HoguInside & ㅁ ㅇ ㄷ nail

yum install -y sendmail* cyrus-sasl*

[root@cm mail]# vi /etc/mail/sendmail.mc

define(`confLOG_LEVEL', `14')dnl ==> 자세한 로그 분석

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl    ==> 사용자 인증 관련
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl ==> 사용자 인증 관련

define(`confCACERT_PATH', `/etc/mail/certs')dnl   ==>ssl 인증서 경로
define(`confCACERT', `/etc/mail/certs/AddTrustExternalCARoot.crt')dnl  ==>CAroot.crt 인증서
define(`confSERVER_CERT', `/etc/mail/certs/xx_xxxxxx_co_kr.crt')dnl ==> server.crt 인증서
define(`confSERVER_KEY', `/etc/mail/certs/xx_xxxxxx_co_kr_SHA256WITHRSA.key')dnl ==> server.key 인증서

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0 Name=MTA')dnl ==> 기본 25port
DAEMON_OPTIONS(`Port=submission,Addr=0.0.0.0 Name=MSA, M=Ea')dnl  => 25 대신 587 오픈. 안해도 무방
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl ==> 465 port starttls 사용포트

[root@cm mail]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf          ==> sendmail.cf 재생성

[root@cm mail]# vi /etc/mail/sendmail.cf
O Timeout.starttls=1h   ==> 주석해제

[root@cm mail]# mkdir /etc/mail/certs
[root@cm mail]# cp -arp {인증서path} /etc/mail/certs/
[root@cm mail]# chmod 600 -R /etc/mail/certs

[root@cm mail]# vi /etc/sysconfig/saslauthd   

# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=pam   ==> 사용자 인증  pam으로 사용

# Options sent to the saslauthd. If the MECH is other than "pam" uncomment the next line.
# DAEMONOPTS=--user saslauth

# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=

기본 적용되있으면 그냥 두면됨

vi /etc/sasl2/Sendmail.conf

pwcheck_method:saslauthd
mech_list:LOGIN PLAIN ==> 삽입. "pwcheck_method:saslauthd" 내용은 입력 되어 있음. 없다면 해당 내용 두 줄 입력

[root@cm mail]# /etc/init.d/sendmail restart
[root@cm mail]# /etc/init.d/saslauthd restart

[ 정상 로그 ]
Jul 19 14:36:02 cm sendmail[10822]: NOQUEUE: stopping daemon, reason=signal
Jul 19 14:36:02 cm sendmail[11019]: starting daemon (8.14.4): SMTP+queueing@01:00:00
Jul 19 14:36:02 cm sendmail[11019]: STARTTLS: CRLFile missing
Jul 19 14:36:02 cm sm-msp-queue[11027]: starting daemon (8.14.4): queueing@01:00:00
Jul 19 14:36:03 cm sendmail[11019]: STARTTLS=server, Diffie-Hellman init, key=1024 bit (1)
Jul 19 14:36:03 cm sendmail[11019]: STARTTLS=server, init=1
Jul 19 14:36:03 cm sendmail[11019]: started as: /usr/sbin/sendmail -bd -q1h

[ 에러 로그 ]
Jul 19 13:31:08 cm sendmail[6837]: NOQUEUE: stopping daemon, reason=signal
Jul 19 13:31:08 cm sendmail[8925]: starting daemon (8.14.4): SMTP+queueing@01:00:00
Jul 19 13:31:08 cm sendmail[8925]: STARTTLS: CRLFile missing
Jul 19 13:31:08 cm sendmail[8925]: STARTTLS=server: file /etc/mail/certs/COMODORSADomainValidationSecureServerCA.crt unsafe: World writable directory
Jul 19 13:31:08 cm sendmail[8925]: started as: /usr/sbin/sendmail -bd -q1h
Jul 19 13:31:08 cm sm-msp-queue[8933]: starting daemon (8.14.4): queueing@01:00:00
- 해당 인증서 디렉토리 권한 문제. 위 권한 설정 진행하지 않으면 발생됨.

