1.Установка Sendmail+Cyrus-sasl
1 |
# yum install sendmail sendmail-cf sendmail-doc cyrus-sasl-{lib,plain} |
2.Настройка Sendmail
1 |
# cd /etc/mail/ |
1 |
# cp sendmail.mc{,.orig} |
1 |
# nano /etc/mail/sendmail.mc |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
divert(-1)dnl include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for linux')dnl OSTYPE(`linux')dnl define(`confDEF_USER_ID', ``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST', `True')dnl define(`confDONT_PROBE_INTERFACES', `True')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A y')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confTO_IDENT', `0')dnl FEATURE(`no_default_msa', `dnl')dnl FEATURE(`smrsh', `/usr/sbin/smrsh')dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl FEATURE(`accept_unresolvable_domains')dnl LOCAL_DOMAIN(`localhost.localdomain')dnl MAILER(smtp)dnl MAILER(procmail)dnl |
1 |
# make all |
1 |
# systemctl restart sendmail |
1 |
# systemctl enable sendmail |
3.Настройка Sendmail на поддержку TLS/SSL
1 |
# cd /etc/pki/tls/certs |
1 |
# make sendmail.pem |
1 |
# cd /etc/mail |
1 |
# nano sendmail.mc |
1 2 3 4 5 6 7 8 |
define(`CERT_DIR', `/etc/pki/tls/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/sendmail.pem')dnl define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')dnl define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl |
1 |
# make all |
1 |
# systemctl restart sendmail |
Тестируем TLS-поддержку
1 |
# openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 |
4.Запуск и добавление в автозагрузку демона аутентификации Cyrus—sasl – saslauthd
1 |
# nano /etc/sysconfig/saslauthd |
1 2 3 |
SOCKETDIR=/run/saslauthd MECH=pam FLAGS= |
1 |
# systemctl restart saslatuhd |
1 |
# systemctl enable saslatuhd |
5.Установка и настройка Dovecot
1 |
# yum install dovecot |
1 |
# cd /etc/dovecot |
1 |
# cp -rp conf.d conf.d~ |
1 |
# cp dovecot.conf dovecot.conf~ |
1 |
# nano conf.d/10-mail.conf |
1 |
mail_location = maildir:~/Maildir |
[…]