Monday, 24 June 2013

Dovecot Installation

# yum install dovecot

Then edit the dovecot configuration file nd uncommet the line,  protocols = imap pop3 lmtp

# vi /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp


Then Open the file /etc/dovecot/conf.d/10-mail.conf and uncomment the line

# vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir


Open the /etc/dovecot/conf.d/10-auth.conf and edit

# vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no  ## uncomment and change from yes to no.
auth_mechanisms = plain login

Then,
Open the /etc/dovecot/conf.d/10-master.conf and edit

# vi /etc/dovecot/conf.d/10-master.conf
unix_listener auth-userdb {
    #mode = 0600
    user = postfix  ## uncomment and enter postfix
    group = postfix  ## uncomment and enter postfix

Then,  start the dovecot service.

# service dovecot start
Starting Dovecot Imap:                                     [  OK  ]

# chkconfig dovecot on

Testing dovecot:

[root@ns2 postfix]# telnet localhost pop3
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user user1
+OK
pass user1
+OK Logged in.
list
+OK 1 messages:
1 424
.
retr 1
+OK 424 octets
Return-Path: <user1@ranjithkr.com>
X-Original-To: user1
Delivered-To: user1@ranjithkr.com
Received: from localhost (localhost [IPv6:::1])
    by ns2.ranjithkr.com (Postfix) with ESMTP id D01B1101E0D
    for <user1>; Sat, 22 Jun 2013 06:17:01 +0530 (IST)
Message-Id: <20130622004822.D01B1101E0D@ns2.ranjithkr.com>
Date: Sat, 22 Jun 2013 06:17:01 +0530 (IST)
From: user1@ranjithkr.com
To: undisclosed-recipients:;

test
.
quit
+OK Logging out.
Connection closed by foreign host.
[root@ns2 postfix]#
Posted by at No comments:

Installing Mail Server Using Postfix in Centos

Before proceeding with the postfix installation, please make sure,

    * The mail server should contain a valid MX record in the DNS server. Navigate to this link how to setup DNS server.
    * Firewall and SELinux should be disabled.

    #service iptables stop
    #vi /etc/selinux/config
    and set SELINUX=disabled

Then install postfix via, yum

# yum install postfix

And update your postfix configuration file, /etc/postfix/main.cf

# vi /etc/postfix/main.cf

and change the below values.

myhostname = ns2.example.com ## uncomment and enter your host name
mydomain = example.com  ## uncomment and enter your domain name
myorigin = $mydomain  ## uncomment
inet_interfaces = all  ## change to all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain  ## add $domain at the end
mynetworks = 192.168.1.0/24, 127.0.0.0/8  ## uncomment and add your network range
home_mailbox = Maildir/  ## uncomment


Now start the postfix service by,

# service postfix start

and enable postfix auto start at startup by,

# chkconfig postfix on

now the Postfix installation is over. We can test whether it is working fine by sending a test mail.

For that first create a test user called user1.

# useradd user1
# passwd user1

And the incoming mails to this user will be stored in the location /home/user1/Maildir/new

For testing we can use the telnet command, if it is not installed please install telnet via yum,

# yum install telnet

Then enter,

# telnet localhost smtp
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 ns2.ranjithkr.com ESMTP Postfix

Now please enter,

ehlo localhost

250-ns2.ranjithkr.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Now enter the below command,

mail from:<user1>
250 2.1.0 Ok

then,

rcpt to:<user1>
250 2.1.5 Ok

and,

data
354 End data with <CR><LF>.<CR><LF>

finally enter the mail body contents,

test
.
250 2.0.0 Ok: queued as D01B1101E0D

and hit quit,

quit
221 2.0.0 Bye
Connection closed by foreign host.


Now check the user1 maildir location and you will be able to see the new mail.


[root@ns2 postfix]# cd /home/user1/Maildir/
[root@ns2 Maildir]# ll
total 12
drwx------. 2 user1 user1 4096 Jun 22 06:18 cur
drwx------. 2 user1 user1 4096 Jun 22 06:18 new
drwx------. 2 user1 user1 4096 Jun 22 06:18 tmp
[root@ns2 Maildir]# cd new/
[root@ns2 new]# ll
total 4
-rw-------. 1 user1 user1 412 Jun 22 06:18 1371862122.Vfd00I3795M419578.ns2.ranjithkr.com
[root@ns2 new]# cat 1371862122.Vfd00I3795M419578.ns2.ranjithkr.com
Return-Path: <user1@ranjithkr.com>
X-Original-To: user1
Delivered-To: user1@ranjithkr.com
Received: from localhost (localhost [IPv6:::1])
    by ns2.ranjithkr.com (Postfix) with ESMTP id D01B1101E0D
    for <user1>; Sat, 22 Jun 2013 06:17:01 +0530 (IST)
Message-Id: <20130622004822.D01B1101E0D@ns2.ranjithkr.com>
Date: Sat, 22 Jun 2013 06:17:01 +0530 (IST)
From: user1@ranjithkr.com
To: undisclosed-recipients:;

test
[root@ns2 new]#

So postfix works fine now.
Posted by at No comments:

Sunday, 23 June 2013

DNS Installation and configuration in Centos

The DNS resolves hostname into ip address and vice versa. For example if we type http://www.google.com in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.