[root@cm mail]# telnet xx.xxxxxx.co.kr 25
Trying 115.xx.xxx.xxx...
Connected to xx.xxxxxx.co.kr.
Escape character is '^]'.
220 xx.xxxxxx.co.kr ESMTP Sendmail 8.14.4/8.14.4; Wed, 19 Jul 2017 14:51:39 +0900
ehlo localhost  ==> 명령어로 확인
250-xx.xxxxxx.co.kr Hello [115.xx.xxx.xxx], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN    ==> 사용자 인증
250-STARTTLS   ==> 패킷 암호화 패치
250-DELIVERBY
250 HELP

php mail test source

<?php

$smtp_mail_id = "smtp 메일계정";
$smtp_mail_pw = "패스워드";
$to_email = "받는 사람 메일";
$to_name = "받는 사람 이름";
$from_name = "보내는 사람 이름";
$from_email = "보내는 사람 메일";
$smtp_use = 'xx.xxxxxx.co.kr';
$title = "서버 메일테스트입니다.";
$content = "서버 메일테스트입니다..";

//메일러 로딩
require_once("./class.smtp.php");
require_once("./class.phpmailer.php");

$mail = new PHPMailer(true);
$mail->IsSMTP();
try {
  $mail->Host = $smtp_use; // email 보낼때 사용할 서버를 지정
  $mail->SMTPAuth = true; // SMTP 인증을 사용함
  $mail->CharSet = 'utf-8';

  $mail->Port = 465; // email 보낼때 사용할 포트를 지정
  $mail->SMTPSecure = "ssl"; // SSL을 사용함
  $mail->Username = $smtp_mail_id; // 계정
  $mail->Password = $smtp_mail_pw; // 패스워드

  $mail->SetFrom($from_email, $from_name); // 보내는 사람 email 주소와 표시될 이름 (표시될 이름은 생략가능)
  $mail->AddAddress($to_email, $to_name); // 받을 사람 email 주소와 표시될 이름 (표시될 이름은 생략가능)

  $mail->Subject = $title; // 메일 제목
  $mail->MsgHTML($content); // 메일 내용 (HTML 형식도 되고 그냥 일반 텍스트도 사용 가능함)
  $mail->Send(); // 실제로 메일을 보냄

  $ok_msg = iconv('utf-8','euc-kr','메일을 전송하였습니다.');
  echo "<script>alert('".$ok_msg."');</script>";

} catch (phpmailerException $e) {
  echo $e->errorMessage();
} catch (Exception $e) {
  echo $e->getMessage();
}

?>

[root@cm mail]# openssl s_client -host cm.aumlee.co.kr -port 465   ==> telnet처럼 openssl 메일 송신 테스트
CONNECTED(00000003)
depth=0 OU = Domain Control Validated, OU = "Hosted by Korea Information Certificate Authority, Inc.", OU = PositiveSSL, CN = xx.xxxxxx.co.kr
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = "Hosted by Korea Information Certificate Authority, Inc.", OU = PositiveSSL, CN = xx.xxxxxx.co.kr
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, OU = "Hosted by Korea Information Certificate Authority, Inc.", OU = PositiveSSL, CN = xx.xxxxxx.co.kr
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=Hosted by Korea Information Certificate Authority, Inc./OU=PositiveSSL/CN=xx.xxxxxx.co.kr
  i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgIRAKypsELizD0ZoyKs7S3XU5IwDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
.
.
.(중략)
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=Hosted by Korea Information Certificate Authority, Inc./OU=PositiveSSL/CN=xx.xxxxxx.co.kr
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
Acceptable client certificate CA names
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 2564 bytes and written 449 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
  Protocol : TLSv1.2
  Cipher : DHE-RSA-AES256-GCM-SHA384
.
.
.
.
.(중략)
  Start Time: 1500445618
  Timeout : 300 (sec)
  Verify return code: 21 (unable to verify the first certificate)     === > 인증서 정상적으로 받아온뒤 아래 처럼 메일 테스트 진행

220 xx.xxxxxx.co.kr ESMTP Sendmail 8.14.4/8.14.4; Wed, 19 Jul 2017 15:26:58 +0900
mail from : test@xx.xxxxxx.co.kr
250 2.1.0 test@xx.xxxxxx.co.kr... Sender ok
rcpt to : hoguinside@naver.com
250 2.1.5 hoguinside@naver.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
test
test
test
.
250 2.0.0 v6J6Qw4O012558 Message accepted for delivery

[ 송신 메시지 정상 로그]

