DHCP Sendmail tcpwrapper

Yum install DHCP-y

Copy the template file to/etc /.

CP/usr/share/doc/dhcp-3.0.5/DHCPD. conf. Sample/etc/DHCPD. conf

Ddns-Update-style interim;

Ignore client-updates;

Subnet 10.1.1.0 netmask 255.255.255.0 {

Option routers 10.1.1.1;

Option subnet-mask limit 255.0;

Option Nis-domain "cluster.com ";

Option domain-name "upl.com ";

Option domain-name-servers 10.1.1.1;

Option time-offset-18000; # Eastern Standard Time

Range dynamic-BOOTP 10.1.1.88 10.1.1.88;

Default-lease-time 21600;

Max-lease-time 43200;

# We want the nameserver to appear at a fixed address

Host boss {

Hardware Ethernet 00: 27: 19: 96: 19: B5;

Fixed-address 10.1.1.88;

}

Host Sb {

Hardware Ethernet 00: 27: 19: 96: 19: B5;

Fixed-address 10.1.1.244;

}

}

Service DHCPD restart

The client dynamically obtains the IP address.

Dhclient eth0

========================================================== ==============

Sendmail

Protocol: TCP/SMTP

Port: 25

Software:

Sendmail. i386

Sendmail-cf.i386

Sendmail-devel.i386

Sendmail-doc.i386

M4.i386

Dovecot <--- MDA

Promail <--- is responsible for distributing emails to different local accounts

# Yum install Sendmail * M4 procmail Dovecot-y

Configure the directory/etc/mail/

Sendmail. cf

Sendmail. MC

Access

Virtusertable

Local-host-names

/Etc/aliases

Preparation:

Host Name FQDN

Time Synchronization

Disable SELinux and iptables

Set the correct MX record on DNS

@ In NS squid.upl.com.

Squid in a 10.1.1.21

@ In MX 0 mail.upl.com.

Mail in cname squid

Verify the correctness of MX records

[Root @ DNS 06] # NSLookup

> Set type = mx

> Upl.com

Server: 10.1.1.21

Address: 10.1.1.21 #53

Upl.com mail exchanger = 0 mail.upl.com.

Example 1: start directly to verify that the server works properly

# Netstat-ntlp | grep: 25

[Root @ squid mail] # telnet 127.0.0.1 25

Trying 127.0.0.1...

Connected to localhost. localdomain (127.0.0.1 ).

Escape Character is '^]'.

220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 11:06:59 + 0800

Helo ddddd

250 squid.upl.com Hello localhost. localdomain [127.0.0.1], pleased to meet you

Mail from: 10000@qq.com

250 2.1.0 10000@qq.com... sender OK

Rcpt to: tom@squid.upl.com

250 2.1.5 tom@squid.upl.com... recipient OK

Data

354 enter mail, end with "." on a line by itself

Wel to upl

.

250 2.0.0 o6n36x3o004704 message accepted for delivery

Quit

221 2.0.0 squid.upl.com closing connection

Connection closed by foreign host.

View emails

CAT/var/mail/Tom

Example 2: Allow Local Network Connections to send emails

# Vim sendmail. MC

Daemon_options ('port = SMTP, ADDR = 127.0.0.1, name = MTA ') DNL

Change

Daemon_options ('port = SMTP, ADDR = 0.0.0.0, name = MTA ') DNL

# M4 sendmail. MC> sendmail. cf

# Netstat-ntlp | grep: 25

Connect to another machine for testing

# Telnet 10.1.1.21 25

Example 3: Let the mail server support short domain name, support xxx@upl.com

# Vim local-host-names

Upl.com

Squid.upl.com

Test

Rcpt to: tom@upl.com

250 2.1.5 tom@upl.com... recipient OK

Example 4: email alias and Group Sending

# Vim/etc/aliases

IT: Tom, bean Group

Mary: Tom forwarding

# Newaliases

Test

# Cat/etc/fstab | mail-s "group mail" it@upl.com

# Mail-s "group mail" it@upl.com </etc/inittab

# Cat/etc/hosts | sendmail-V mary@upl.com

Example 5: External emails can be sent.

