如果系统中没有安装 sendmail,或者功能达不到需要而需要升级,就需要重新安装。
sendmail
imap
sasl
首先要下载sasl库,该函数库提供了安全认证所需函数,当前版本是1.5.28。注意2.X 版本无法与sendmail结合,因为API还未做修改。安装过程如下:
$ gzip cyrus-sasl-1.5.27.tar.gz $ tar -xvf cyrus-sasl-1.5.27.tar $ cd cyrus-sasl-1.5.27 $ ./configure -prefix=/usr --disable-krb4 --disable-gssapi --enable-login $ make $ make install
接下来,在编译sendmail之前,需要修改(或添加)配置文件: <sendmail代码树>/devtools/Site/site.config.m4,如下:
dnl APPENDDEF(`confLIBDIRS',`-L/usr/local/lib') dnl PPENDDEF(`confINCDIRS',`-I/usr/local/include') APPENDDEF(`confENVDEF',`-DSASL') APPENDDEF(`conf_sendmail_LIBS',`-lsasl')
修改配置文件: <sendmail代码树>/devtools/Site/site.config.m4,如下:
dnl Stuff for TLS APPENDDEF(`confINCDIRS', `-I/usr/local/include') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS') dnl add to previous direction APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto') APPENDDEF(`conf_sendmail_LIBS', `-lsasl -lssl -lcrypto')
修改 sendmail.mc 如下:
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5')dnl dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth/auth-info') FEATURE(`no_default_msa')dnl DAEMON_OPTIONS(`Port=25, Name=MSA, M=Ea')dnl
修改 sendmail.mc 如下:
dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
To make certificate authority:
$ mkdir CA $ cd CA $ mkdir certs crl newcerts private $ echo "01" > serial $ cp /dev/null index.txt $ cp /usr/local/openssl/openssl.cnf.sample openssl.cnf $ vi openssl.cnf (set values) $ openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365 -config openssl.cnf
To make a new certificate:
$ cd CA #(same directory created above) $ openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 365 -config openssl.cnf $ $ #cd CA #(same directory created above) $ openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem $ openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem $ rm -f tmp.pem
Edit newreq.pem
Remove the unsigned certificate (leaving the private key)
Copy files
$ cp cacert.pem /etc/mail/certs/cacert.pem $ cp newreq.pem /etc/mail/certs/key.pem $ cp newcert.pem /etc/mail/certs/cert.pem
Set permissions
$ chmod 400 key.pem
Check key properties
$ openssl x509 -noout -in cacert.pem -text
Make sure that the CN of the CA certificate and CN of the server certificate are different, because newer versions of Mozilla and Netscape won't accept the server certificate if it is self-signed.
参见: 前面章节的描述。
-r-xr-sr-x root smmsp ... /PATH/TO/sendmail drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue drwx------ root wheel ... /var/spool/mqueue -r--r--r-- root wheel ... /etc/mail/sendmail.cf -r--r--r-- root wheel ... /etc/mail/submit.cf
$ sendmail -bd -q1h
-bd 参数,表示将sendmail作为一个守护进程来运行;
-q1h 参数,表示每隔一个小时发送一次邮件,类似地,-q15m是15分钟,等等。
Copyright © 2006 WorldHello 开放文档之源 计划 |