmail-8.15.2 # ./Build -E DESTDIR=/usr/local/sendmail install root@wl ~/sendmail-8.15.2 # cp obj.`uname -s`.`uname -r`.`uname -i`/mail.local/mail.local /usr/lib 6) root@wl ~/sendmail-8.15.2 # ln -s /usr/local/lib/libsasl2.so.2 /usr/lib/libsasl2.so.2 7) root@wl ~/sendmail-8.15.2 # ln -s /usr/local/ssl/lib/libssl.so.1.0.0 /usr/lib/libssl.so.1.0.0 root@wl ~/sendmail-8.15.2 # ln -s /usr/local/ssl/lib/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.1.0.0 root@wl ~/sendmail-8.15.2 # /usr/lib/sendmail -d0 < /dev/null 8) Version 8.15.2 Compiled with: DNSMAP IPV6_FULL LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB PIPELINING SASLv2 SCANF STARTTLS USERDB USE_LDAP_INIT XDEBUG ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = wl (canonical domain name) $j = wl.local. (subdomain name) $m = local. (node name) $k = wl ======================================================== Recipient names must be specified1) 솔라리스에 번들된 Sendmail을 삭제한다.
/usr/local/man 아래의 적당한 곳으로 가도록 Build 파일을 수정해도 된다.root@wl ~/src/sendmail-8.14.4 # cd ./cf/cf 1) root@wl ~/src/sendmail-8.14.4/cf/cf # cp generic-solaris.mc sendmail.mc 2) root@wl ~/src/sendmail-8.14.4/cf/cf # vi sendmail.mc 3) define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl define(`CERT_DIR', `/usr/local/ssl/certs') define(`confCACERT', `CERT_DIR/ca.crt') define(`confCACERT_PATH', `CERT_DIR') define(`confSERVER_CERT', `CERT_DIR/signed-req.pem') define(`confSERVER_KEY', `CERT_DIR/req.key') define(`confCLIENT_CERT', `CERT_DIR/signed-req.pem') define(`confCLIENT_KEY', `CERT_DIR/req.key') FEATURE(dnsbl, `spamlist.or.kr', `Rejected ($&{client_addr}) - see http://www.kisarbl.or.kr/')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl FEATURE(`smrsh',`/usr/lib/smrsh')dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(`always_add_domain')dnl FEATURE(`accept_unqualified_senders')dnl FEATURE(`accept_unresolvable_domains')dnl FEATURE(`relay_entire_domain')dnl root@wl ~/src/sendmail-8.14.4/cf/cf # ./Build sendmail.cf 4) root@wl ~/src/sendmail-8.14.4/cf/cf # cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.old 5) root@wl ~/src/sendmail-8.14.4/cf/cf # cp /etc/mail/submit.cf /etc/mail/submit.cf.old root@wl ~/src/sendmail-8.14.4/cf/cf # ./Build install-cf 6)1) cf 디렉토리안의 cf 디렉토리로 이동한다.
DOMAIN(generic)dnl 아래에 위 내용을 붙이면 된다.sendmail.cf와 submit.cf가 생성될 것이다.sendmail.cf와 submit.cf를 /etc/mail로 복사될 것이다.root@wl /etc/mail # vi trusted-users 1) root root@wl /etc/mail # vi local-host-names 2) mydomain.com solanara.net root@wl /etc/mail # vi relay-domains 3) solanara.net root@wl /etc/mail # vi access 4) 127.0.0.1 RELAY 192.168.0 RELAY spam.com REJECT root@wl /etc/mail # makemap hash access < access root@wl /etc/mail # vi virtusertable 5) admin@solanara.net hana admin@solanara2.net hana2 root@wl /etc/mail # makemap hash virtusertable < virtusertable root@wl /etc/mail # vi aliases 6) # The program "newaliases" must be run after this file is updated # for any changes to show through to sendmail. # The following alias is required by the mail protocol, RFC 2821 # Set it to the address of a HUMAN who deals with this system's mail problems. postmaster: root # Alias for mailer daemon; returned messages from our MAILER-DAEMON # should be routed to our local Postmaster. MAILER-DAEMON: postmaster # General redirections for pseudo accounts. bin: root daemon: root system: root toor: root uucp: root manager: root dumper: root operator: root decode: root nobody: /dev/null root@wl /etc/mail # mkdir /var/spool/mqueue/ 7) root@wl /etc/mail # chown root:bin /var/spool/mqueue/ root@wl /etc/mail # chmod 750 /var/spool/mqueue/ root@wl /etc/mail # newaliases 8)1) 루트사용자를 지정한다.
