Difference between revisions of "OPS535 A2 201603"

From CDOT Wiki
Jump to: navigation, search
(Due Dates)
m (Updating for online delivery)
 
(31 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Category:OPS535]][[Category:rchan]]
+
[[Category:OPS535]][[Category:rchan]][[Category:peter.callaghan]]
 
= Due Dates =
 
= Due Dates =
 
* This assignment worth 15%  of your final grade.
 
* This assignment worth 15%  of your final grade.
* Due Date for documentation:  January 3, 2018
+
* See blackboard for the due date.
* Important: You must be in the Lab on January 3, 2018 to present your systems in order to have your assignment marked unless it is for medical reason.
+
<!--* Important: You must be in the Lab on the due date to present your systems in order to have your assignment marked unless it is for medical reason.-->
  
 
=Specification=
 
=Specification=
 
== Basic Services ==
 
== Basic Services ==
Setup an Internet email system for your assigned DNS Domain using the Virtual Machines in your Virtual Network. Your Internet email system must provide the following functions at the minimum:
+
Setup an Internet email system for your assigned DNS assignment Domain using the Virtual Machines in your assignment Virtual Network. Your Internet email system must provide the following functions:
  
# A SMTP email server that is capable of receiving and sending emails for users in your domain.
+
* A SMTP email server (running postfix) that is capable of receiving and sending emails for users in your domain.
# Users in your domain must be able to send emails to users in the same domain and users in other students' domain in the class.
+
<!--** Users in your domain must be able to send emails to users in the same domain and users in other students' domains in the class.
# Users in your domain must be able to receive emails from other email users (both in your domain or from other domains).
+
** Users in your domain must be able to receive emails from other email users (both in your domain and from other domains).-->
# Users in your domain must be able to access/manage their mail box using IMAP(s) clients or a web browser.
+
** Users in your assignment domain must be able to send emails to users in the same domain and users in your lab domain (in theory, this would include any other domain).
# You email server must be configured to check the SPF (sender policy framework) for incoming email and reject email that are violating the sender policy.
+
** Users in your domain must be able to receive emails from other email users (both in your lab domain and from other domains).
# Configure your DNS server to implement and provide the SPF protection for your domain
+
<!--* An IMAP Access Agent (running dovecot) allowing users in your domain to remotely access their mail.
 +
** Users in your domain must be able to access/manage their mail box using IMAP(s) clients.-->
 +
* You email server must be configured to check the SPF (sender policy framework) of other domains for incoming email and reject emails that are violating the sender policy.
 +
* Configure your pri-dns server to implement and provide the SPF protection for your assignment domain.
 +
* Configure your pri-dns server to implement and provide the DNSSEC records for your assignment domain.
 +
**Provide the administrator for your top domain (The one on your host) with a copy of the DS key for your assignment domain.  If you have not already done so, include the glue record as well.
 +
**Configure a DNSSEC Trust Anchor so that your co-nfs server considers your top-domain server (the one with the <yourname>.ops zone) to already be authenticated.
  
 
== Supporting Services ==
 
== Supporting Services ==
You need the following services and network infrastructure to support your Internet Email System:
+
You need the following services and network infrastructure to support your Internet Email System (some of which should have been configured in assignment 1):
# A primary DNS name server for your domain with the proper MX record(s), SPF record(s), and A record(s).
+
* Pri-dns must be the primary DNS name server for your assignment domain with the proper MX record(s), SPF record(s), A record(s), and PTR record(s).  It must be queriable by any machine.
# Proper static network routes to and from other Email servers in the Lab.
+
**Provide the administrator of the <yourname>.ops domain with glue records for your domain.
# An IMAP/IMAPS server running on one of your virtual machines.
+
* Co-nfs must be a caching DNS server, accessible to machines in your networks, that will forward traffic to the server for the <yourname>.ops domain (your host), then to your rns-ldap.
# Two Web Mail servers running on two separated virtual machines. You need to store the users' mail on a NFS server so that both web mail servers can access the users' mail boxes. This will allow your email users to use any one of your two web mail servers. (If you are short on time, one web server will be accepted.)
+
* Rns-ldap must be a forwarding server only.
# Make your domain visible on the Lab's network. Please check the wiki site for the root hint file and/or the top level name servers' IP.
+
**It must only be queriable by your co-nfs.
# Update your DNS server info on the wiki site as well. URL of the wiki site: http://zenit.senecac.on.ca/wiki/index.php/Domainreg . If you have trouble editing the wiki page, please send an email to your professor.
+
**It must have a copy of the root-hints zone.
# A root name server for delegating domains to their corresponding registrants.  
+
 
# A working LDAP server for storing email user account information. If you are not using LDAP, you must at least use NIS to centralize all your email user accounts.
+
<!--
# Optional: Use LDAP authentication to secure your web mail server. (Bonus item +10%)
+
== BONUS ==
# Optional: Enable DNSSEC on your root name server, primary DNS server, caching DNS server (Bonus item +10%)
+
# Optional: Use LDAP authentication to secure your web mail server or Access Agent. (Bonus item +10%)
# Optional: Implement dynamic firewall rules to block black-listed IP addresses of email spammer. (Bonus item +10%)
+
# Optional: Implement dynamic firewall rules to block black-listed IP addresses of email spammer. (Bonus item +10%) -->
  
