Yum install DHCP-y
Copy the template file to/etc /.
CP/usr/share/doc/dhcp-3.0.5/DHCPD. conf. Sample/etc/DHCPD. conf
Ddns-Update-style interim;
Ignore client-updates;
Subnet 10.1.1.0 netmask 255.255.255.0 {
Option routers 10.1.1.1;
Option subnet-mask limit 255.0;
Option Nis-domain "cluster.com ";
Option domain-name "upl.com ";
Option domain-name-servers 10.1.1.1;
Option time-offset-18000; # Eastern Standard Time
Range dynamic-BOOTP 10.1.1.88 10.1.1.88;
Default-lease-time 21600;
Max-lease-time 43200;
# We want the nameserver to appear at a fixed address
Host boss {
Hardware Ethernet 00: 27: 19: 96: 19: B5;
Fixed-address 10.1.1.88;
}
Host Sb {
Hardware Ethernet 00: 27: 19: 96: 19: B5;
Fixed-address 10.1.1.244;
}
}
Service DHCPD restart
The client dynamically obtains the IP address.
Dhclient eth0
========================================================== ==============
Sendmail
Protocol: TCP/SMTP
Port: 25
Software:
Sendmail. i386
Sendmail-cf.i386
Sendmail-devel.i386
Sendmail-doc.i386
M4.i386
Dovecot <--- MDA
Promail <--- is responsible for distributing emails to different local accounts
# Yum install Sendmail * M4 procmail Dovecot-y
Configure the directory/etc/mail/
Sendmail. cf
Sendmail. MC
Access
Virtusertable
Local-host-names
/Etc/aliases
Preparation:
Host Name FQDN
Time Synchronization
Disable SELinux and iptables
Set the correct MX record on DNS
@ In NS squid.upl.com.
Squid in a 10.1.1.21
@ In MX 0 mail.upl.com.
Mail in cname squid
Verify the correctness of MX records
[Root @ DNS 06] # NSLookup
> Set type = mx
> Upl.com
Server: 10.1.1.21
Address: 10.1.1.21 #53
Upl.com mail exchanger = 0 mail.upl.com.
Example 1: start directly to verify that the server works properly
# Netstat-ntlp | grep: 25
[Root @ squid mail] # telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost. localdomain (127.0.0.1 ).
Escape Character is '^]'.
220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 11:06:59 + 0800
Helo ddddd
250 squid.upl.com Hello localhost. localdomain [127.0.0.1], pleased to meet you
Mail from: 10000@qq.com
250 2.1.0 10000@qq.com... sender OK
Rcpt to: tom@squid.upl.com
250 2.1.5 tom@squid.upl.com... recipient OK
Data
354 enter mail, end with "." on a line by itself
Wel to upl
.
250 2.0.0 o6n36x3o004704 message accepted for delivery
Quit
221 2.0.0 squid.upl.com closing connection
Connection closed by foreign host.
View emails
CAT/var/mail/Tom
Example 2: Allow Local Network Connections to send emails
# Vim sendmail. MC
Daemon_options ('port = SMTP, ADDR = 127.0.0.1, name = MTA ') DNL
Change
Daemon_options ('port = SMTP, ADDR = 0.0.0.0, name = MTA ') DNL
# M4 sendmail. MC> sendmail. cf
# Netstat-ntlp | grep: 25
Connect to another machine for testing
# Telnet 10.1.1.21 25
Example 3: Let the mail server support short domain name, support xxx@upl.com
# Vim local-host-names
Upl.com
Squid.upl.com
Test
Rcpt to: tom@upl.com
250 2.1.5 tom@upl.com... recipient OK
Example 4: email alias and Group Sending
# Vim/etc/aliases
IT: Tom, bean Group
Mary: Tom forwarding
# Newaliases
Test
# Cat/etc/fstab | mail-s "group mail" it@upl.com
# Mail-s "group mail" it@upl.com </etc/inittab
# Cat/etc/hosts | sendmail-V mary@upl.com
Example 5: External emails can be sent.
You must enable the relay function: send the email to the external network (the domain name bound to the MTA is different from the recipient's domain name)
[Root @ DNS 06] # telnet 10.1.1.21 25
Trying 10.1.1.21...
