Pages

Saturday 25 November 2017

Configure local postfix service on centos 6

HOW TO INSTALL POSTFIX SERVER

Postfix is an MTA (Mail Transfer Agent), an application used to send and receive email. In this Post, we will install and configure Postfix service with Bind (named). so that it can be used to send emails by local applications only – that is, those installed on the same server that Postfix is installed on.
Prerequisites:
      1. DNS server with MX (mail exchanger) record local mail server
      2. Install Postfix rpm
1. Install DNS server with MX record (basic configure).
Service Network Manager stop disabled at boot time and change hostname
[root@server ~]# service NetworkManager stop
NetworkManager stop                                    [ OK ]
[root@server ~]# chkconfig NetworkManager off
[root@server ~]# hostname server.zmailtech.com
[root@server ~]# vim /etc/sysconfig/network
[root@server ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=server.zmailtech.com
[root@server ~]#
configure static IP address on system and restart network service

[root@server ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=52:54:00:41:9B:2B
TYPE=Ethernet
UUID=05e61a10-5a27-49f4-836a-9652d71e6e05
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.22
NETMAKS=255.255.255.0
DNS=192.168.1.22
GATEWAY=192.168.1.20
[root@server ~]#

[root@server ~]# service network restart
Shutting down interface eth0:                         [ OK ]
Shutting down loopback interface:                     [ OK ]
Bringing up loopback interface:                       [ OK ]
Bringing up interface eth0:                           [ OK ]
[root@server ~]#

Firewall should be shutdown and disables at runtime
[root@server ~]# service iptables stop
iptables: Setting chains to policy ACCEPT: filter     [ OK ]
iptables: Flushing firewall rules:                    [ OK ]
iptables: Unloading modules:                          [ OK ]
[root@server ~]# chkconfig iptables off
[root@server ~]#
Disabled SElinux

[root@server ~]# vim /etc/selinux/config
[root@server ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@server ~]#

now install bind service (named service)
[root@server ~]# yum -y install bind bind-utils

-- output omitted.


Service named Restart and enabled on reboot
[root@server ~]# service named restart
Stopping named: .                               [ OK ]
Generating /etc/rndc.key                        [ OK ]
Starting named:                                 [ OK ]
[root@server ~]#
[root@server ~]# chkconfig named on
now configure named service conf file locate at /var/named/chroot/etc/named.conf file
[root@server ~]# vim /var/named/chroot/etc/named.conf
[root@server ~]# cat /var/named/chroot/etc/named.conf
//

// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 192.168.1.22; };
        listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
                  statistics-file "/var/named/data/named_stats.txt";
                  memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query { localhost; any; };
        forwarders { 8.8.8.8; };
        recursion yes;

     // dnssec-enable yes;
     // dnssec-validation yes;
     // dnssec-lookaside auto;

     /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

        logging {
        channel default_debug {
        file "data/named.run";
        severity dynamic;
        };
};

zone "." IN {
      type hint;
      file "named.ca";
};

zone "zmailtech.com" IN {
      type master;
      file "zmailtech.com.for";
};

zone "1.168.192.in-addr.arpa" IN {
      type master;
      file "zmailtech.com.rev";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@server ~]#

now configure named service Forward and Reverse Zone with MX record.
[root@server ~]# cd /var/named/chroot/var/named
[root@server named]# ll
total 40
drwxr-x---. 6 root named 4096 Mar 20 16:13 chroot
drwxrwx---. 2 named named 4096 Jul 7 12:10 data
drwxrwx---. 2 named named 4096 Jul 7 11:36 dynamic
-rw-r-----. 1 root named 1892 Feb 18 2008 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 20 23:10 slaves
[root@server named]#

copy named.localhost as name of zmailtech.com.for (forward zone file name) make some change in that file
[root@server named]# cp named.localhost zmailtech.com.for
[root@server named]# vim zmailtech.com.for
[root@server named]# cat zmailtech.com.for
$TTL 1D
@ IN SOA zmailtech.com. root.zmailtech.com. (
                          2014032001 ; serial
                          1D   ; refresh
                          1H   ; retry
                          1W   ; expire
                          3H ) ; minimum
            IN      NS        zmailtech.com.
            IN      A         192.168.1.22
            IN      MX        4     mailserver.zmailtech.com.

