Friday, 14 June 2013

Domain Name Server - A Simple Name Resolving Model

DNS (Domain Name System), also known as a nameserver, is a network system that associates hostnames with their respective IP addresses. For users, this has the advantage that they can refer to machines on the network by names that are usually easier to remember than the numerical network addresses. For system administrators, using the nameserver allows them to change the IP address for a host without ever affecting the name-based queries, or to decide which machines handle these queries.


DNS is usually implemented using one or more centralized servers that are authoritative for certain domains. When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the name requested. If it does not have an authoritative answer, or does not already have the answer cached from an earlier query, it queries other nameservers, called root nameservers, to determine which nameservers are authoritative for the name in question, and then queries them to get the requested name.Nameserver Zones:In a DNS server such as BIND (Berkeley Internet Name Domain), all information is stored in basic data elements called resource records (RR). The resource record is usually a fully qualified domain name (FQDN) of a host, and is broken down into multiple sections organized into a tree-like hierarchy. This hierarchy consists of a main trunk, primary branches, secondary branches, and so on.Here is a simple guide to install DNS on RHEL6. Consider a fresh installation of redhat enterprise linux on a machine, to make it simple.BIND consists of a set of DNS-related programs. It contains a nameserver called named, an administration utility called rndc, and a debugging tool called dig.


Note the following:


Host machine IP Address: 192.168.1.254

Hostname: dns.starplus.com


Make following enteries in the following files:


# vim /etc/resolv.conf


nameserver 192.168.1.254

search starplus.com


# vim /etc/hosts


192.168.1.254 dns.starplus.com dns

127.0.0.1 localhost.localdomain localhost


Make sure to assign static IP address to the machine.First check the Ethernet LAN port on which the machine is connected using following commands:


# mii-tools# ethtool eth0


After that edit the network file:


# vim /etc/sysconfig/network-scripts/ifcfg-eth0


DEVICE=eth0

TYPE=Ethernet

BOOTPROTO=static

ONBOOT=yes

IPADDR=192.168.1.254

NETMASK=255.255.255.0

GATEWAY=192.168.1.1


save and quit


Now stop the service of NetworkManager and restart the service of network.


# /etc/init.d/NetworkManager stop;chkconfig NetworkManager off

#/etc/init.d/network restart;chkconfig network on


Now, make sure YUM is working on your machine.






















Install the following packages on the machine using YUM.






# yum install -y *bind*






When installation is completed, we proceed with the configuration.main configuration files are:






/etc/named/named.conf






/var/named/chroot/named/etc/named.conf






also we need to include some files, we discuss about them later.Edit the configuration file as:






# vim /etc/named/named.confoptions










{






listen-on port 53 { 127.0.0.1; 192.168.1.254; };






allow-query { localhost; any; };


allow-transfer { 192.168.1.254; };






include "/etc/named.rfc1912.zones";










Edit the file:






# vim /etc/named/named.rfc1912.zones






zone "starplus.com" IN {


type master;


file "forward.zone";


allow-update { none; };


zone "254.1.168.192.in-addr.arpa" IN {


type master;


file "reverse.zone";


allow-update { none; };


};


save and quit.






Write only the above lines in the file, if you don't know how to customize DNS.






Also create the new files that you have added in the above file:


# vim /var/named/chroot/var/named/forward.zone






$TTL 1D


@ IN SOA starplus.com. root.starplus.com. (


5 ; serial


1D ; refresh


1H ; retry


1W ; expire


3H ) ; minimum


IN NS starplus.com.


IN A 192.168.1.254


dns.starplus.com. IN A 192.168.1.254


save and quit.






# vim /var/named/chroot/var/named/reverse.zone






$TTL 3H


@ IN SOA dns.starplus.com. root.dns.starplus.com. (


0 ; serial


1D ; refresh


1H ; retry


1W ; expire


3H ) ; minimum


NS starpuls.com.


Save and quit.