Connected to squid.upl.com (10.1.1.21 ).
Escape Character is '^]'.
220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 13:49:12 + 0800
Mail from: 10000@qq.com
250 2.1.0 10000@qq.com... sender OK
Rcpt to: l.t. B @126.com
550 5.7.1 l.t. B @126.com... relaying denied
Relay rejection: by default, other IP addresses are not allowed to log on to the email server to send external emails.
Allows an internal CIDR block to send external emails.
# Vim/etc/mail/Access
Connect: 10.1.1.19 rejcet
Connect: 10.1.1 Relay
To: QQ.com reject
From: gmail.com reject
# Makemap hash/etc/mail/access. DB </etc/mail/Access
[Root @ DNS 06] # telnet 10.1.1.21 25
Trying 10.1.1.21...
Connected to squid.upl.com (10.1.1.21 ).
Escape Character is '^]'.
220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 13:56:51 + 0800
Mail from: 10000@gmail.com
550 5.7.1 10000@gmail.com... Access Denied
Mail from: admin@qq.com
250 2.1.0 admin@qq.com... sender OK
Rcpt to: 10000@qq.com
550 5.2.1 10000@qq.com... mailbox disabled for this recipient
Rcpt to: l.t. B @126.com
250 2.1.5 l.t. B @126.com... recipient OK
Data
354 enter mail, end with "." on a line by itself
Just for test
.
250 2.0.0 o6n5up32005376 message accepted for delivery
Quit
221 2.0.0 squid.upl.com closing connection
Connection closed by foreign host.
Example 6: Support for SMTP Verification
The account and password must be verified for sending emails
After SMTP authentication is enabled on the server, access is ignored.
# Vim sendmail. MC
Search MD5
Trust_auth_mech ('external DIGEST-MD5 CRAM-MD5 login plain ') DNL
Define ('confauth _ mechanisms ', 'external gssapi DIGEST-MD5 CRAM-MD5 login plain') DNL
Search for submission
Daemon_options ('port = Submission, name = MSA, M = EA ') DNL
# M4 sendmail. MC> sendmail. cf
Check whether verification is supported
[Root @ DNS 06] # telnet 10.1.1.21 25
Trying 10.1.1.21...
Connected to squid.upl.com (10.1.1.21 ).
Escape Character is '^]'.
220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 14:05:30 + 0800
EHLO squid.upl.com 《----
250-squid.upl.com Hello dns.upl.com [10.1.1.20], pleased to meet you
250-enhancedstatuscodes
250-pipelining
250-8bitmime
December 250-size
250-dsn
250-etrn
250-auth login plain 《----
250-deliverby
250 help
2. Install all the software packages required for verification.
# Yum install Cyrus-*-y
3. Restart all related services
Service Sendmail restart
Service saslauthd restart
Test
[Root @ DNS 06] # telnet 10.1.1.21 25
Trying 10.1.1.21...
Connected to squid.upl.com (10.1.1.21 ).
Escape Character is '^]'.
220 squid.upl.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Jul 2010 14:12:30 + 0800
AUTH LOGIN
334 vxnlcm5hbwu6
Dg9t --- encoded user name
334 ugfzc3dvcmq6
Mtiz --- password after Encoding
235 2.0.0 OK authenticated
Mail from: 1000@qq.com
250 2.1.0 1000@qq.com... sender OK
Rcpt to: l.t. B @126.com
250 2.1.5 l.t. B @126.com... recipient OK
Data
354 enter mail, end with "." on a line by itself
Mail comes again
.
250 2.0.0 o6n6cug9005754 message accepted for delivery
Quit
221 2.0.0 squid.upl.com closing connection
Connection closed by foreign host.
Use Foxmail to authenticate and send the email with a password.