Jul 19 14:50:49 cm sendmail[11761]: NOQUEUE: connect from [115.xx.xxx.xxx]
Jul 19 14:50:49 cm sendmail[11761]: AUTH: available mech=LOGIN PLAIN, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Jul 19 14:50:49 cm sendmail[11761]: v6J5on71011761: Milter: no active filter
Jul 19 14:50:49 cm sendmail[11761]: STARTTLS=server, relay=[115.xx.xxx.xxx], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Jul 19 14:50:49 cm sendmail[11761]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok
Jul 19 14:50:49 cm sendmail[11761]: AUTH: available mech=LOGIN PLAIN, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Jul 19 14:50:49 cm sendmail[11761]: AUTH=server, relay=[115.xx.xxx.xxx], authid=xxxxxxxxx@xx.xxxxxx.co.kr, mech=LOGIN, bits=0
Jul 19 14:50:49 cm sendmail[11761]: v6J5on71011761: from=, size=876, class=0, nrcpts=1, msgid=<68d3d47a954e5b85425017e349f44ae6 cm.aumlee.co.kr="">, proto=ESMTP, daemon=TLSMTA, relay=[115.xx.xxx.xxx]
Jul 19 14:50:49 cm sendmail[11763]: v6J5on71011761: SMTP outgoing connect on [115.xx.xxx.xxx]
Jul 19 14:50:49 cm sendmail[11763]: STARTTLS: ClientCertFile missing
Jul 19 14:50:49 cm sendmail[11763]: STARTTLS: ClientKeyFile missing
Jul 19 14:50:49 cm sendmail[11763]: STARTTLS: CRLFile missing
Jul 19 14:50:49 cm sendmail[11763]: STARTTLS=client, init=1
Jul 19 14:50:49 cm sendmail[11763]: STARTTLS=client, start=ok
Jul 19 14:50:49 cm sendmail[11763]: STARTTLS=client, relay=mx2.naver.com., version=TLSv1/SSLv3, verify=OK, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Jul 19 14:50:49 cm sendmail[11763]: STARTTLS=client, cert-subject=/C=KR/postalCode=13561/ST=Gyeonggi-do/L=Seongnam-si/O=NAVER+20Corp./OU=Information+20Security+20Team/OU=Hosted+20by+20Korea+20Information+20Certificate+20Authority,+20Inc./OU=Unified+20Communications/CN=mail.naver.com, cert-issuer=/C=GB/ST=Greater+20Manchester/L=Salford/O=COMODO+20CA+20Limited/CN=COMODO+20RSA+20Organization+20Validation+20Secure+20Server+20CA, verifymsg=ok
Jul 19 14:50:49 cm sendmail[11763]: v6J5on71011761: to=, ctladdr= (514/514), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120876, relay=mx2.naver.com. [125.209.238.137], dsn=2.0.0, stat=Sent (OK EPcdYHmZSTK2BKWSkYyj0g - nsmtp)
Jul 19 14:50:49 cm sendmail[11763]: v6J5on71011761: done; delay=00:00:00, ntries=1
Jul 19 14:50:49 cm sendmail[11763]: STARTTLS=client, SSL_shutdown failed: -1

[root@cm mail]# tcpdump -A '(src host 115.xx.xxx.xxx and dst port 25) or (dst host 115.xx.xxx.xxx and src port 25 )'

E.....@.3...}...sDrz.......#.G.f...r4......
...D.b..250-mx.naver.com Pleased to meet you
250-SIZE 41943040
250-8BITMIME
250-PIPELINING
250-STARTTLS
250 ENHANCEDSTATUSCODES

15:32:55.840996 IP 115.xx.xxx.xxx.57773 > mx3.naver.com.smtp: Flags [P.], seq 23:33, ack 182, win 115, options [nop,nop,TS val 23263012 ecr 350875460], length 10
E..>;a@.@...sDrz}........G.f.......sA......
.b.$...DSTARTTLS

15:32:55.844716 IP mx3.naver.com.smtp > 115.xx.xxx.xxx.57773: Flags [P.], seq 182:243, ack 33, win 114, options [nop,nop,TS val 350875466 ecr 23263012], length 61
E..q..@.3...}...sDrz.........G.p...r.......
...J.b.$220 2.0.0 Ready to start TLS QOMq+FWTSAmCLRMKTcK2QQ - nsmtp
.... 중략중략