root@wl /etc/mail # vi /etc/init.d/sendmail
#!/bin/sh
# 출처 모름. 윈디하나가 만든건 아님 ^^
version=`echo \$Z | /usr/lib/sendmail -bt -d0 | grep Version | awk '{print $2}'`
case "$1" in
start)
# Start daemons.
echo "Starting Sendmail $version"
# Enable the below line to set serious logging for trouble shooting
# /usr/lib/sendmail -O LogLevel=14 -L sm-mta -bd -q1h
/usr/lib/sendmail -L sm-mta -bd -q1h
/usr/lib/sendmail -L sm-msp-queue -Ac -q30m
;;
stop)
# Stop daemons.
echo "Shutting down Sendmail $version"
kill `cat /var/run/sendmail.pid | head -1`
kill `cat /var/spool/clientmqueue/sm-client.pid | head -1`
;;
*)
echo "Usage: sendmail {start|stop}"
exit 1
esac
exit 0
root@wl /etc/mail # chmod 744 /etc/init.d/sendmail
root@wl /etc/mail # ln -s /etc/init.d/sendmail /etc/rc0.d/K36sendmail
root@wl /etc/mail # ln -s /etc/init.d/sendmail /etc/rc1.d/K36sendmail
root@wl /etc/mail # ln -s /etc/init.d/sendmail /etc/rc2.d/S88sendmail
root@wl /etc/mail # ln -s /etc/init.d/sendmail /etc/rcS.d/K36sendmail
root@wl /etc/mail # /etc/init.d/sendmail start
root@wl ~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 wl.local. ESMTP Sendmail 8.14.4/8.14.4; Tue, 15 Feb 2011 10:51:21 +0900 (KST) EHLO localhost 250-wl.local. Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 PLAIN LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP quit 221 2.0.0 wl.local. closing connection Connection to localhost closed by foreign host. root@wl ~ #
소스를 다운로드해 빌드한다.
root@wl ~/src # wget http://www.solanara.net/downloads/public/qpopper4.0.19.tar.gz root@wl ~/src # tar xvfz qpopper4.0.19.tar.gz root@wl ~/src # cd qpopper4.0.19 root@wl ~/qpopper4.0.19 # ./configure \ --enable-specialauth \ --with-openssl=/usr/local/ssl \ --enable-auto-delete \ --enable-shy \ --enable-fast-update \ --enable-timing \ --enable-debugging \ --enable-standalone root@wl ~/src/qpopper4.0.19 # make root@wl ~/src/qpopper4.0.19 # make install1) 디버깅 가능하도록 컴파일 했다. 설치시 디버깅을 위해 트레이스 파일을 참고하기 위함이다. 물론 이 문서 내용대로 하면 문제 없다. 트레이싱 파일의 크기가 크기 때문에 필요 없다면 과감히 이 라인을 삭제한다.
root@wl ~ # mkdir /etc/mail/pop
root@wl ~ # vi /etc/mail/pop/qpopper.config
set tls-support = alternate-port
set tls-version = default
set tls-server-cert-file = /etc/mail/certs/qpopper_cert.pem
set tls-options = 0x00000800
set clear-text-password = tls
set chunky-writes = tls
root@wl ~ # mkdir /etc/mail/certs
root@wl ~ # cat /usr/local/ssl/certs/req.key > /etc/mail/certs/qpopper_cert.pem
root@wl ~ # cat /usr/local/ssl/certs/signed-req.pem >> /etc/mail/certs/qpopper_cert.pem
root@wl ~ # chmod 600 /etc/mail/certs/qpopper_cert.pem
root@wl ~ # vi /etc/init.d/qpopper
#!/bin/sh
case "$1" in
start)
/usr/local/sbin/popper 995 -S -f /etc/mail/pop/qpopper.config
/usr/local/sbin/popper -S -f /etc/mail/pop/qpopper.config
;;
stop)
pkill popper
;;
*)
echo "Usage: qpopper {start|stop}"
exit 1
esac
exit 0
root@wl ~ # chmod 744 /etc/init.d/qpopper
root@wl ~ # ln -s /etc/init.d/qpopper /etc/rc2.d/S99qpopper
root@wl ~ # /usr/local/sbin/popper 995 -S -d -f /etc/mail/pop/qpopper.config -t /var/log/qpoppertrace 1)
root@wl ~ # /usr/local/sbin/popper -S -d -f /etc/mail/pop/qpopper.config -t /var/log/qpoppertrace 2)
1) TLS(995번 포트)를 사용했다. -t /var/log/qpoppertrace 옵션과 -d 옵션을 주면 /var/log/qpoppertrace 에 트레이싱 로그가 저장된다. 문제가 발생하면 열어보면 된다. 트레이싱 로그가 꽤 크기 때문에 주의하자.sendmail.cf에 모든 설정이 들어있기 때문에, OS별로 sendmail.cf 을 생성하는 방법만 알면 설정하는데 어려움이 없다. 일반적으로 m4(1)를 사용해 sendmail.cf를 생성하는데, m4(1)에서 사용할 매크로를 정의하는 파일이 .mc 파일이다. 따라서 OS에 번들된 .mc 파일을 사용해 .cf파일을 만들고 이렇게 만든 파일을 /etc/mail/sendmail.cf에 덮어쓰고 sendmail을 재시작하면 설정이 적용된다.root@wl ~ # cd /etc/mail/cf/cf root@wl /etc/mail/cf/cf # cp sendmail.mc `hostname`.mc root@wl /etc/mail/cf/cf # vi `hostname`.mc MASQUERADE_AS(`solanara.net')dnl root@wl /etc/mail/cf/cf # make `hostname`.cf root@wl /etc/mail/cf/cf # cp `hostname`.cf /etc/mail/sendmail.cf root@wl /etc/mail/cf/cf # svcadm restart sendmail
아래에 몇가지 .mc파일의 예제가 있다.