Make sure that the firewall and SELinux is off, also the owner ship of the above two files is as:






# cd /var/named/chroot/var/named/






# chown root.named reverse.zone# chown root.named forward.zone






These lines may be at any sequence.


Now restart the service and send query to the DNS.


# /etc/init.d/named restart;chkconfig named on


# dig -x 192.168.1.254


# dig dns.starplus.com


# nslookup

> lserver

> 192.168.1.254

> starplus.com

>^C


If some reply is received, means your dns is resolving.

save and quit.






Thursday, 13 June 2013

Mail Server Configuration with courier-imap on RHEL5

This is simple doc to install Mail server on RHEL 5 with courier-imap.

1. First of  all install rhel5 on the system.

2. Copy the Server directory from ISO/CD to the location:

/var/www/html/

#rsync –avz /media/RHEL_5.6/Server /var/www/html/Server/

3. Create yum on the freshly created system.

# vim /etc/yum.repos.d/server.repo
[server]
name=test
baseurl=file:///var/www/html/Server/
esc :wq

4. Now install the following packages using yum.

# yum install *mysql* *php* *rpm* *http* *system-sw* -y

5. Download postfixadmin-2.2.1.1.tar.gz.

6. [root@mail~] # mkdir /var/www/html/mailadmin

7. [root@mail~] # cp Dosktop/postfixadmin-2.2.1.1.tar.gz /var/www/html/

8. [root@mail html] # tar -zxf /postfixadmin-2.2.1.1.tar.gz

9. [root@mail postfixadmin-2.2.1.1] # cp config.inc.php config.inc.php-org 

10. [root@mail postfixadmin-2.2.1.1]# vi config.inc.php

$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfix';
$CONF['database_name'] = 'postfix';
$CONF['admin_email'] = 'postmaster@iic.com';
$CONF['encrypt'] = 'cleartext';
// Default Aliases
// The default aliases that need to be created for all domains.
$CONF['default_aliases'] = array (
    'abuse' => 'abuse@fooster.com',
    'hostmaster' => 'hostmaster@iic.com',
    'postmaster' => 'postmaster@iic.com',
    'webmaster' => 'webmaster@iic.com'
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.change-this-toyour.domain.tld';
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'www.dell.com';
$CONF['footer_link'] = 'www.dell.com';
CONF['emailcheck_resolve_domain']='YES'; 

11. [root@mail html]# mv  postfixadmin-2.2.1.1 mailadmin

12. [root@mail mailadmin]# service httpd restart

13. [root@mail mailadmin]# service mysqld  restart

14. [root@mail html]# mysqladmin password "postfix" (set password database user)

15. [root@mail html]# mysql -u root -p

Enter password:   
  mysql>
  mysql> CREATE DATABASE postfix; 
  mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfix';
  mysql>  GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';
  mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| postfix            |
| test               |
+--------------------+
4 rows in set (0.00 sec) 
mysql> quit

16. [root@mail mailadmin]# /etc/init.d/httpd restart

17.  Now open web-browser and enter the following address.

18.  Click on the SETUP link on the page opened.

19. [root@mail mailadmin]# vim config.inc.php 
$CONF['configured'] = false;  

20. Now add the account of the super user at the end and rename the setup.php file in mailadmin/.

21. [root@mail mailadmin]# mv setup.php setup.php-org

22. [root@mail mailadmin]# service httpd restart 

23.  Create a new user, to build the rpms.
 
# useradd rpmbuild
# passwd rpmbuild

24.  Download the source rpm from internet and copy to home directory of user.
cp Desktop/postfix-2.5.5-1.src.rpm /home/rpmbuild/
# chown rpmbuild.rpmbuild /home/rpmbuild/postfix-2.5.5-1.src.rpm

25.  Now switch to new user and create following directory set:

# su - rpmbuild
[rpmbuild@mail ~]$ mkdir rpm
[rpmbuild@mail ~]$  mkdir rpm/SOURCES
[rpmbuild@mail ~]$  mkdir rpm/SPECS
[rpmbuild@mail ~]$  mkdir rpm/BUILD
[rpmbuild@mail ~]$  mkdir rpm/SRPMS
[rpmbuild@mail ~]$  mkdir rpm/RPMS
[rpmbuild@mail ~]$  mkdir rpm/RPMS/x86_64
[rpmbuild@mail ~]$  echo "%_topdir    $HOME/rpm" >> $HOME/.rpmmacros