 [root@localhost ]# top

top - 13:21:53 up 362 days, 12:51,  2 users,  load average: 0.36, 0.51, 0.60
Tasks: 544 total,   1 running, 541 sleeping,   0 stopped,   2 zombie
Cpu0  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Cpu1  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Cpu2  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Cpu3  :  2.0%us,  0.3%sy,  0.0%ni, 97.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Cpu4  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Cpu5  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Cpu6  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Cpu7  : 10.4%us,  0.7%sy,  0.0%ni, 88.3%id,  0.0%wa,  0.0%hi,  0.7%si,  0.0%st
Mem:   8017812k total,  5458432k used,  2559380k free,   586348k buffers
Swap:  4194300k total,     9648k used,  4184652k free,  1795476k cached

ps -ef | grep defunct | grep -v grep

 [root@localhost ]# ps -ef | grep defunct | grep -v grep
root      8019  8017  0 12:01 ?        00:00:00 [unknown-error-t] 
root      8020  8017  0 12:01 ?        00:00:00 [unknown-error-t] 

[root@localhost ]# kill -9 8017
root      8019  8017  0 12:01 ?        00:00:00 [unknown-error-t] 
root      8020  8017  0 12:01 ?        00:00:00 [unknown-error-t] 

** 좀비 모두 죽이기

ps -ef | grep defunct | awk '{print $3}' | xargs kill -9

[root@localhost]# vi zombie_kill.sh

#! /bin/bash
date="$(date "+%Y-%m-%d_%H:%M:%S")"
log_dir="경로입력"
zombie_check=`ps -ef | grep defunct | grep -v grep | grep -v "\[sh\]"| wc -l`
if [ $zombie_check == '0'   ]; then
    exit 0;
else
    echo "==============================================================" >> /$log_dir/zombie_kill.txt
    ps -ef | grep defunct | grep -v grep | grep -v "\[sh\]" >> /{path}/zombie_kill.txt
    ps -ef | grep defunct | grep -v grep | grep -v "\[sh\]" | awk '{print $3}' | xargs kill -9
    echo "kill zombie process_$date " >> /$log_dir/zombie_kill.txt

    if [ $zombie_check == '0' ]; then
        exit 0;
    else
        /bin/sh /$log_dir/zombie_kill.sh
    fi
fi

# cd /usr/local/src/APM_Setup/httpd-2.4.3/modules/filters
# /usr/local/apache/bin/apxs -cia -Wl,"-lz" mod_deflate.c

# /usr/local/apache/bin/httpd -l
mod_deflate.c

# vi /usr/local/apache/conf/httpd.conf


<IfModule mod_deflate.c>

AddType text/html .html .htm
AddType text/css  .css
AddType application/xml .xml
AddType application/javascript  .js
AddType application/x-httpd-php .php .php3 .html .htm .phtml .inc
AddType application/x-httpd-php-source .phps

AddOutputFilterByType DEFLATE text/plain text/html text/xml
AddOutputFilterByType DEFLATE application/xhtml+xml application/xml application/rss+xml
AddOutputFilterByType DEFLATE text/css application/javascript application/x-javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/php
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
#사용할 압축레벨을 선택, 값이 클수록 압축률이 증가하지만, CPU를 더 많이 사용함
DeflateCompressionLevel 9

# Netscape 4.xx에는 HTML만 압축해서 보냄
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06~4.08에는 압축해서 보내지 않음
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# 자신을 Mozilla로 알리는 MSIE에는 그대로 압축해서 보냄
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html


# 압축하지 않을 파일들을 지정
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|bmp|zip|tar|rar|alz|a00|ace|txt|mp3|mpe?g|wav|asf|wma|wmv|swf|exe|pdf|doc|xsl|hwp|java|c|t?gz|bz2|7z)$ no-gzip dont-vary

</ifModule>  

 
Request Headers

- Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
- Accept-Encoding:gzip, deflate
- Accept-Language:ko-KR,ko;q=0.8,en-US;q=0.6,en;q=0.4
- Connection:keep-alive
- Cookie:tbl_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22dbe714132c740233f7c93526e7a11201%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A11%3A%22115.68.87.2%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A105%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F59.0.3071.115+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1501209037%3B%7D65560fd68b1e8de8e0b840836288bbe1a8ce9b42
- Host:mobile.ibabynews.com
- If-Modified-Since:Fri, 28 Jul 2017 02:33:08 GMT
- Referer:http://mobile.ibabynews.com/
- Upgrade-Insecure-Requests:1
- User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36

- 적용 확인