server IN      A          192.168.1.22
mailserver IN  A          192.168.1.22
[root@server named]#
copy named.loopback as zmailtech.com.rev (Revers zone file name) make some change in that file
[root@server named]# cp named.loopback zmailtech.com.rev
[root@server named]# vim zmailtech.com.rev
[root@server named]# cat zmailtech.com.rev
$TTL 1D
@ IN SOA zmailtech.com. root.zmailtech.com. (
                          2014032001 ; serial
                          1D   ; refresh
                          1H   ; retry
                          1W   ; expire
                          3H ) ; minimum
           IN     NS       zmailtech.com.
           IN     A        192.168.1.22
22     IN     PTR      server.zmailtech.com.
22     IN     PTR      mailserver.zmailtech.com.
[root@server named]#

change Forward and Revers zone file group to named

[root@server named]# chgrp named zmailtech.com.*
[root@server named]# ll
total 40
drwxr-x---. 6 root named 4096 Mar 20 16:13 chroot
drwxrwx---. 2 named named 4096 Jul 7 12:10 data
drwxrwx---. 2 named named 4096 Jul 7 11:36 dynamic
-rw-r--r-- 1 root named 463 Jun 26 11:49 zmailtech.com.for
-rw-r--r-- 1 root named 320 Jun 26 11:49 zmailtech.com.rev
-rw-r-----. 1 root named 1892 Feb 18 2008 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 20 23:10 slaves
[root@server named]#
now restart named service

[root@server named]# cd /
[root@server /]# service named restart
Stopping named: .                                  [ OK ]
Starting named:                                    [ OK ]
[root@server /]#

make some change in /etc/resolv.conf and /etc/hosts file
[root@server /]# vim /etc/resolv.conf
[root@server /]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search zmailtech.com
nameserver 192.168.1.22
nameserver 8.8.8.8
[root@server /]#

[root@server /]# vim /etc/hosts
[root@server /]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.1.22 server.zmailtech.com server
[root@server /]#

make sure named service is configure properly.

[root@server /]# host -t mx zmailtech.com
zmailtech.com mail is handled by 4 mailserver.zmailtech.com.
[root@server /]# host -t ns zmailtech.com
zmailtech.com name server zmailtech.com.
[root@server /]# dig mailserver.zmailtech.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> mailserver.zmailtech.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3052
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;mailserver.zmailtech.com. IN A

;; ANSWER SECTION:
mailserver.zmailtech.com. 86400 IN A 192.168.1.22
;; AUTHORITY SECTION:
zmailtech.com. 86400 IN NS zmailtech.com.
;; ADDITIONAL SECTION:
zmailtech.com. 86400 IN A 192.168.1.22
;; Query time: 0 msec
;; SERVER: 192.168.0.200#53(192.168.1.22)
;; WHEN: Mon Jul 7 23:37:53 2014
;; MSG SIZE rcvd: 88 
[root@server /]#
 
How to install and configure postfix server make some change and restart postfix service
make backup this two file

[root@server /]# cp /etc/postfix/main.cf /etc/postfix/main.cf.org
[root@server /]# cp /etc/postfix/master.cf /etc/postfix/master.cf.org
[root@server /]# vim /etc/postfix/main.cf
[root@server /]# cat /etc/postfix/main.cf

.. change hostname
myhostname = mailserver.zmailtech.com
.. change domain name
mydomain = zmailtech.com
.. uncomment my origin
myorigin = $mydomain

.. change inet_interface
inet_interfaces = all

.. Enable IPv4
# Enable IPv4, and IPv6 if supported
#inet_protocols = all
inet_protocols = ipv4

.. Rejecting mail from unknown local users
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
.. Add mynetwork
mynetworks = 127.0.0.0/8, 192.168.1.0/24

Now Restart postfix service

[root@server /]# service postfix restart
Shutting down postfix:                              [ OK ]
Starting postfix:                                   [ OK ]
[root@server /]#

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)