求救！EL4下sendmail奇怪问题

superlj

EL4 update1，配置好了服务器后，客户端接受邮件正常，但是不能够发送邮件，thunderbird总提示输入密码，查看/var/log/messages
Aug  7 17:10:22 myserver sendmail[2902]: unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug  7 17:10:22 myserver sendmail[2902]: unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug  7 17:10:22 myserver sendmail[2902]: no secret in database
我没有设定这个什么sasldb2啊，不知道那里配置配错了:

重装必要的包
sendmail-8.13.1-2
sendmail-cf-8.13.1-2
dovecot-0.99.11-2.EL4.1
修改配置文件:
/etc/dovecot.conf
protocols = imap imaps pop3 pop3s

/etc/mail/sendmail.mc
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

/etc/mail/local-host-names
加入我的主机myserver.jluexp.org

/etc/mail/access
172.16.95  RELAY
jluexp.org  RELAY

然后在/etc/mail/下m4 senmail.mc > senmail.cf

启动服务sendmail/dovecot，日志显示都成功。

jason_zhangwz

是否可以贴一下sendmail.mc和sendmail.cf

superlj

1. 
   
2. 
   
3. [root@localhost ~]# cat /etc/mail/sendmail.mc
   
4. divert(-1)dnl
   
5. dnl #
   
6. dnl # This is the sendmail macro config file for m4. If you make changes to
   
7. dnl # /etc/mail/sendmail.mc, you will need to regenerate the
   
8. dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
   
9. dnl # installed and then performing a
   
10. dnl #
    
11. dnl #     make -C /etc/mail
    
12. dnl #
    
13. include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
    
14. VERSIONID(`setup for Red Hat Linux')dnl
    
15. OSTYPE(`linux')dnl
    
16. dnl #
    
17. dnl # default logging level is 9, you might want to set it higher to
    
18. dnl # debug the configuration
    
19. dnl #
    
20. dnl define(`confLOG_LEVEL', `9')dnl
    
21. dnl #
    
22. dnl # Uncomment and edit the following line if your outgoing mail needs to
    
23. dnl # be sent out through an external mail server:
    
24. dnl #
    
25. dnl define(`SMART_HOST',`smtp.your.provider')
    
26. dnl #
    
27. define(`confDEF_USER_ID',``8:12'')dnl
    
28. dnl define(`confAUTO_REBUILD')dnl
    
29. define(`confTO_CONNECT', `1m')dnl
    
30. define(`confTRY_NULL_MX_LIST',true)dnl
    
31. define(`confDONT_PROBE_INTERFACES',true)dnl
    
32. define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
    
33. define(`ALIAS_FILE', `/etc/aliases')dnl
    
34. define(`STATUS_FILE', `/var/log/mail/statistics')dnl
    
35. define(`UUCP_MAILER_MAX', `2000000')dnl
    
36. define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
    
37. define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
    
38. define(`confAUTH_OPTIONS', `A')dnl
    
39. dnl #
    
40. dnl # The following allows relaying if the user authenticates, and disallows
    
41. dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
    
42. dnl #
    
43. dnl define(`confAUTH_OPTIONS', `A p')dnl
    
44. dnl #
    
45. dnl # PLAIN is the preferred plaintext authentication method and used by
    
46. dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
    
47. dnl # use LOGIN. Other mechanisms should be used if the connection is not
    
48. dnl # guaranteed secure.
    
49. dnl # Please remember that saslauthd needs to be running for AUTH.
    
50. dnl #
    
51. dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
    
52. dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
    
53. dnl #
    
54. dnl # Rudimentary information on creating certificates for sendmail TLS:
    
55. dnl #     cd /usr/share/ssl/certs; make sendmail.pem
    
56. dnl # Complete usage:
    
57. dnl #     make -C /usr/share/ssl/certs usage
    
58. dnl #
    
59. dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
    
60. dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
    
61. dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
    
62. dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
    
63. dnl #
    
64. dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
    
65. dnl # slapd, which requires the file to be readble by group ldap
    
66. dnl #
    
67. dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
    
68. dnl #
    
69. dnl define(`confTO_QUEUEWARN', `4h')dnl
    
70. dnl define(`confTO_QUEUERETURN', `5d')dnl
    
71. dnl define(`confQUEUE_LA', `12')dnl
    
72. dnl define(`confREFUSE_LA', `18')dnl
    
73. define(`confTO_IDENT', `0')dnl
    
74. dnl FEATURE(delay_checks)dnl
    
75. FEATURE(`no_default_msa',`dnl')dnl
    
76. FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
    
77. FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
    
78. FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
    
79. FEATURE(redirect)dnl
    
80. FEATURE(always_add_domain)dnl
    
81. FEATURE(use_cw_file)dnl
    
82. FEATURE(use_ct_file)dnl
    
83. dnl #
    
84. dnl # The following limits the number of processes sendmail can fork to accept
    
85. dnl # incoming messages or process its message queues to 12.) sendmail refuses
    
86. dnl # to accept connections once it has reached its quota of child processes.
    
87. dnl #
    
88. dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl
    
89. dnl #
    
90. dnl # Limits the number of new connections per second. This caps the overhead
    
91. dnl # incurred due to forking new sendmail processes. May be useful against
    
92. dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
    
93. dnl # limit would be useful but is not available as an option at this writing.)
    
94. dnl #
    
95. dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl
    
96. dnl #
    
97. dnl # The -t option will retry delivery if e.g. the user runs over his quota.
    