You must enable the relay function: send the email to the external network (the domain name bound to the MTA is different from the recipient's domain name)

[Root @ DNS 06] # telnet 10.1.1.21 25

Trying 10.1.1.21...

Connected to squid.upl.com (10.1.1.21 ).

Escape Character is '^]'.

220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 13:49:12 + 0800

Mail from: 10000@qq.com

250 2.1.0 10000@qq.com... sender OK

Rcpt to: l.t. B @126.com

550 5.7.1 l.t. B @126.com... relaying denied

Relay rejection: by default, other IP addresses are not allowed to log on to the email server to send external emails.

Allows an internal CIDR block to send external emails.

# Vim/etc/mail/Access

Connect: 10.1.1.19 rejcet

Connect: 10.1.1 Relay

To: QQ.com reject

From: gmail.com reject

# Makemap hash/etc/mail/access. DB </etc/mail/Access

[Root @ DNS 06] # telnet 10.1.1.21 25

Trying 10.1.1.21...

Connected to squid.upl.com (10.1.1.21 ).

Escape Character is '^]'.

220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 13:56:51 + 0800

Mail from: 10000@gmail.com

550 5.7.1 10000@gmail.com... Access Denied

Mail from: admin@qq.com

250 2.1.0 admin@qq.com... sender OK

Rcpt to: 10000@qq.com

550 5.2.1 10000@qq.com... mailbox disabled for this recipient

Rcpt to: l.t. B @126.com

250 2.1.5 l.t. B @126.com... recipient OK

Data

354 enter mail, end with "." on a line by itself

Just for test

.

250 2.0.0 o6n5up32005376 message accepted for delivery

Quit

221 2.0.0 squid.upl.com closing connection

Connection closed by foreign host.

Example 6: Support for SMTP Verification

The account and password must be verified for sending emails

After SMTP authentication is enabled on the server, access is ignored.

# Vim sendmail. MC

Search MD5

Trust_auth_mech ('external DIGEST-MD5 CRAM-MD5 login plain ') DNL

Define ('confauth _ mechanisms ', 'external gssapi DIGEST-MD5 CRAM-MD5 login plain') DNL

Search for submission

Daemon_options ('port = Submission, name = MSA, M = EA ') DNL

# M4 sendmail. MC> sendmail. cf

Check whether verification is supported

[Root @ DNS 06] # telnet 10.1.1.21 25

Trying 10.1.1.21...

Connected to squid.upl.com (10.1.1.21 ).

Escape Character is '^]'.

220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 14:05:30 + 0800

EHLO squid.upl.com 《----

250-squid.upl.com Hello dns.upl.com [10.1.1.20], pleased to meet you

250-enhancedstatuscodes

250-pipelining

250-8bitmime

December 250-size

250-dsn

250-etrn

250-auth login plain 《----

250-deliverby

250 help

2. Install all the software packages required for verification.

# Yum install Cyrus-*-y

3. Restart all related services

Service Sendmail restart

Service saslauthd restart

Test

[Root @ DNS 06] # telnet 10.1.1.21 25

Trying 10.1.1.21...

Connected to squid.upl.com (10.1.1.21 ).

Escape Character is '^]'.

220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 14:12:30 + 0800

AUTH LOGIN

334 vxnlcm5hbwu6

Dg9t --- encoded user name

334 ugfzc3dvcmq6

Mtiz --- password after Encoding

235 2.0.0 OK authenticated

Mail from: 1000@qq.com

250 2.1.0 1000@qq.com... sender OK

Rcpt to: l.t. B @126.com

250 2.1.5 l.t. B @126.com... recipient OK

Data

354 enter mail, end with "." on a line by itself

Mail comes again

.

250 2.0.0 o6n6cug9005754 message accepted for delivery

Quit

221 2.0.0 squid.upl.com closing connection

Connection closed by foreign host.

Use Foxmail to authenticate and send the email with a password.

