FOCUS: Basic Mail (Postfix) Setup
This lab will show you how to set up a Postfix email server using a Fedora 13 installed PC.
You will need at least two systems to do this lab. The first could be Fedora on your removable hard drive while the second could be a virtual machine.
PART A - Prerequisites
Your hard drive should have Fedora 13, 64 bit Live edition already installed.
You should have at least one VM installed: also Fedora 13, 64 bit Live edition.
Both your host and guest should have default firewalls enabled.
Both your host and guest should have SELinux enabled.
Both host and guest should have all software updated. [ yum update ]
Ensure the clocks on both machines are set to the correct date and time.
PART B - Testing your network
Start Firefox on your host and authenticate yourself on Sene2net with your LEARN account.
Ensure you can surf the web on your host machine.
Start Firefox on your guest.
Ensure you can surf the web on your guest. NOTE: you should not have to authenticate yourself on the guest.
PART C - Testing email to the outside world using mailx and sendmail
Sendmail is installed and running by default on Fedora 13 so there is no need to install it.Install mailx on both the host and the guest. [ yum install mailx ]Test email from the host by sending an email to your LEARN account. [ mail -s "PART C3" xxxxxx@learn.senecac.on.ca ]Note: xxxxxx is your LEARN ID.Note: after you type in your letter, enter a period in the first column on the last line and hit the ENTER key.Check your LEARN email to see if you got the email. If you did make a note of the return address.Test email from the host by sending an email to your LEARN account. [ mail -s "PART C4" -r hacker@evil.com xxxxxx@learn.senecac.on.ca ]Note: xxxxxx is your LEARN ID.Note: after you type in your letter, enter a period in the first column on the last line and hit the ENTER key.Check your LEARN email to see if you got the email. If you did make a note of the return address.Repeat steps 3 and 4 on the guest machine.PART D - Install and configure PostfixOn both machines do the following:Stop sendmail. [ service sendmail stop ]Install Postfix - yum install postfixEdit the Postfix configuration file, /etc/postfix/main.cf, and change the following lines:mydomain = example.orgmyorigin = $mydomaininet_interfaces = allmynetworks = 127.0.0.0/8, 192.168.122.0/24relay_domains =Start Postfix [ service postfix start ] on both host and guest machinesPART E - Testing email using IP Addresses
OPEN SERVER ADMINISTRATIONIf you have problems with the following you may have to set SELinux to permissive mode and/or adjust your firewall to allow traffic to/from port 25.Try sending an email from your guest to your host. [ mail -s "PART E2" yyyyyy@[192.168.122.1] ]Note: yyyyyy is your host IDNote: the square brackets around the host IP addressTry sending an email from your host to your guest. [ mail -s "PART E3" zzzzzz@[192.168.122.ZZZ] ]Note: zzzzzz is your guest IDNote: ZZZ is your guest IP addressPART F - Set up a DNS server
Refer to Lab #033 and set up a DNS server on your host.Set your host name to f13.Set your guest name to vm01.Set your domain name to example.org.Test your DNS on both host and guest to ensure it works properly.PART F - Test email using host namesNow try sending mail to yourself on both machines. For example, as joker on f13, use the command:
FOCUS: Domain Name System$ mail joker@f13In this lab you the machine will configure prompt for a Linux host to be a DNS server for subject: enter "testing" without the quotes.Now enter the rest body of the machines in your intranetletter. YouWhen you'll use examplere done, enter a period (.org as your domain with IP addresses ) in column 1 on the range 192last line of your letter.168.X.1 This will signal end-of- 192.168.X.254. The server file and your letter will handle all queries for names in the examplebe mailed.org domain and all reverse lookups for addresses in You should end up back at the given range of local IP numbers$ prompt. The server will pass DNS queries for other names and addresses out If you mess up use CTRL-C to cancel the Internet (i.e. to Seneca's DNS server)email, DO NOT USE CTRL-Z.