26.  Now install the source RPM that was downloaded.
[rpmbuild@mail ~]$  rpm -ivh postfix-2.5.5-1.src.rpm

27.  Now edit the postfix.spec file, that is automatically created under rpm/SPECS/

[rpmbuild@mail ~]$ cd rpm/SPECS
[rpmbuild@mail SPECS]$ ls
   postfix.spec
[rpmbuild@mail SPECS]$ vim postfix.spec
%define with_mysql_redhat 1
    %define with_sasl         2
    %define with_vda       1 
{Replace every occurrence of rhel4 with rhel5 in the file.}

28.  Now build the rpm using RPMBUILD.

[rampal@mail SPECS]$ rpmbuild -ba postfix.spec 

29. This will create rpms on following locations:

/home/rampal/rpm/RPMS/i386/postfix-2.5.5-1.rhel5.i386.rpm
/home/rampal/rpm/RPMS/i386/postfix-debuginfo-2.5.5-1.rhel5.i386.rpm 
[rampal@mail SPECS]$  logout 

30.  Install these packages as root.

[root@mail i386]# rpm -Uvh postfix-2.5.5-1.rhel5.i386.rpm
[root@mail i386]# rpm -Uvh postfix-debuginfo-2.5.5-1.rhel5.i386.rpm  
[root@mail i386]# postconf -m    
      btree
      cidr
      environ
      hash
      ldap
      mysql
      nis
      proxy
      regexp
      static
      unix

31.  Download courier-imap-4.4.1.tar.bz2 from internet and copy this to home directory of the user. Change the user ownership of the file.

32. Also download  the file courier-authlib-0.61.0.tar.bz2 and copy this file also to the home directory of the user, also change the ownership.

[root@mail Desktop]# cp courier-imap-4.1.1.tar.bz2 /home/rampal/
[root@mail Desktop]# chown rampal.rampal /home/rampal/courier-imap-4.1.1.tar.bz2  
[root@mail Desktop]# cp courier-authlib-0.58.tar.bz2 /home/rampal/
[root@mail Desktop]# chown rampal.rampal /home/rampal/courier-authlib-0.58.tar.bz2

33.  Now switch to user and build the rpm using rpmbuild.

[root@mail Desktop]# su - rampal
[rampal@mail ~]$  rpmbuild -ta  courier-authlib-0.58.tar.bz2
[rampal@mail~]$ logout

34.  Install the dependencies of the rpmbuild as the root user using yum.

[root@mail Desktop]# yum install *libtool*
[root@mail Desktop]# yum install *postgresql-devel*
[root@mail Desktop]# yum install *gdbm-devel*
[root@mail Desktop]# yum install *pam-devel
[root@mail Desktop]# yum install *expect*
[root@mail Desktop]# yum install *gcc-c++*
[root@mail Desktop]# su - rampal
[rampal@mail ~]$  rpmbuild -ta  courier-authlib-0.58.tar.bz2
[rampal@mail~]$ logout

35.  Now packages are created on the following location. Install these packages.

[root@mail ~]$ cd /home/rampal/rpm/RPMS/i386/
[root@mail i386]$ rpm -ivh courier-authlib-0.58-1.5Server.i386.rpm
[root@mail i368]$ rpm -ivh  courier-authlib-debuginfo-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-devel-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh  courier-authlib-ldap-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-mysql-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-pgsql-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-pipe-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-userdb-0.58-1.5Server.i386.rpm
[root@mail ~]# su - rampal