Receiving emails requires the presence of MDA

Service Dovecot restart <--- enable the Mua connection to receive emails

Chkconfig Dovecot on

====================================

Xinetd (extended network service daemon)

1. improve system performance and service performance

2. Enhance Access Control

3. added additional log records

Configuration directory

/Etc/xinetd. d/

/Etc/xinetd. conf

Independent configuration file for a service hosted on xinetd

# Vim/etc/xinetd. d/TFTP

Service tftp

{

Socket_type = dgram

Protocol = UDP

Wait = Yes

User = root

Server =/usr/sbin/in. tftpd

Server_args =-S/tftpboot

Disable = Yes

Per_source = 11

CPIs = 100 2

Flags = IPv4

}

Example 1: Host vsftp to xinetd

# Vim/etc/xinetd. d/vsftp

Service ftp

{

Socket_type = stream

Protocol = TCP

Wait = No

User = root

Server =/usr/sbin/vsftpd

Disable = No

}

Modify vsftp configurations

# Listen = Yes <-- Comment out

# Service vsftpd stop

# Service xinetd restart

Verification:

# Netstat-ntlp | grep: 21

TCP 0 0 0.0.0.0: 21 0.0.0.0: * Listen 6264/xinetd

PS-Ef | grep vsftpd before Logon

PS-Ef | grep vsftpd after Logon

Log out, PS-Ef | grep vsftpd

Example 2: Host sshd to xinetd

# Vim sshd

Service SSH

{

Socket_type = stream

Protocol = TCP

Wait = No

User = root

Server =/usr/sbin/sshd

Server_args =-I

Disable = No

Per_source = 2

CPS = 100 2 <-- smile can process a maximum of 100 requests; otherwise, the service will be suspended for 2 seconds.

No_access = 10.1.1.20.

Only_from = 10.1.1.0/24

Access_times =-

Instances = 3

Flags = IPv4

}

# Service sshd stop

====================================

Tcpwrapper

Client <-----> tcpwrapper <----> xinetd <----> vsftpd

Client <-----> tcpwrapper <----> vsftpd

[Root @ squid ~] # LDD/usr/sbin/xinetd | grep wrap

Libwrap. so.0 =>/lib/libwrap. so.0 (0x00e95000)

[Root @ squid ~] # LDD/usr/sbin/vsftpd | grep wrap

Libwrap. so.0 =>/lib/libwrap. so.0 (0x00781000)

[Root @ squid ~] # LDD/usr/sbin/sshd | grep wrap

Libwrap. so.0 =>/lib/libwrap. so.0 (0x007c9000)

Configuration file:

/Etc/hosts. Allow

/Etc/hosts. Deny

Rule reading and matching algorithms:

Read the Allow file first. If a matching rule is found, stop reading the rule.

If allow cannot find the rule, go to the deny rule and reject it if it finds it.

If no matching rule is found

Example 1: deny 10.1.1.20 access to vsftpd

# Vim/etc/hosts. Deny <-- takes effect immediately

Vsftpd: 10.1.1.20

Example 2: only access from hosts in the 10.1.1.0/24 network segment is prohibited, but access from 10.1.1.20 is allowed.

Method 1:

# Vim/etc/hosts. Allow

Vsftpd: 10.1.1.20

# Vim/etc/hosts. Deny

Vsftpd: 10.1.1.0/255.255.255.0

Method 2:

# Vim/etc/hosts. Deny

Vsftpd: 10.1.1.0/255.255.255.0 255.t 10.1.1.20

Method 3:

# Vim/etc/hosts. Allow

Vsftpd: all instances t 10.1.1.0/255.255.255.0 instances t 10.1.1.20

All IP addresses are allowed, except 10.1.1.1 ~ 10.1.1.19, 10.1.1.21 ~ 10.1.1.254

# Vim/etc/hosts. Deny <--- Deny Access From all users. Do not forget

Vsftpd: All

Example 3: deny all access, but allow 10.1.1.0/24 access, but not 10.1.1.20

Write two files:

# Vim/etc/hosts. Allow

Vsftpd: 10.1.1.0/255.255.255.0 255.t 10.1.1.20

# Vim/etc/hosts. Deny

Vsftpd: All

Method 2:

# Vim/etc/hosts. Deny

Vsftpd: all instances t 10.1.1.0/255.255.255.0 instances t 10.1.1.20

Deny all IP addresses except 10.1.1.1 ~ 10.1.1.19, 10.1.1.21 ~ 10.1.1.254