目标:Debian環境下,用Exim4 + fetchmail + mutt來收發gmail電子郵件。
1、設定exim4,通過smarthost外發郵件
$dpkg-reconfigure exim4-config (1)将配置文檔拆分成小檔案麼? 否
(2)選擇“用smarthost發信;通過smtp或fetchmail接受郵件”
(3)系統郵件名稱,随意;(這裡我寫了tom.com)
(4)要監聽的入站 SMTP 連接配接的 IP 位址:127.0.0.1 (這樣,就隻有本機可以利用 exim4)
(5)其它可接受的郵件目的位址:(empty)
(6)為這些主機進行郵件轉發:(empty)
(7)負責處理從本機寄出的郵件的機器(smarthost):真正用來外發郵件的smtp位址
(我這裡用smtp. gmail.com)
(8)要在寄出的郵件中隐藏本地郵件名稱嗎? 是
(9)本地使用者的可視域名:同(3)
(10)保持最小 DNS 查詢量嗎(按需拔号 Dial-on-Demand)? 否
還要修改幾個配置檔案:
(1)/etc/ exim4/passwd.client,smtp的帳号密碼設定,加入:
smtp.gmail.com:[email protected]gmail.com:password
gmail-smtp.l.google.com:[email protected]gmail.com:password 後一個位址非常重要,當 exim 聯向 smtp. gmail.com 時它會以類似重定向的方式聯向 gmail-smtp.l.google.com,是以也要給它寫上認證資訊。
(2)/etc/email-addresses,系統郵箱位址,加入:
user: [email protected]gmail.com (3)/etc/ exim4/ exim4.conf.template, exim4配置檔案
### transport/30_exim4-config_remote_smtp_smarthost
#################################
# This transport is used for delivering messages over SMTP connections
# to a smarthost. The local host tries to authenticate and does some
# modification in headers and return-path.
# This transport is used for smarthost and satellite configurations.
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for [email protected]$domain"
driver = smtp
# hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
tls_tempfail_tryclear = false
# DEBCONFheaders_rewriteDEBCONF
# DEBCONFreturn_pathDEBCONF
hosts_require_auth = smtp.gmail.com
hosts_require_tls = smtp.gmail.com
port=587
配置完以後,update- exim4.conf,update- exim4.conf.template,然後重新開機 exim4 服務即可。
2、配置mutt:編輯/etc/Muttrc
這裡加入:
set envelope_from=yes
set sendmail="/usr/sbin/exim4"
set [email protected]gmail.com
set realname="josephpei"
set use_from=yes 3、opensll認證:
(1)取得 gmail的cert檔案
運作:
$openssl s_client -connect smtp.gmail.com:995 -showcerts 輸出:
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop. gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop. gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop. gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop. gmail.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC3TCCAkagAwIBAgIDBZIAMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDUxMTE1MjEyMjQ0WhcNMDcxMTE2MjEyMjQ0
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMP8LCYiLGJ/
RihwcOi1V/zHVTw0Gfu+mI141Vjuuj2DtQoav8emwlXbu8gZoKP9GeMWpX1Vo9qN
4gkslIToHmDnIwGjcaEAfpdhSR9g54Kf5Y7BEXVyco6mTIlpe9vsbV0dmB1FvLP2
1N09dkUJfi7V0fjb8mcn3QYu6+6QNoxPAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTdASsopgao1m8hcEg0cDZhucltljA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAln3/pVqYnUXA1TVGzOqX
LFhohGxpuNkr1UJnQmYxmZeB07uPBYRX8c0JXEKs29TmAHRsLhmp8kF36F11Dxgi
Xm/Y8I9zgWHoMj7SL3Ve/u8K8K7XcUyUuaWmldLQAREafpFy+f+KYHGuAVh8hjy6
XyPlMCqj+PNp8QXjgOcgO68=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop. gmail.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 891 bytes and written 338 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: CFCAB44667A90184C8ABCC6F4D2D1C8EC29A9DBDAD11D815E7E22DC5E34213F6
Session-ID-ctx:
Master-Key: 1AFCF4EC31DF0A5930B527BDC55B86D69285DD044E939BDDF18884F61F1E8340EFE7BF85CC50F98F657FB0579CF612F7
Key-Arg : None
Start Time: 1134601370
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
+OK Gpop m2pf1356431nzf ready.
将中間的:
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
拷貝到~/.certs/ gmail.pem(自己建立這個目錄和檔案)
(2) 生成CA檔案
$openssl x509 -in gmail.pem -noout -fingerprint 将上面的 gmail.pem前面加上Fingerprint
MD5 Fingerprint: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E1:1B:EC4
PEM Data:
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
( gmail.pem似乎可以不加fingerprint,我加上,就沒有删,就畫個蛇加個足吧)
在~/.certs/建立equifax.pem檔案,内容如下:
MD5 Fingerprint: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
PEM Data:
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----
(3)rehash上步兩個檔案:equifax.pem和 gmail.pem,運作:
$ c_rehash .certs (4)檢查CA檔案,運作:
$openssl s_client -connect pop.gmail.com:995 -CApath .certs/ 如果輸出中有:
Verify return code: 0 (ok)
則CA檔案是好的.