36.  Now untar the courier-imap file , make following changes in the file and copy it to rpm/SPEC/ location.

[rampal@mail ~]$  tar -jxvf courier-imap-4.1.1.tar.bz2
[rampal@mail ~]$ cd courier-imap-4.1.1
[rampal@mail courier-imap-4.1.1]$ cp courier-imap.spec courier-imap.spec-org
[rampal@mail courier-imap-4.1.1]$ vi courier-imap.spec  
BuildPreReq: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel
%else
BuildPreReq: rpm >= 4.0.2 sed openldap-devel openldap-servers
%endif
{remove every thing except these in the above lines in the file}

37.  Now run the rpmbuild command to build the rpm packages. If it shows some dependencies, install those dependencies using yum as root. When the command completes building packages, install those packages as root.

[rampal@mail] courier-imap-4.1.1]$  cp courier-imap.spec /home/rampal/rpm/SPECS/
[rampal@mail]courier-imap-4.1.1]$  cp courier-imap-4.1.1.tar.bz2 /home/rampal/rpm/SOURCES
[rampal@mail~]$  cd rpm/SPECS/
[rampal@mail] SPECS]$ rpmbuild -ba courier-imap.spec
    dependencies: openldap* rpm
[ramapl@mail~] logout
[root@mail~]# yum install  openldap*
[root@mail~]# su - rampal
[rampal@mail] SPECS]$ rpmbuild -ba courier-imap.spec
[rampal@mail] SPECS]$ logout
[root@mail ~] cd /home/rampal/rpm/RPMS/i386/
[root@mail i386]# rpm -ivh courier-imap-4.1.1-1.5Server.i386.rpm
[root@mail i386]# rpm -ivh courier-imap-debuginfo-4.1.1-1.5Server.i386.rpm

38.  Now add a virtual user with uid=1001 and gid=1001.

[root@mail ~]#  useradd virtual ( useradd only virtual uid-1001 gid-1001)
[root@mail ~]# passwd virtual 
virtual:x:1001:1001::/home/virtual:/bin/bash 
[root@mail ~]# vi /etc/passwd 
virtual:x:1001: 
[root@mail ~]# vi /etc/group 
[root@mail ~]# chmod -R 777 /home/virtual/
[root@mail ~]# chown virtual.virtual /home/virtual 

39.  Now copy the main.cf file to a temp file and make following changes in the file.

[root@mail postfix]# cp /etc/postfix/main.cf main.cf_org
[root@mail postfix]#  vi /etc/postfix/main.cf 
Add these line in the end of file : 
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /home/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = virtual
virtual_uid_maps = static:1001
#Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota,   please try again later.
virtual_overquota_bounce = yes
relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf
mynetworks = 192.168.0.0/24, 127.0.0.0/8 
[root@mail postfix]#  postmap hash:/etc/postfix/aliases
[root@mail postfix]#  service postfix restart 

40.  Add following files in the /etc/postfix directory:

[root@mail ~]# vi /etc/postfix/mysql_relay_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1' 
[root@mail ~]# vi /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' 
[root@mail ~]# vi /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1 
[root@mail ~]# vi /etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1 
#  [root@mail~]# vi /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1' 

41.  Also make changes in following files:

/etc/authlib/authmysqlrc:
[root@mail ~]# cd /etc/authlib/
[root@mail authlib]#  cp authmysqlrc authmysqlrc_org
[root@mail authlib]# vi authmysqlrc ( This file authentusen file mysql and database 
MYSQL_SERVER            localhost
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          postfix
MYSQL_PORT              0
MYSQL_OPT               0
MYSQL_DATABASE          postfix
MYSQL_USER_TABLE        mailbox
#MYSQL_CRYPT_PWFILED     crypt
MYSQL_CLEAR_PWFIELD     password
MYSQL_UID_FIELD         1001
MYSQL_GID_FIELD         1001
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        '/home/virtual'
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir 
[root@mail ~]# vim /etc/authlib/authdaemonrc  
authmodulelist=" authmysql "
[root@mail ~]# /etc/init.d/courier-authlib restart
[root@mail ~]# /etc/init.d/courier-imap restart
[root@mail ~]# /etc/init.d/httpd restart

42.  Open web-browser and open following url:

http://localhost/mailadmin/
login email = user name@domain name
password=  ******

43.  Now you can add new mailbox, domains and send mails to user from your server.

LDAP: Light-weight Directory Access Protocol


Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.