※ 솔라리스 11 기본
divert(0)dnl VERSIONID(`sendmail.mc (Sun)') OSTYPE(`solaris11')dnl DOMAIN(`solaris-generic')dnl define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl MAILER(`local')dnl MAILER(`smtp')dnl LOCAL_NET_CONFIG R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
※ 인커밍 릴레이: 메일을 받은 경우, 메일을 로컬에 저장하는 대신 타 서버로 메일을 다시 전송한다. 아래예제에서는 relay.mydomain.com으로 모든 메일을 전송한다. 이후 /etc/mail/relay-domains을 수정해야 한다.
divert(0)dnl VERSIONID(`sendmail.mc (Sun)') OSTYPE(`solaris11')dnl DOMAIN(`solaris-antispam')dnl define(`SMART_HOST', 'relay.mydomain.com')dnl FEATURE(`relay_entire_domain')dnl MAILER(`local')dnl MAILER(`smtp')dnl
로컬 전용으로 사용하기
메일을 수신할 필요 없다면 (발신은 가능) 보안을 위해 로컬 전용으로 세팅하는 것도 좋다. 아래와 같이 한다.root@wl ~ # svcadm disable sendmail root@wl ~ # svccfg -s sendmail setprop config/local_only = true root@wl ~ # svcprop -p config/local_only svc:/network/smtp:sendmail true root@wl ~ # svcadm refresh sendmail root@wl ~ # svcadm restart sendmail
/etc/hosts 파일에 호스트 명이 등록되어있는지 확인해본다.
windy@wl ~ $ vi /etc/hosts xxx.xxx.xxx.xxx 호스트명 메일서버도메인명
windy@wl ~ $ mailx -v -s "Test Subject" windy@example.net This is a test mail Ctrl+D ....
windy@wl ~ $ telnet localhost 25 Trying ::1... Connected to wl. Escape character is '^]'. 220 solanara.net ESMTP Sendmail 8.15.1+Sun/8.15.1; Wed, 14 Mar 2018 18:05:45 +0900 (KST) help 214-2.0.0 This is sendmail version 8.15.1+Sun 214-2.0.0 Topics: 214-2.0.0 HELO EHLO MAIL RCPT DATA 214-2.0.0 RSET NOOP QUIT HELP VRFY 214-2.0.0 EXPN VERB ETRN DSN STARTTLS 214-2.0.0 For more info use "HELP <topic>". 214-2.0.0 To report bugs in the implementation see 214-2.0.0 http://www.sendmail.org/email-addresses.html 214-2.0.0 For local information send email to Postmaster at your site. 214 2.0.0 End of HELP info helo solanara.net 250 solanara.net Hello wl [IPv6:::1] (may be forged), pleased to meet you mail from:windy@solanara.net 250 2.1.0 windy@solanara.net... Sender ok rcpt to:windy@example.com 250 2.1.5 windy@example.com... Recipient ok data 354 Enter mail, end with "." on a line by itself subject: This is a Test! to: windy@example.com Test Message . 250 2.0.0 w2E95jZF000334 Message accepted for delivery quit 221 2.0.0 solanara.net closing connection Connection to maid closed by foreign host.
windy@wl /etc/mail $ grep DS sendmail.cf DS windy@wl /etc/mail $ grep Fallback sendmail.cf O FallbackSmartHost=mailhost$?m.$m$.
windy@maid /etc/mail/cf/sh $ /usr/sbin/check-hostname Hostname wl OK: fully qualified as solanara.net windy@maid /etc/mail/cf/sh $ /usr/sbin/check-permissions No unsafe directories found.
| RSS ATOM XHTML 5 CSS3 |
Copyright © 2004-2024 Jo HoSeok. All rights reserved. |