98. dnl #
    
99. FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
    
100. FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
     
101. FEATURE(`blacklist_recipients')dnl
     
102. EXPOSED_USER(`root')dnl
     
103. dnl #
     
104. dnl # The following causes sendmail to only listen on the IPv4 loopback address
     
105. dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
     
106. dnl # address restriction to accept email from the internet or intranet.
     
107. dnl #
     
108. dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
     
109. dnl #
     
110. dnl # The following causes sendmail to additionally listen to port 587 for
     
111. dnl # mail from MUAs that authenticate. Roaming users who can't reach their
     
112. dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
     
113. dnl # this useful.
     
114. dnl #
     
115. dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
     
116. dnl #
     
117. dnl # The following causes sendmail to additionally listen to port 465, but
     
118. dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
     
119. dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
     
120. dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
     
121. dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
     
122. dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
     
123. dnl #
     
124. dnl # For this to work your OpenSSL certificates must be configured.
     
125. dnl #
     
126. dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
     
127. dnl #
     
128. dnl # The following causes sendmail to additionally listen on the IPv6 loopback
     
129. dnl # device. Remove the loopback address restriction listen to the network.
     
130. dnl #
     
131. dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
     
132. dnl #
     
133. dnl # enable both ipv6 and ipv4 in sendmail:
     
134. dnl #
     
135. dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
     
136. dnl #
     
137. dnl # We strongly recommend not accepting unresolvable domains if you want to
     
138. dnl # protect yourself from spam. However, the laptop and users on computers
     
139. dnl # that do not have 24x7 DNS do need this.
     
140. dnl #
     
141. FEATURE(`accept_unresolvable_domains')dnl
     
142. dnl #
     
143. dnl FEATURE(`relay_based_on_MX')dnl
     
144. dnl #
     
145. dnl # Also accept email sent to "localhost.localdomain" as local email.
     
146. dnl #
     
147. LOCAL_DOMAIN(`localhost.localdomain')dnl
     
148. dnl #
     
149. dnl # The following example makes mail from this host and any additional
     
150. dnl # specified domains appear to be sent from mydomain.com
     
151. dnl #
     
152. dnl MASQUERADE_AS(`mydomain.com')dnl
     
153. dnl #
     
154. dnl # masquerade not just the headers, but the envelope as well
     
155. dnl #
     
156. dnl FEATURE(masquerade_envelope)dnl
     
157. dnl #
     
158. dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
     
159. dnl #
     
160. dnl FEATURE(masquerade_entire_domain)dnl
     
161. dnl #
     
162. dnl MASQUERADE_DOMAIN(localhost)dnl
     
163. dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
     
164. dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
     
165. dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
     
166. MAILER(smtp)dnl
     
167. MAILER(procmail)dnl
     
168. 
     

复制代码

wanzihua

由于在AS4里SMTP是需要认证的!不象AS3的SMTP那样!

注意以下的英文说明:
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

1.Saslauthd的默认认证端口是587,而不是一般常用的SMTP(25),所以将上面的语句改为

DAEMON_OPTIONS(`Port=25, Name=MSA')dnl

2.将以下注释了

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

3.
service sendmail restart
service dovecot restart
service saslauthd restart

4. telnet localhost smtp

    ehlo localhost

会出现如下信息就是支持SMTP的SASLAUTHD认证了!

EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'

wanzihua

由于在AS4里SMTP是需要认证的!不象AS3的SMTP那样!

注意以下的英文说明:
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

1.Saslauthd的默认认证端口是587,而不是一般常用的SMTP(25),所以将上面的语句改为

DAEMON_OPTIONS(`Port=25, Name=MSA')dnl

2.将以下注释了

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

3.
service sendmail restart
service dovecot restart
service saslauthd restart

4. telnet localhost smtp

    ehlo localhost

会出现如下信息就是支持SMTP的SASLAUTHD认证了!

EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'

wanzihua

由于在AS4里SMTP是需要认证的!不象AS3的SMTP那样!

注意以下的英文说明:
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

1.Saslauthd的默认认证端口是587,而不是一般常用的SMTP(25),所以将上面的语句改为

DAEMON_OPTIONS(`Port=25, Name=MSA')dnl

2.将以下注释了

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

3.
service sendmail restart
service dovecot restart
service saslauthd restart

4. telnet localhost smtp

    ehlo localhost

会出现如下信息就是支持SMTP的SASLAUTHD认证了!

EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'

superlj

好，谢谢，马上试试看

旅行者2号

若是启用了认证，必须把那个认证工具(名字我记不起来了)也启动，不能只启动sendmail和dovecot.

superlj

怎样才能够不用sasl，直接采用本地/etc/passwd做认证？能够用thunderbird接受，但是不能够发送，接受应该是dovecot控制pop3/imap这些协议，发送应该是sendmail控制的smtp协议吧

wanzihua

系统的安全在系统中是必不可少的,AS4的SMTP认证方法是为了避免转发邮件变成了默认的配置方式!由原来的xinet转为standalone方式已经,加之SELINUX的保护,使系统服务分离,是在安全上对系统的一个保障,不要给AS3上普遍的配置所蒙蔽,新的事物是随之诞生出来的!

(在此鄙视那些所谓"有名的出版社",在AS3上的写为AS4的常见配置方式,抄来抄去,不但增加不了读者的知识,反而赚了亏心钱!太黑了)

SMTP认证方式,是SENDMAIL和POSTFIX的主要SMTP发送方式,避免了你的服务器变成了对方的转发邮件服务器,新的知识不要以旧的东西为标准,只能借鉴!