LDAP is the collection of following packages:


1. Transport Layer Security2. Simple Authentication and Security Layer3. Kerberos Authentication Service4. Database Software 5. Threads6. TCP Wrappers
slapd is an LDAP directory server that runs on many different platforms. slapd is a version 3  of LDAP, supports LDAP over both IPv4 and IPv6 and Unix PC.

Following are the some of the advantages of using SLDAP.


1. slapd supports Unicode and language tags.


2. slapd can be configured to restrict access at the socket layer based on network topology.

3. slapd comes with a variety of databases: BDB and HDB are two.

4. multiple databases can be configured.

5. slapd consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations. 

6. These two pieces communicate via a well-defined C API, we can write a customized modules which extend slapd in numerous ways.

Here is the installation guide for setting up a basic LDAP server:

Install the openldap packages using yum:
# yum install openldap-servers
Add the following lines to /etc/sysconfig/iptables file:
# vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m udp -p udp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
Restart the firewall:
# service iptables restart
Make sure service can run:
# service slapd start
Make sure service is not running:
# service slapd stop
Prepare customized configuration file in slapd.example.conf:
# cp /etc/openldap/slapd.conf.bak slapd.example.conf
Generate root password for LDAP cn=config configuration:
# slappasswd
"{SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN".
Modify the defaults in /etc/openldap/slapd.conf:
# vim /etc/openldap/slapd.conf
rootpw {SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN
"cn=admin,dc=example,dc=com".
"dc=example,dc=com".
Install the package:
# yum install openldap-clients
Configure the clients through /etc/openldap/ldap.conf. Providing base DN is not necessary as it is dc=example,dc=com by default. However, default URI refers to localhost which has to be changed.
BASE    dc=example, dc=com
URI     ldap://127.0.0.1
This section provides content of initial LDAP database in LDIF format.
Create example.com.ldif file with the following content:
# cd /etc/openldap/
# vim example.com.ldif
# Root entry
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example
Create admin.example.com.ldif file with the following content:
# vim admin.example.com.ldif
# Admin DN
dn: cn=admin,dc=example,dc=com
objectclass: organizationalRole
cn: admin
Create users.example.com.ldif file with the following content:
#vim users.example.com.ldif
# Base DN for users
dn: ou=users,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: users
Create groups.example.com.ldif file with the following content:
# vim groups.example.com.ldif
# Base DN for groups
dn: ou=groups,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: groups
This section can be used repeatedly to re-set configuration, re-initialize LDAP content and start over again.
Make sure service is not running:
# service slapd stop
Clean up configuration:
# rm -rf /etc/openldap/slapd.d/*
Clean up content:
# rm -rf /var/lib/ldap/*
Copy the file:
# cp /usr/share/doc/openldap-servers-*/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Initialize DB files for content in /var/lib/ldap directory:
# echo "" | slapadd -f /etc/openldap/slapd.example.conf
Convert configuration file into dynamic configuration under /etc/openldap/slapd.d directory:
# slaptest -f /etc/openldap/slapd.example.conf -F /etc/openldap/slapd.d
Initialize LDAP DB with initial content:
# slapadd -l        example.com.ldif
# slapadd -l  admin.example.com.ldif
# slapadd -l  users.example.com.ldif
# slapadd -l groups.example.com.ldif
Set permissions:
#chown -R ldap:ldap /var/lib/ldap
# chown -R ldap:ldap /etc/openldap/slapd.d
Start server:
# service slapd restart
List the content by request from client:
# ldapsearch -x -b 'dc=example,dc=com'
Load the the rest of LDAP database content from LDIF:
#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f users.example.com.ldif
#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f groups.example.com.ldif
List again
# ldapsearch -x -b 'dc=example,dc=com'