You're going to populate your server with Use the following records: Fully Qualified Domain NameIP Address f13.example.org192.168.X.1 vm01.example.org192.168.X.2 vm02.example.org192.168.X.3 vm03.example.org192.168.X.4 NOTE: For those of mailq command (you using Fedora 13 installed on one removable HD and used as a host for one or more guest VMs, X will default to 122. You need at least two machines to do this lab (one host and one guestbe root). The first will be set up as your gateway/firewall and DNS server. The others will be client hosts inside the intranet. Here's what your network will look like:Part A: Perform these steps on your gateway/firewall/DNS machine.Start up your Fedora 13 PC, login as joker, open a terminal window and "su -" to root. This PC will be f13. It will be your gateway/firewall as well as view the domain name server for your intranetmail queue.Ensure you are connected to the Internet. Use firefox to authenticate yourself so you can surf the web outside of the Seneca domain.Use yum mail command to update your system check if necessaryyou have mail.yum update Use yum to install the DNS server. yum install bind Also start PART G - Test your ssh server. service sshd start Set configuration and view your hostname to f13. hostname f13logsSet Restart your domainname to example.orgpostfix servers on both machines. domainname example.org Edit the file /etc/named.conf and enter the following: But use Check your own X value where applicable. If no file exists, create one. If one is already there, delete it and make a new one. options { directory "/var/liblog/named"; auth-nxdomain no; forwarders { 142.204.1.2; 142.204.43.43;};}; zone "localhost" { type master; messages file "localhost.zone";}; zone "X.168.192.in-addr.arpa" { type master; file "mydb-for-192-168-X";}; zone "example.org" { type master; file "mydb-for-example-dot-org";}; Make a new directory called 'named', like this mkdir /var/lib/named Now edit /var/lib/named/localhost.zone and enter the following: $TTL 604800@ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ); Negative Cache TTL;@ IN NS localhost.@ IN A 127.0.0.1 Now edit /var/lib/named/mydb-for-example-dot-org and enter the following: But use to see that your own X value where applicablepostfix servers started without error. $TTL 604800@ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ); Negative Cache TTL;@ IN NS localhost.f13 IN A 192.168.X.1vm01 IN A 192.168.X.2vm02 IN A 192.168.X.3vm03 IN A 192.168.X.4 Next, edit /var/lib/named/mydb-for-192-168-X Send some emails from both guest and enter the following: $TTL 604800@ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ); Negative Cache TTL;@ IN NS localhost.1 IN PTR f13.example.org2 IN PTR vm01.example.org3 IN PTR vm02.example.org4 IN PTR vm03.example.org Now set up your resolver to point host to itself. Edit /etc/resolv.conf, delete what's there each other and enter this data instead. Remember to use your value for X. nameserver 192.168.X.1domain examplethe outside world.org Start your DNS server with the commandservice named start Check that your name server is running ps ax | grep named or service named status When starting or restarting your name server view the log file (/var/log/messages) maillog file to ensure it started without error. Try a few lookups: host f13.example.org host vm01.example.org host vm02.example.org host vm03.example.org host cbc.ca Now try a few reverse lookups: host 192.168.X.1 host 192.168.X.2 host 192.168.X.3 host 192.168.X.4 Part B: Perform these steps on see that your Intranet machineemail messages were sent correctly.Use virtPART H -manager on Fedora 13 to install at least one VM called vm01. Feel free to install several more if you have time. Make sure Learning the host name is set to vm01 and the domain is example.org. You may use vm01 from the previous lab if you wish.mail commandOn this machine edit Read the /etc/resolv.conf file mail manual page and enter the following: nameserver 192.168.X.1domain example.org Now try the commands host f13.example.org host vm01.example.org host vm02.example.org host vm03.example.org host yahoo.ca And the commands host 192.168.X.1 host 192.168.X.2 host 192.168.X.3 host 192.168.X.4 Now, still on the second machine, try surfing the web with Firefox. NOTE: you should not need to authenticate yourself through SeneNet on this machine. Finally, on all machines in your network, experiment with the following commands. Be sure to use several different command options to learn and understand how they workit works. hostdignslookupPart C: Now answer PART I - Answer the following questionsand and email them to your teacher in ASCII text format. What is your full name and nine 9-digit Seneca student ID?Use iptables-save command to show the rules relating to DNS. Only show these rules.Show the log messages generated when starting Include a copy of your DNS servermain.What is a zone cf file on vm01 (your guest) with this lab - but delete all commented and what is it used for?Name the zone files used in blank lines first - like this lab.[ cat /etc/postfix/main.cf | grep -v ^# | awk 'NF > 0 {print $0}'What is the purpose output of /etc/nsswitch.confthe iptables-save command on both your host and guest machines?What is firewall rule or rules, if any, did you have to enter on the purpose of guest and/etcor host so that email to/resolv.conf?Under what circumstances does DNS use TCP vs UDPfrom each other would work?What is meant by the term "negative cache"meaning of the square brackets surrounding the IP address in PART E?Name 5 top level domainsWhat were your results to PART G? Show log segments to verify your answers.
