阿里云ECS通过mail发送邮件

原创

虚拟一点 2018-07-13 11:59:33 ©著作权

文章标签 mailx smtp 文章分类 运维

©著作权归作者所有：来自51CTO博客作者虚拟一点的原创作品，请联系作者获取转载授权，否则将追究法律责任

参考博文

因为阿里云默认将目的端口为TCP25的出现流量屏蔽了，所以改用465 ssl端口发送邮件。

yum安装mailx

[Allen@iZm5eh331inajbk110g28mZ ~]$ yum install -y mailx
##yum安装完mailx之后，/etc下会自动创建一个mail.rc的文件，在最下面追加如下内容即可。
[Allen@iZm5eh331inajbk110g28mZ ~]$ vim /etc/mail.rc

##对方收到邮件时显示的发件人
set from=183xxxx2118@163.com

##指定第三方发邮件的smtp服务器地址
set smtp=smtps://smtp.163.com:465

##第三方发邮件的用户名
set smtp-auth-user=183xxxx2118

##邮箱的密码或授权码（163邮箱需要指定授权码）
set smtp-auth-password=xxxxxx

##SMTP的认证方式，默认是login
set smtp-auth=login

##忽略ssl的检查
set ssl-verify=ignore

##指定证书所在的目录
set nss-config-dir=/home/Allen/.certs

##此时直接发邮件会提示证书不被承认
[Allen@iZm5eh331inajbk110g28mZ ~]$ echo test | mail -s test 183xxxx2118@163.com
[Allen@iZm5eh331inajbk110g28mZ ~]$ Error in certificate: Peer's certificate issuer is not recognized.
smtp-server: 454 Command not permitted when TLS active
"/home/Allen/dead.letter" 11/301
. . . message not sent.

申请证书

##创建目录，用来存放证书
[Allen@iZm5eh331inajbk110g28mZ ~]$ mkdir -p /home/Allen/.certs/

##向163申请证书
[Allen@iZm5eh331inajbk110g28mZ ~]$ echo -n | openssl s_client -connect smtp.163.com:465  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/163.crt
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3
verify return:1
depth=0 C = CN, ST = ZheJiang, L = HangZhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com
verify return:1
DONE

##添加一个证书到证书数据库
[Allen@iZm5eh331inajbk110g28mZ ~]$  certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt 

##添加一个证书到证书数据库
[Allen@iZm5eh331inajbk110g28mZ ~]$ certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt 

##列出目录下的证书
[Allen@iZm5eh331inajbk110g28mZ ~]$ certutil -L -d /home/Allen/.certs/

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

GeoTrust SSL CA                                              C,,  

[Allen@iZm5eh331inajbk110g28mZ ~]$ ls /home/Allen/.certs/
163.crt    cert8.db   key3.db    secmod.db  

##此时发送邮件还会报错，因为证书不被承认
[Allen@iZm5eh331inajbk110g28mZ ~]$ echo "test" | mail -s test 183xxxx2118@163.com
[Allen@iZm5eh331inajbk110g28mZ ~]$ Error in certificate: Peer's certificate issuer is not recognized.
smtp-server: 454 Command not permitted when TLS active
"/home/Allen/dead.letter" 11/301
. . . message not sent.

##标记为信任
[Allen@iZm5eh331inajbk110g28mZ ~]$ cd .certs/
[Allen@iZm5eh331inajbk110g28mZ .certs]$ certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ./ -i 163.crt 
Notice: Trust flag u is set automatically if the private key is present.

成功发送邮件

[Allen@iZm5eh331inajbk110g28mZ .certs]$ echo "test" | mail -s test 183xxxx2118@163.com

普通服务器配置mailx发送邮件场景

[Allen@localhost ~]$ yum install -y mailx
[Allen@localhost ~]$ vim /etc/mail.rc
set from=183xxxx2118@163.com
set smtp=smtp.163.com
set smtp-auth-user=183xxxx2118
set smtp-auth-password=xxxxxxxx
set smtp-auth=login

[Allen@localhost ~]$ echo test | mail -s test 183xxxx2118@163.com