Receiving emails requires the presence of MDA
Service Dovecot restart <--- enable the Mua connection to receive emails
Chkconfig Dovecot on
====================================
Xinetd (extended network service daemon)
1. improve system performance and service performance
2. Enhance Access Control
3. added additional log records
Configuration directory
/Etc/xinetd. d/
/Etc/xinetd. conf
Independent configuration file for a service hosted on xinetd
# Vim/etc/xinetd. d/TFTP
Service tftp
{
Socket_type = dgram
Protocol = UDP
Wait = Yes
User = root
Server =/usr/sbin/in. tftpd
Server_args =-S/tftpboot
Disable = Yes
Per_source = 11
CPIs = 100 2
Flags = IPv4
}
Example 1: Host vsftp to xinetd
# Vim/etc/xinetd. d/vsftp
Service ftp
{
Socket_type = stream
Protocol = TCP
Wait = No
User = root
Server =/usr/sbin/vsftpd
Disable = No
}
Modify vsftp configurations
# Listen = Yes <-- Comment out
# Service vsftpd stop
# Service xinetd restart
Verification:
# Netstat-ntlp | grep: 21
TCP 0 0 0.0.0.0: 21 0.0.0.0: * Listen 6264/xinetd
PS-Ef | grep vsftpd before Logon
PS-Ef | grep vsftpd after Logon
Log out, PS-Ef | grep vsftpd
Example 2: Host sshd to xinetd
# Vim sshd
Service SSH
{
Socket_type = stream
Protocol = TCP
Wait = No
User = root
Server =/usr/sbin/sshd
Server_args =-I
Disable = No
Per_source = 2
CPS = 100 2 <-- smile can process a maximum of 100 requests; otherwise, the service will be suspended for 2 seconds.
No_access = 10.1.1.20.
Only_from = 10.1.1.0/24
Access_times =-
Instances = 3
Flags = IPv4
}
# Service sshd stop
====================================
Tcpwrapper
Client <-----> tcpwrapper <----> xinetd <----> vsftpd
Client <-----> tcpwrapper <----> vsftpd
[Root @ squid ~] # LDD/usr/sbin/xinetd | grep wrap
Libwrap. so.0 =>/lib/libwrap. so.0 (0x00e95000)
[Root @ squid ~] # LDD/usr/sbin/vsftpd | grep wrap
Libwrap. so.0 =>/lib/libwrap. so.0 (0x00781000)
[Root @ squid ~] # LDD/usr/sbin/sshd | grep wrap
Libwrap. so.0 =>/lib/libwrap. so.0 (0x007c9000)
Configuration file:
/Etc/hosts. Allow
/Etc/hosts. Deny
Rule reading and matching algorithms:
Read the Allow file first. If a matching rule is found, stop reading the rule.
If allow cannot find the rule, go to the deny rule and reject it if it finds it.
If no matching rule is found
Example 1: deny 10.1.1.20 access to vsftpd
# Vim/etc/hosts. Deny <-- takes effect immediately
Vsftpd: 10.1.1.20
Example 2: only access from hosts in the 10.1.1.0/24 network segment is prohibited, but access from 10.1.1.20 is allowed.
Method 1:
# Vim/etc/hosts. Allow
Vsftpd: 10.1.1.20
# Vim/etc/hosts. Deny
Vsftpd: 10.1.1.0/255.255.255.0
Method 2:
# Vim/etc/hosts. Deny
Vsftpd: 10.1.1.0/255.255.255.0 255.t 10.1.1.20
Method 3:
# Vim/etc/hosts. Allow
Vsftpd: all instances t 10.1.1.0/255.255.255.0 instances t 10.1.1.20
All IP addresses are allowed, except 10.1.1.1 ~ 10.1.1.19, 10.1.1.21 ~ 10.1.1.254
# Vim/etc/hosts. Deny <--- Deny Access From all users. Do not forget
Vsftpd: All
Example 3: deny all access, but allow 10.1.1.0/24 access, but not 10.1.1.20
Write two files:
# Vim/etc/hosts. Allow
Vsftpd: 10.1.1.0/255.255.255.0 255.t 10.1.1.20
# Vim/etc/hosts. Deny
Vsftpd: All
Method 2:
# Vim/etc/hosts. Deny
Vsftpd: all instances t 10.1.1.0/255.255.255.0 instances t 10.1.1.20
Deny all IP addresses except 10.1.1.1 ~ 10.1.1.19, 10.1.1.21 ~ 10.1.1.254