2023年使用centos发报警邮件配置

环境:阿里云上ecs主机   centos 7.6系统

目的:监控nginx有访问异常ip,发送邮件通知

安装软件:  

yum install -y sendmail mailx    #mailx一般阿里云上都给安装了的

 

systemctl enable sendmail

systemctl start sendmail

 

添加配置:vim /etc/mail.rc

set from=xxxx@163.com #自己的邮箱

set smtp=smtps://smtp.163.com:465 #使用邮件服务ssl传输,阿里云已经屏蔽掉25端口,而且基本属于不会给你放开的那种,所以都要配置ssl访问(465端口),不然会链接不上smtp服务器

set smtp-auth-user=xxxxx@163.com ###自己的邮箱

set smtp-auth-password=xxxxxxx #授权码

#set smtp-use-starttls #这个开启可能会报错454 Command not permitted when TLS active

set smtp-auth=login #默认登录

set ssl-verify=ignore

set nss-config-dir=/root/.certs #自己主机证书存放位置,这个后面会做说明

 

理论上配置上这些就可以发邮件了,但是一般都会出点问题,以下给说一下会出的问题

 

systemctl status sendmail   #查看是否有启动异常

或者去查看日志:tail -f /var/log/maillog

如果有下面这两句

My unqualified host name (xxx) unknown; sleeping for retry
unable to qualify my own domain name (xxx) -- using short name

解决办法:

在vi /etc/mail/sendmail.cf 配置文件中查找 Dj$w,并在此行下面增加这一行。

 Dj$w.

 找到SMTP daemon options这行,下面添加

O DaemonPortOptions=Port=smtp,Addr=192.168.0.245, Name=MTA

在/etc/hosts 增加一行

192.168.0.245 xxx xxxx.  注意最后面有一个点。

 

vim /etc/hosts.allow 添加

sendmail:xxxx #主机hostname

sendmail:ip #主机ip地址

 

vim /etc/mail/access

Connect:192.168.0.245 RELAY

 

systemctl restart sendmail

再测试邮件发送是否正常

 

 

如果出现报错:  Error in certificate: Peer's certificate issuer is not recognized.##没有对端的证书

解决办法

mkdir -p /root/.certs/ #创建证书目录

生成证书

echo -n | openssl s_client -connect smtp.163.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/163.crt

depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA

verify return:1

depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3

verify return:1

depth=0 C = CN, ST = ZheJiang, L = HangZhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com

verify return:1

DONE

 

certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt

 

certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/163.crt

 

certutil -L -d /root/.certs

Certificate Nickname Trust Attributes

SSL,S/MIME,JAR/XPI

GeoTrust SSL CA C,,

 

cd /root/.certs/

 

certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ./ -i 163.crt

Notice: Trust flag u is set automatically if the private key is present.

 

随后测试邮件是否正常发送

具体监控脚本就自己根据需求来写了