4、配置fetchmail
這個比較簡單,修改~/.fetchmail檔案,加入:
#
#
# Sample /home/chirico/.fetchmailrc file for Gmail
#
# Check mail every 90 seconds
set daemon 90
set syslog
set postmaster chirico
#set bouncemail
#
# Google Gmail is mchirico but on computer it is chirico
# To keep mail on the server use the you would put keep at the end.
# user '[email protected]gmail.com' with pass "pa33w0r8" is 'chirico' here options ssl sslcertck sslcertpath '/home/chirico/certs/.certs' keep
#
poll pop.gmail.com with proto POP3 and options no dns
user '[email protected]gmail.com' with pass "pa33w0r8" is 'chirico' here options ssl sslcertck sslcertpath '/home/chirico/certs/.certs'
smtphost localhost
# You would use this to by-pass Postfix
# mda '/usr/bin/procmail -d %T'
tsinghua brep:如果有重複收信問題
poll pop3.sina.com.cn with proto POP3 uidl
~~~~加上這個
然後執行:
$chmod 0600 .fetchmailrc 呵呵,終于完工了,測試:
[email protected]:~$ fetchmail -avk
fetchmail: 6.3.2 querying pop.gmail.com (protocol POP3) at 2006年04月06日 星期四 20時07分26秒: poll started
fetchmail: Issuer Organization: Equifax
fetchmail: Unknown Issuer CommonName
fetchmail: Server CommonName: pop.gmail.com
fetchmail: pop.gmail.com key fingerprint: 59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4
fetchmail: POP3< +OK Gpop ready z52pf972624pyg
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< USER
fetchmail: POP3< RESP-CODES
fetchmail: POP3< EXPIRE 0
fetchmail: POP3< LOGIN-DELAY 300
fetchmail: POP3< X-GOOGLE-VERHOEVEN
fetchmail: POP3< .
fetchmail: POP3> USER [email protected]gmail.com
fetchmail: POP3< +OK send PASS
fetchmail: POP3> PASS *
fetchmail: POP3< +OK Welcome.
fetchmail: POP3> STAT
fetchmail: POP3< +OK 1 2305
1 message for [email protected]gmail.com at pop.gmail.com (2305 octets).
fetchmail: POP3> LIST 1
fetchmail: POP3< +OK 1 2305
fetchmail: POP3> RETR 1
fetchmail: POP3< +OK message follows
reading message [email protected]gmail[email protected]gmail.com:1 of 1 (2305 octets)
fetchmail: SMTP< 220 hit-pei.optic ESMTP Exim 4.60 Thu, 06 Apr 2006 20:07:31 +0800
fetchmail: SMTP> EHLO hit-pei.optic
fetchmail: SMTP< 250-hit-pei.optic Hello localhost [127.0.0.1]
fetchmail: SMTP< 250-SIZE 52428800
fetchmail: SMTP< 250-PIPELINING
fetchmail: SMTP< 250 HELP
fetchmail: SMTP> MAIL FROM:<[email protected]> SIZE=2305
fetchmail: SMTP< 250 OK
fetchmail: SMTP> RCPT TO:<[email protected]>
fetchmail: SMTP< 250 Accepted
fetchmail: SMTP> DATA
fetchmail: SMTP< 354 Enter message, ending with "." on a line by itself
#************************.****fetchmail: SMTP>. (EOM)
fetchmail: SMTP< 250 OK id=1FRTGt-00015t-5g
not flushed
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Farewell.
fetchmail: SMTP> QUIT
fetchmail: SMTP< 221 hit-pei.optic closing connection
fetchmail: 6.3.2 querying pop.gmail.com (protocol POP3) at 2006年04月06日 星期四 20時07分31秒: poll completed
fetchmail: normal termination, status 0
[email protected]:~$ mutt
4 封信件被保留, 0 封信件被删除。
附(還未試):為了和word附件的配合,需要在.muttrc中加入:
auto_view application/msword
另外,還需要在~/.mailcap中加入:
text/html; lynx -force_html %s; needsterminal;
application/msword; /usr/bin/antiword '%s'; copiousoutput; #這裡用到antiword,apt-get install就行
description="Microsoft Word Text"; nametemplate=%s.doc
這樣,就能夠在 mutt中顯示word附件了。
![門戶通專訪月光部落格:第一部落格是如何打造成的[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)