Setup primary Master DNS Server

Step 1:

yum install bind* -y

Step 2:

Configure DNS Server

The main configuration of the DNS will look like below.

[root@ns1 ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
      listen-on port 53 { 127.0.0.1; 192.168.198.140;};                      ## Master DNS IP ##
      listen-on-v6 port 53 { ::1; };
      directory   "/var/named";
      dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
      allow-query     { any; 192.168.198.0/24; };                      ## IP Range ##
      allow-transfer    { localhost; 192.168.198.141; };                        ## Slave DNS IP ## 
      recursion yes;
      dnssec-enable yes;
      dnssec-validation yes;
      dnssec-lookaside auto;
      /* Path to ISC DLV key */
      bindkeys-file "/etc/named.iscdlv.key";
      managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
      type hint;
      file "named.ca";
};
zone  "example.com" IN {
      type master;
      file "fwd.example.com";
      allow-update { none; };
};
zone  "198.168.192.in-addr.arpa" IN {
      type master;
      file "rev.example.com";
      allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


Step 3:

Create Zone files

Now we should create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.

Create Forward Zone:

[root@masterdns ~]# vi /var/named/fwd.example.com
$TTL 86400
@   IN  SOA     ns1.example.com. root.example.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@     IN  NS      ns1.example.com.
@     IN  NS          ns2.example.com.
           
ns1     IN  A       192.168.198.140
ns2   IN  A     192.168.198.141

Create Reverse Zone:

[root@masterdns ~]# vi /var/named/rev.example.com
$TTL 86400
@   IN  SOA     ns1.example.com. root.example.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@     IN  NS      ns1.example.com.
@     IN  NS      ns2.example.com.
ns1   IN  A           192.168.198.140
ns2   IN  A           192.168.198.141
200     IN  PTR     ns1.example.com.
201   IN  PTR         ns2.example.com.


Step 4:

Start the bind service

[root@ns1 ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@ns1 ~]# chkconfig named on

Step 5:

Allow DNS Server through iptables

Add the lines shown below in ‘/etc/sysconfig/iptables’ file. This will allow all clients to access the DNS server.

-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT

Then,

Restart iptables to save the changes

[root@ns1 ~]# service iptables restart




Test syntax errors of DNS configuration and zone files:

Checking DNS Config file

[root@ns1 ~]# named-checkconf /etc/named.conf
[root@ns2 ~]# named-checkconf /etc/named.rfc1912.zones

Checking zone files

[root@ns1 ~]# named-checkzone example.com /var/named/fwd.example.com
[root@ns2 ~]# named-checkzone example.com /var/named/rev.example.com


Test DNS Server

[root@ns1 ~]# dig ns1.example.com

[root@ns2 ~]# dig -x 192.168.198.140





Setup Secondary(Slave) DNS Server

Step 1:

[root@ns2 ~]# yum install bind* -y

Step 2:

Configure Slave DNS Server

[root@ns2 ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
      listen-on port 53 { 127.0.0.1; 192.168.198.141; };                    ## NS2 DNS IP ##     
      listen-on-v6 port 53 { ::1; };
      directory   "/var/named";
      dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
      allow-query     { localhost; 192.168.198.0/24; };                     ## IP Range ##  
      recursion yes;
      dnssec-enable yes;
      dnssec-validation yes;
      dnssec-lookaside auto;
      /* Path to ISC DLV key */
      bindkeys-file "/etc/named.iscdlv.key";
      managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
      type hint;
      file "named.ca";
};
zone  "example.com" IN {
      type slave;
      file "slaves/example.fwd";
      masters { 192.168.1.140; };
};
zone  "198.168.192.in-addr.arpa" IN {
      type slave;
      file "slaves/example.rev";
      masters { 192.168.1.140; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Step 3:

Start the DNS Service

[root@ns2 ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@ns2 ~]# chkconfig named on


Now the forward and reverse zones are automatically replicated from Master DNS server to Slave DNS server.
The forward and reverse zones are automatically replicated from Master DNS. Now check the zone files whether the correct zone files are replicated or not.


Step 4:

Add the DNS Server details to all systems

[root@slavedns ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 192.168.198.140
nameserver 192.168.198.141
nameserver 8.8.8.8

Step 5:

Test DNS Server

[root@ns2 ~]# dig ns2.example.com
[root@ns2 ~]# dig ns1.example.com



 
Posted by at No comments:

Sunday, 16 June 2013

dns querying


Posted by at No comments:
Subscribe to: Posts (Atom)