2016年4月6日 星期三

E-MAIL SERVER架設(2016/04/06)

E-MAIL SERVER架設雖然有弄完,可是郵件傳不出去一直顯示removed,因此後面就沒有辦法在做下去囉~


首先一樣要安裝Postfix套件:#yum -y install postfix dovecot

編修目錄檔:
#vim /etc/postfix/main.cf
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
mynetworks_style = class
mynetworks = 127.0.0.0/8, 192.168.100.0/24(打本機網段即可)

inet_interfaces = all
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
mail_spool_directory = /var/mail

home_mailbox = Maildir/
mailbox_size_limit = 0  #原設定參數沒有
message_size_limit = 0  #請自己加上即可
換編修這個目錄檔:
#vim /etc/dovecot/dovecot.conf
protocols = imap pop3
編修設定檔: 
#vim /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u

開啟防火牆服務:
#firewall-cmd --permanent --add-service=smtp
#firewall-cmd --permanent --add-port=110/tcp
#firewall-cmd --permanent --add-port=143/tcp
#firewall-cmd --reload
設定 SELinux :
#setsebool -P postfix_local_write_mail_spool on

啟動 smtp 與 imap 的服務:
#systemctl enable postfix
#systemctl enable dovecot
#systemctl start postfix
#systemctl start dovecot
檢測mail可否發送出去(我就是掛在這邊XD):
#mail student@mail.example.com
Subject:  test
Hello World!
.(PS "."是結束的意思)
查看一下的記錄:
#tail /var/log/maillog

DNS SERVER 架設(2016/04/06)

今天大約做完兩個SERVER的架設,因為做的過程中有點錯誤所以只做了兩個站台架設

這是DNS SERVER架設

首先:
先要安裝bind套件:#yum -y install bind bind-libs bind-chroot bind-utils

接下來要編修目錄檔:#vim /etc/named.conf
options {
        listen-on port 53  { any; };
        //listen-on-v6 port 53 { ::1; };(該行把它註解掉)
        directory          "/var/named";
        dump-file          "/var/named/data/cache_dump.db";
        statistics-file    "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query        { localhost; 192.168.100.0/24; };
        recursion yes;                 (上面打自己本機的ip網段)

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
           file "data/named.run";
           severity dynamic;
        };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "." IN {
        type hint;
        file "named.ca";
};
//設定所管轄的網域名稱對IP正解析
zone "example.com" IN {
        type master;
        file "example.zone";
};
//設定所管轄的網域名稱對IPv4反解析
zone "100.168.192.in-addr.arpa" IN {
        type master;
        file "example.reverse";
};

接下來換編修這個目錄檔:
#vim /var/named/example.zone
$TTL 10
@        IN SOA dns1.example.com. root (
         2016032901;
         1H;
         2D;
         3W;
         10 )
@        IN NS dns1.example.com.
@        IN A 192.168.XXX.XXX
@        IN MX 10 mail

dns1.example.com. IN A 192.168.XXX.XXX(本機IP位置)
mail              IN A 192.168.XXX.XXX(本機IP位置)
ftp               IN A 192.168.XXX.XXX(本機IP位置)
www               IN A 192.168.XXX.XXX(本機IP位置)
接下來要編修另一個目錄檔:
#vim /var/named/example.reverse
$TTL 10
@        IN SOA dns1.example.com. root (
         2016032901;
         1H;
         2D;
         3W;
         10 )
@        IN NS dns1.example.com.
xxx      IN PTR dns1.example.com.
xxx      IN PTR mail.example.com.
xxx      IN PTR www.example.com.
xxx      IN PTR ftp.example.com. 
(ps xxx為ip後三碼)
接下來開啟防火牆設定:
#firewall-cmd --permanent --add-service=dns
#firewall-cmd --reload
啟動DNS SERVER的服務:
#systemctl stop named
#systemctl disable named
#systemctl enable named-chroot
#systemctl start named-chroot
接ㄒ來是設定本機查詢的DNS SERVER:
#vim /etc/resolv.conf
search example.com
nameserver 192.168.100.183
下面是一些檢測工具:
#dig example.com NS
#dig example.com A
#dig -x 192.168.XXX.XXX