 
= Evaluation =
 
= Evaluation =
==Part 1: Documentation (7 points)==
+
==Script==
 
+
<!--
Your documentation should have enough detail to guide a CNS graduate to replicate your Internet Email system (e.g. to perform a disaster recovery) on a Centos 7.x system. Please use your actual IP addresses and FQDN names in your documentation. The documentation should include at least, but not limited to, the followings:
+
On the due date you will be tasked to:
# All the steps required to setup up your Internet email system. (Keep notes when you setting up your web site)
+
# Add two new email users to your domain. Name of the new users will be given in class.
# A list of all the rpm packages required.
+
# send an email by one of the new email users to the other new email user in your own domain.
# A list of all configuration files involved (especially for the DNS server and Postfix server).
+
# send an email by one of the new email users to a designated user of other domain.
# A list of services needed to support the operation.
+
# receive the reply email from the designated user of the other domain.
# Step by step procedure on how to add a new email user to your domain.
+
# query a record from another domain
# Step by step procedure on how to send an email to someone with an email address outside of your domain.
+
# query a record from another domain with dnssec information included.-->
# Sample email log entries to show that your mail server has successfully delivered an outgoing email, accepting and rejecting an incoming email with SPF checks.
+
I will post a script to blackboard that will capture your configuration and logs. You will run this script on your machines and upload the output to blackboard.
# Sample email log entries to show that your mail server has successfully received an incoming email.
 
 
 
==Part 2: Demonstration (3 points)==
 
# Add a new email user to your domain. Name of the new user will be given in class.
 
# send an email by the new email user to a designated user of other domain.
 
# receive the reply email from the designated user of the other domain.  
 
# Mail server log entries:
 
## capture log entries to prove that your mail server has received reply email from the designated user of the other domain.
 
## capture log entries to prove that your mail server has sent email to the designated user of other domain
 
## capture log entries to prove that your mail server has received a new email from the designated user of the other domain.
 
## capture log entries to prove that your mail server has sent an reply email to the designated user of the other domain.
 
# Put the following information to a text file:
 
## the email to the designated user of the other domain,
 
## the reply email from the designated user of the other domain,
 
## the new email from the designated user of the other domain,
 
## the reply email to the designated user of the other domain, and  
 
## all mail log entries mentioned.
 
Name the text file as "ops535-a2-demo-report-[Seneca-Id].txt" and upload it to blackboard on the evaluation date.  
 
  
If you have any questions or need any clarification, please email your instructor by November 25, 2016
+
If you have any questions or need any clarification, please email your instructor at least one week before the posted due date.

Latest revision as of 19:04, 3 November 2020

Due Dates

  • This assignment worth 15% of your final grade.
  • See blackboard for the due date.

Specification

Basic Services

Setup an Internet email system for your assigned DNS assignment Domain using the Virtual Machines in your assignment Virtual Network. Your Internet email system must provide the following functions:

  • A SMTP email server (running postfix) that is capable of receiving and sending emails for users in your domain.
    • Users in your assignment domain must be able to send emails to users in the same domain and users in your lab domain (in theory, this would include any other domain).
    • Users in your domain must be able to receive emails from other email users (both in your lab domain and from other domains).
  • You email server must be configured to check the SPF (sender policy framework) of other domains for incoming email and reject emails that are violating the sender policy.
  • Configure your pri-dns server to implement and provide the SPF protection for your assignment domain.
  • Configure your pri-dns server to implement and provide the DNSSEC records for your assignment domain.
    • Provide the administrator for your top domain (The one on your host) with a copy of the DS key for your assignment domain. If you have not already done so, include the glue record as well.
    • Configure a DNSSEC Trust Anchor so that your co-nfs server considers your top-domain server (the one with the <yourname>.ops zone) to already be authenticated.

Supporting Services

You need the following services and network infrastructure to support your Internet Email System (some of which should have been configured in assignment 1):

  • Pri-dns must be the primary DNS name server for your assignment domain with the proper MX record(s), SPF record(s), A record(s), and PTR record(s). It must be queriable by any machine.
    • Provide the administrator of the <yourname>.ops domain with glue records for your domain.
  • Co-nfs must be a caching DNS server, accessible to machines in your networks, that will forward traffic to the server for the <yourname>.ops domain (your host), then to your rns-ldap.
  • Rns-ldap must be a forwarding server only.
    • It must only be queriable by your co-nfs.
    • It must have a copy of the root-hints zone.


Evaluation

Script

I will post a script to blackboard that will capture your configuration and logs. You will run this script on your machines and upload the output to blackboard.

If you have any questions or need any clarification, please email your instructor at least one week before the posted due date.