932
edits
Changes
m
* Due Date: March 29th, 2019* Important: You must be in the Lab on March 29th, 2019 the due date to present your systems in order to have your assignment marked unless it is for medical reason.
# Optional: Configure a DNSSEC Trust Anchor so that your co-nfs server considers the .ops server to already be authenticated. I will provide the key necessary for this through blackboard. (Bonus item +10%)# Optional: Enable postfix restrictions to reject malformed or suspicious incoming mail (Bonus item - up to +10% depending on quality of configuration)<!-- # Optional: Implement dynamic firewall rules to block black-listed IP addresses of email spammer. (Bonus item +10%) -->
→Supporting Services
[[Category:OPS535]][[Category:rchan]][[Category:peter.callaghan]]
= Due Dates =
* This assignment worth 15% of your final grade.
=Specification=
== Basic Services ==
Setup an Internet email system for your assigned DNS Domain using the Virtual Machines in your Virtual Network. Your Internet email system must provide the following functions at the minimum:
* A SMTP email server (running postfix) that is capable of receiving and sending emails for users in your domain.
** Users in your domain must be able to send emails to users in the same domain and users in other students' domain domains in the class.** Users in your domain must be able to receive emails from other email users (both in your domain or and from other domains).
* An IMAP Access Agent (running dovecot) allowing users in your domain to remotely access their mail.
** Users in your domain must be able to access/manage their mail box using IMAP(s) clients or a web browser.* You email server must be configured to check the SPF (sender policy framework) of other domains for incoming email and reject email emails that are violating the sender policy.* Configure your DNS server to implement and provide the SPF protection for your assignment domain.* Configure your DNS server to implement and provide the DNSSEC records for your assignment domain.**Provide the administrator for your lab domain (that's you) with a copy of the DS key for your assignment domain. If you have not already done so, include the glue record as well.**Provide the administrator for the ops domain (your professor) with a copy of the DS key for your lab domain. If you have not already done so, include the glue record as well. This, combined with the step above will establish a chain of trust between your lab network, your assignment network and the rest of the ops domain.**Configure a DNSSEC Trust Anchor so that your co-nfs server considers the .ops server to already be authenticated. I will provide the key necessary for this through blackboard.
== Supporting Services ==
You need the following services and network infrastructure to support your Internet Email System (some of which should have been configured in assignment 1):
* A Pri-dns must be the primary DNS name server for your assignment domain with the proper MX record(s), SPF record(s), A record(s), and PTR record(s). It must be queriable by any machine.**Update Provide the administrator of the .ops domain (your professor) with glue records for your domain.* Co-nfs must be a caching DNS server info on , accessible to machines in your networks, that will forward traffic to the wiki site as well. URL of server for the wiki site: http://zenitops domain (172.senecac16.on0.ca/wiki/index1), then to your rns-ldap.php/Domainreg * Rns-ldap must be a forwarding server only. If you have trouble editing the wiki page, please send an email to **It must only be queriable by your professorco-nfs.**Provide the administrator It must have a copy of the .ops domain (your professor) with either glue records or a stub root-hints zone definition.
* Proper static network routes to and from other Email servers in the Lab.
<!--
== BONUS ==
# Optional: Use LDAP authentication to secure your web mail server or Access Agent. (Bonus item +10%)
= Evaluation =
